Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trjan ZBOT


  • This topic is locked This topic is locked
3 replies to this topic

#1 Brijens

Brijens

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 05 October 2015 - 10:10 AM

Hi Team,

 

I have an external hard drive of 1 TB space with all my important data in it. A couple of days back, I gave it to one of my friend to exchange some data, after which my drive got infected and 3 new hidden files and folders are created. They again come after some time whenever I delete them. The 3 hidden junks are:

1. Hidden folder named .Spotlight-V100 (with 451 MB space)

2. Hidden folder named .Trashes (with 0 bytes)

3. Hidden file named .Trashes (with 0 bytes)

I don't know how to clean my drive without losing my data. Kindly help.



BC AdBot (Login to Remove)

 


#2 Brijens

Brijens
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 06 October 2015 - 10:22 AM

Hi,

 

Let me give you a brief background to catch up the issue. I sent a post earlier and being a new member here, I didn't know on which forum to put my query. I had put my post in Security forum in 'Am I Infected'. There I posted my MBM log (run as per your forum's recommendation). I got the reply as I being infected with at least Trojan ZBOT. Also your suggestion was to go through Performance Guide and post a new topic in Virus, Trojans..forum. 

 

I followed your advice and have also run FRST on my computer. So here is my log sheet..

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by sony (administrator) on FC (06-10-2015 20:24:41)
Running from C:\Users\sony\Desktop
Loaded Profiles: sony (Available Profiles: sony)
Platform: Microsoft Windows 8.1 (X86) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\ProgramData\Idea Net Setter\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\ProgramData\ZTEMT UDisk Service\Bin\MonServiceUDisk.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\BSNL 3G Modem\LW273\Resource\driver\MCtlSuc.exe
(Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Sonic PDF Creator\3.0\itSONPrnDisp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Infraware) C:\Users\sony\AppData\Roaming\PolarisOfficeLink\POLink.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Infraware) C:\Users\sony\AppData\Roaming\PolarisOfficeLink\POLinkSync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\WISPTIS.EXE
(BitTorrent Inc.) C:\Users\sony\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\sony\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
(BitTorrent Inc.) C:\Users\sony\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Code Sector Inc.) C:\Program Files\TeraCopy\TeraCopy.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-30] (AVAST Software)
HKLM\...\Run: [S307B] => C:\Program Files\BSNL 3G Modem\LW273\Resource\driver\MctlSuc.exe [113664 2011-09-15] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-03-26] (Tonec Inc.)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [uTorrent] => C:\Users\sony\AppData\Roaming\uTorrent\uTorrent.exe [1821536 2015-10-05] (BitTorrent Inc.)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-04] (Google Inc.)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [Polaris Office Sync] => C:\Users\sony\AppData\Roaming\PolarisOfficeLink\POLinkLauncher.exe [805112 2015-08-30] (Infraware)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2015-08-02] (WordWeb Software)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\MountPoints2: {d0647fcc-fbbb-11e3-b009-c44619b37094} - "H:\.\setup.exe" 
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [10240 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-30] (AVAST Software)
ShellIconOverlayIdentifiers: [0POLinkIconDone] -> {4931EE43-90CB-4D46-A50F-474D7C5D97BE} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1POLinkIconFailed] -> {828F1FF1-021C-4EC0-A4F8-B1BFF6390DD3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [2POLinkIconIng] -> {8AE3CBEA-8E21-4883-BFD0-925F5513F190} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [3POLinkIconProhibited] -> {DED0F1AF-0505-4FB7-83AA-C2E51FA0721F} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2012-11-16] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-09-09]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk [2014-03-25]
Startup: C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-03-25]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 202.88.149.25 202.88.149.6
Tcpip\..\Interfaces\{B7BCECB2-E2CC-42B6-92A5-43B8578BCBBA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CA16C5FD-6107-4061-AE5E-2BD11D2AD39B}: [DhcpNameServer] 202.88.149.25 202.88.149.6
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.in.msn.com/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2014-02-03] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-30] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-30] (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3982043237-1895342364-2888862755-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-05] (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-07-24] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-01-08]
FF Extension: GoPhotoIt - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF Extension: Torntv 3 - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-03]
FF HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2015-10-04]
FF HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\sony\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\sony\AppData\Roaming\IDM\idmmzcc5 [2014-03-26]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03]
CHR Extension: (eRail.in) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (YouTube) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03]
CHR Extension: (Google Search) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03]
CHR Extension: (Enable Right Click) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjhdaiolbgldmmfggnlbmjcifkmhohi [2013-09-04]
CHR Extension: (Google Docs Offline) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-15]
CHR Extension: (AdBlock) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-04]
CHR Extension: (Avast Online Security) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-04]
CHR Extension: (Allow Right-Click) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-09-04]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2013-09-04]
CHR Extension: (IDM Integration Module) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-12-16]
CHR Extension: (FLV Video Downloader) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgbngepgkjeffdkkpnblnlogfjehbjn [2014-07-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (FVD Video Downloader) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-09-08]
CHR Extension: (IRCTCLogin.net) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfpekjmadbficjflajjckfegbiphboc [2014-07-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-26]
CHR Extension: (Enable Copy) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnganadkecefnhncokdlaohlkneihio [2013-09-04]
CHR Extension: (Ashish Mishra) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2013-09-04]
CHR Extension: (Video downloader) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlenniinblnemaeneglhgicafiahoibg [2014-07-28]
CHR Extension: (Simply Block Ads!) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2013-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.nationzoom.com/?type=sc&ts=1386267734&from=ild&uid=TOSHIBAXMQ01ABD050_63D2PTMXTXX63D2PTMXT
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1678040 2013-08-09] (Broadcom Corporation.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-12-06] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1879640 2015-09-11] (Microsoft Corporation)
S2 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2013-08-25] (Ryan Conrad) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-23] (Foxit Software Inc.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Idea Net Setter. RunOuc; C:\Program Files\Idea Net Setter\UpdateDog\ouc.exe [650240 2012-03-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [118272 2012-08-06] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software)
R2 UDisk Monitor Tata; C:\ProgramData\ZTEMT UDisk Service\bin\MonServiceUDisk.exe [544768 2013-03-12] () [File not signed]
R3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [54760 2012-10-12] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-30] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-30] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-30] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2014-11-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-30] ()
R3 athr; C:\WINDOWS\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [174936 2013-08-09] (Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-08-09] (Broadcom Corporation.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [242240 2014-04-03] (DT Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [15360 2015-04-25] (Microsoft Corporation)
R2 VBoxDrv; C:\Program Files\YouWave Android\vb\VBoxDrv.sys [135680 2011-07-15] (Oracle Corporation) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\system32\DRIVERS\ykinx86.sys [242688 2013-06-18] (Marvell)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 20:24 - 2015-10-06 20:26 - 00024889 _____ C:\Users\sony\Desktop\FRST.txt
2015-10-06 20:24 - 2015-10-06 20:24 - 00000000 ____D C:\FRST
2015-10-06 20:22 - 2015-10-06 20:22 - 01697792 _____ (Farbar) C:\Users\sony\Desktop\FRST.exe
2015-10-06 08:53 - 2015-10-06 20:24 - 00000000 ____D C:\Users\sony\Downloads\Microsoft Windows 10 Home and Pro x64 Clean ISO
2015-10-06 08:42 - 2015-10-06 08:42 - 00002545 _____ C:\Users\sony\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-10-06 08:42 - 2015-10-06 08:42 - 00000000 ____D C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-10-06 08:42 - 2015-10-06 08:42 - 00000000 ____D C:\Users\sony\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-10-05 22:25 - 2015-10-05 22:25 - 00058002 _____ C:\WINDOWS\system32\CCCInstall_201510052225448435.log
2015-10-05 21:55 - 2015-10-05 21:55 - 00000000 ____D C:\Users\sony\AppData\Roaming\Curiolab
2015-10-05 21:51 - 2015-10-05 22:00 - 00000000 ____D C:\Program Files\Exterminate It!
2015-10-05 21:51 - 2015-10-05 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2015-10-05 21:37 - 2015-10-05 21:37 - 00000000 ____D C:\Users\sony\AppData\LocalLow\uTorrent
2015-10-04 23:46 - 2015-10-06 19:23 - 00000013 _____ C:\Users\sony\AppData\Roaming\mbam.context.scan
2015-10-04 22:54 - 2015-10-06 20:13 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 22:54 - 2015-10-04 22:54 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-04 22:54 - 2015-10-04 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-04 22:54 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-04 22:54 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-04 22:50 - 2015-10-04 22:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-04 22:36 - 2015-10-04 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-10-04 22:36 - 2015-10-04 22:36 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2015-10-04 14:28 - 2015-10-04 14:28 - 00001910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordWeb.lnk
2015-10-04 14:28 - 2015-10-04 14:28 - 00000000 ____D C:\Program Files\WordWeb
2015-10-04 14:28 - 2015-08-02 16:32 - 02940032 ____N (WordWeb Software) C:\WINDOWS\wweb32.dll
2015-10-04 00:26 - 2015-10-04 01:49 - 447472217 _____ C:\Users\sony\Downloads\Microsoft_Office_Proffesional_Plus_2010.iso
2015-09-18 19:01 - 2015-09-15 06:48 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-18 19:01 - 2015-09-15 06:48 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-17 01:04 - 2015-07-30 19:18 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 23:36 - 2015-07-14 09:02 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-16 23:36 - 2015-07-14 00:31 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-16 23:31 - 2015-09-02 07:43 - 00035840 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-16 23:31 - 2015-08-22 22:52 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-16 23:31 - 2015-08-22 22:25 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-16 23:31 - 2015-08-22 22:20 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-16 23:31 - 2015-08-22 22:15 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-16 23:31 - 2015-08-22 21:58 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-16 23:31 - 2015-08-22 21:53 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-16 23:31 - 2015-08-22 21:52 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-16 23:31 - 2015-08-22 21:50 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-16 23:31 - 2015-08-22 21:48 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-16 23:31 - 2015-08-22 21:48 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-16 23:31 - 2015-08-22 21:48 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-16 23:31 - 2015-08-22 21:48 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-16 23:31 - 2015-08-22 21:30 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-16 23:31 - 2015-08-22 21:26 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-16 23:31 - 2015-08-22 21:25 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-16 23:31 - 2015-08-01 09:15 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-16 23:31 - 2015-08-01 09:08 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-16 23:31 - 2015-08-01 09:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-16 23:31 - 2015-07-22 19:55 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-16 23:31 - 2015-07-22 19:55 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-16 23:31 - 2015-07-18 23:59 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-16 23:31 - 2015-07-18 23:57 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-16 23:30 - 2015-09-03 07:47 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-16 23:30 - 2015-09-02 22:39 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-16 23:30 - 2015-09-02 07:47 - 03523584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-16 23:30 - 2015-09-02 07:47 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-16 23:30 - 2015-08-27 08:23 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-16 23:30 - 2015-08-26 23:37 - 03066368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-16 23:30 - 2015-08-26 23:31 - 02173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-16 23:30 - 2015-08-04 02:45 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-16 23:30 - 2015-08-01 19:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-16 23:30 - 2015-07-30 21:52 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-16 23:30 - 2015-07-22 19:45 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-16 23:30 - 2015-07-22 19:20 - 01172992 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-16 23:30 - 2015-07-17 19:40 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-16 23:30 - 2015-07-10 23:17 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-16 23:30 - 2015-07-09 21:20 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-16 23:30 - 2015-07-04 03:26 - 01132648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-16 23:30 - 2015-06-27 17:23 - 00108888 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-16 23:30 - 2015-06-19 22:33 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-15 20:41 - 2015-07-29 19:53 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-15 20:41 - 2015-07-29 19:50 - 01088000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-15 20:41 - 2015-07-29 04:58 - 00024240 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-09-15 20:41 - 2015-07-28 19:56 - 00952320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-15 20:41 - 2015-07-16 06:04 - 01469456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-15 20:41 - 2015-07-16 06:03 - 05767000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-15 20:41 - 2015-07-16 06:03 - 00082776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-15 20:41 - 2015-07-10 22:23 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-15 20:41 - 2015-06-26 19:07 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-09-15 20:41 - 2015-05-11 21:57 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-09-15 20:41 - 2015-05-03 20:28 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-15 20:41 - 2015-05-03 20:19 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-09-15 20:41 - 2015-04-30 04:51 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-09-15 20:40 - 2015-07-02 03:07 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-09-15 20:40 - 2015-07-02 03:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-09-15 20:40 - 2015-04-28 18:43 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-09-15 20:39 - 2015-07-15 03:34 - 00869720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-15 20:39 - 2015-07-15 03:29 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-09-15 20:39 - 2015-07-09 22:00 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-15 20:39 - 2015-07-09 22:00 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-15 20:39 - 2015-06-27 08:38 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-09-15 20:39 - 2015-06-27 07:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-09-15 20:39 - 2015-06-27 07:44 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-09-15 20:39 - 2015-06-16 11:06 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-09-15 20:39 - 2015-06-12 22:06 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-15 20:39 - 2015-06-12 00:56 - 01853272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-15 20:39 - 2015-04-23 20:46 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-15 20:39 - 2014-11-10 23:17 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-15 20:38 - 2015-07-10 22:44 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-09-15 20:38 - 2015-07-10 22:01 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-09-15 20:38 - 2015-07-07 15:15 - 00233304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-09-15 20:38 - 2015-07-07 15:15 - 00084824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-09-15 20:38 - 2015-07-07 15:15 - 00038928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-09-15 20:38 - 2015-05-12 18:48 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-09-15 20:38 - 2015-05-07 22:23 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-15 20:38 - 2015-05-07 21:42 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-15 20:38 - 2015-05-07 20:35 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-09-15 20:38 - 2015-05-03 20:27 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-09-15 20:38 - 2014-11-05 00:52 - 00045888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-09-15 20:38 - 2014-11-05 00:52 - 00041792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00022528 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00019968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-09-15 20:37 - 2015-07-17 01:20 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-09-15 20:37 - 2015-07-17 01:11 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-09-15 20:37 - 2015-07-17 00:22 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-15 20:37 - 2015-07-14 00:57 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-09-15 20:37 - 2015-07-14 00:57 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-09-15 20:37 - 2015-06-16 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-15 20:37 - 2015-06-16 02:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-09-15 20:37 - 2015-06-16 02:39 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-15 20:37 - 2015-06-16 02:17 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-09-15 20:37 - 2015-06-16 02:14 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-09-15 20:37 - 2015-06-16 02:13 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-09-15 20:37 - 2015-06-16 02:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-09-15 20:37 - 2015-06-16 02:11 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-09-15 20:37 - 2015-05-31 00:54 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-15 20:37 - 2015-05-31 00:54 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-15 20:37 - 2015-04-25 07:55 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb80236.sys
2015-09-15 20:37 - 2015-04-25 07:55 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-09-15 20:37 - 2015-04-23 21:47 - 00030720 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2015-09-15 20:36 - 2015-06-28 10:42 - 00851704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-15 20:36 - 2015-06-28 10:42 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-09-15 20:36 - 2015-06-28 10:36 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-09-15 20:36 - 2015-06-27 07:48 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-09-15 20:36 - 2015-06-27 07:47 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-09-15 20:36 - 2015-06-27 07:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-09-15 20:36 - 2015-06-27 06:57 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-15 20:36 - 2015-06-27 06:56 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-09-15 20:36 - 2015-05-11 23:06 - 01014272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 20:26 - 2013-08-31 22:35 - 00000000 ____D C:\Users\sony\AppData\Roaming\uTorrent
2015-10-06 20:23 - 2013-09-03 19:46 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 19:54 - 2013-09-13 22:02 - 00000342 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-10-06 19:32 - 2014-12-06 16:59 - 01530786 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-06 19:30 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-06 19:23 - 2013-09-03 19:46 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 19:19 - 2013-09-02 11:43 - 00000000 ____D C:\Users\sony\AppData\Roaming\vlc
2015-10-06 19:13 - 2013-08-22 12:53 - 00310849 _____ C:\WINDOWS\setupact.log
2015-10-06 18:38 - 2014-09-10 20:42 - 00000000 ____D C:\Users\sony\AppData\Roaming\PolarisOfficeLink
2015-10-06 18:02 - 2015-01-05 22:09 - 00217088 ___SH C:\Users\sony\Documents\Thumbs.db
2015-10-06 08:35 - 2014-12-26 11:45 - 01062912 ___SH C:\Users\sony\Downloads\Thumbs.db
2015-10-06 04:37 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-05 22:48 - 2012-07-26 12:13 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-05 22:46 - 2015-04-04 10:56 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-05 22:29 - 2013-08-28 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-05 22:22 - 2015-03-04 12:59 - 00000000 ____D C:\Program Files\Britannica Manorama
2015-10-05 20:07 - 2014-12-07 00:57 - 01821184 ___SH C:\Users\sony\Desktop\Thumbs.db
2015-10-05 19:44 - 2014-09-24 08:23 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-04 23:41 - 2013-08-22 12:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-04 23:40 - 2014-09-24 00:10 - 00047898 _____ C:\WINDOWS\PFRO.log
2015-10-04 23:40 - 2013-08-22 11:43 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-04 23:40 - 2012-07-26 12:23 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-04 23:39 - 2014-03-13 14:33 - 00000000 ____D C:\Temp
2015-10-04 23:39 - 2014-03-05 12:15 - 00000000 ____D C:\Program Files\FLV Player
2015-10-04 23:39 - 2013-09-17 13:43 - 00000000 ____D C:\ProgramData\APN
2015-10-04 22:52 - 2013-12-12 18:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-04 22:49 - 2013-09-22 13:10 - 00000000 ____D C:\Users\sony\Downloads\Compressed
2015-10-04 17:50 - 2013-09-22 13:10 - 00000000 ____D C:\Users\sony\AppData\Roaming\DMCache
2015-10-04 17:20 - 2013-09-03 19:46 - 00000000 ____D C:\Users\sony\AppData\Local\Google
2015-10-02 11:50 - 2013-08-28 23:12 - 00000000 ____D C:\Users\sony\AppData\Roaming\iolo
2015-10-02 11:50 - 2013-08-28 23:12 - 00000000 ____D C:\ProgramData\iolo
2015-09-29 23:26 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\rescache
2015-09-29 19:46 - 2015-02-05 14:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-29 18:55 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-18 18:59 - 2013-08-22 12:52 - 00542992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-18 18:58 - 2013-09-01 19:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-17 08:53 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\WinStore
2015-09-17 08:53 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-17 01:05 - 2013-08-23 23:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-17 01:04 - 2013-08-25 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-17 00:49 - 2013-09-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-17 00:42 - 2014-12-26 21:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-17 00:42 - 2014-09-24 09:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-09-17 00:41 - 2014-09-24 08:01 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-16 23:48 - 2013-09-22 13:10 - 00000000 ____D C:\Users\sony\Downloads\Video
2015-09-16 23:19 - 2015-02-05 21:24 - 00000000 ___RD C:\Users\sony\OneDrive
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\WINDOWS\ToastData
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ____D C:\Program Files\Windows Defender
 
==================== Files in the root of some directories =======
 
2015-10-04 23:46 - 2015-10-06 19:23 - 0000013 _____ () C:\Users\sony\AppData\Roaming\mbam.context.scan
2014-03-05 12:16 - 2014-03-05 12:16 - 0000045 _____ () C:\Users\sony\AppData\Roaming\WB.CFG
2013-09-24 20:59 - 2013-09-24 20:59 - 0007610 _____ () C:\Users\sony\AppData\Local\Resmon.ResmonCfg
2013-11-19 20:38 - 2013-11-19 20:38 - 1048576 _____ () C:\Users\sony\AppData\Local\SLSTPSUSR.DAT
2013-09-02 18:39 - 2013-09-02 18:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-19 20:38 - 2013-11-19 20:38 - 1048576 _____ () C:\ProgramData\SLSTPSMCN.DAT
 
Some files in TEMP:
====================
C:\Users\sony\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\sony\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\sony\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-05 22:45
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by sony (administrator) on FC (06-10-2015 20:24:41)
Running from C:\Users\sony\Desktop
Loaded Profiles: sony (Available Profiles: sony)
Platform: Microsoft Windows 8.1 (X86) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\ProgramData\Idea Net Setter\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\ProgramData\ZTEMT UDisk Service\Bin\MonServiceUDisk.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\BSNL 3G Modem\LW273\Resource\driver\MCtlSuc.exe
(Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Sonic PDF Creator\3.0\itSONPrnDisp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Infraware) C:\Users\sony\AppData\Roaming\PolarisOfficeLink\POLink.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Infraware) C:\Users\sony\AppData\Roaming\PolarisOfficeLink\POLinkSync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\WISPTIS.EXE
(BitTorrent Inc.) C:\Users\sony\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\sony\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
(BitTorrent Inc.) C:\Users\sony\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Code Sector Inc.) C:\Program Files\TeraCopy\TeraCopy.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-30] (AVAST Software)
HKLM\...\Run: [S307B] => C:\Program Files\BSNL 3G Modem\LW273\Resource\driver\MctlSuc.exe [113664 2011-09-15] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-03-26] (Tonec Inc.)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [uTorrent] => C:\Users\sony\AppData\Roaming\uTorrent\uTorrent.exe [1821536 2015-10-05] (BitTorrent Inc.)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-04] (Google Inc.)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [Polaris Office Sync] => C:\Users\sony\AppData\Roaming\PolarisOfficeLink\POLinkLauncher.exe [805112 2015-08-30] (Infraware)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2015-08-02] (WordWeb Software)
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\MountPoints2: {d0647fcc-fbbb-11e3-b009-c44619b37094} - "H:\.\setup.exe" 
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [10240 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-30] (AVAST Software)
ShellIconOverlayIdentifiers: [0POLinkIconDone] -> {4931EE43-90CB-4D46-A50F-474D7C5D97BE} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1POLinkIconFailed] -> {828F1FF1-021C-4EC0-A4F8-B1BFF6390DD3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [2POLinkIconIng] -> {8AE3CBEA-8E21-4883-BFD0-925F5513F190} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [3POLinkIconProhibited] -> {DED0F1AF-0505-4FB7-83AA-C2E51FA0721F} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2012-11-16] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-09-09]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk [2014-03-25]
Startup: C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-03-25]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 202.88.149.25 202.88.149.6
Tcpip\..\Interfaces\{B7BCECB2-E2CC-42B6-92A5-43B8578BCBBA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CA16C5FD-6107-4061-AE5E-2BD11D2AD39B}: [DhcpNameServer] 202.88.149.25 202.88.149.6
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.in.msn.com/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2014-02-03] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-30] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-30] (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3982043237-1895342364-2888862755-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-05] (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-07-24] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-01-08]
FF Extension: GoPhotoIt - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF Extension: Torntv 3 - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-03]
FF HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2015-10-04]
FF HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\sony\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\sony\AppData\Roaming\IDM\idmmzcc5 [2014-03-26]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03]
CHR Extension: (eRail.in) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (YouTube) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03]
CHR Extension: (Google Search) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03]
CHR Extension: (Enable Right Click) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjhdaiolbgldmmfggnlbmjcifkmhohi [2013-09-04]
CHR Extension: (Google Docs Offline) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-15]
CHR Extension: (AdBlock) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-04]
CHR Extension: (Avast Online Security) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-04]
CHR Extension: (Allow Right-Click) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-09-04]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2013-09-04]
CHR Extension: (IDM Integration Module) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-12-16]
CHR Extension: (FLV Video Downloader) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgbngepgkjeffdkkpnblnlogfjehbjn [2014-07-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (FVD Video Downloader) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-09-08]
CHR Extension: (IRCTCLogin.net) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfpekjmadbficjflajjckfegbiphboc [2014-07-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-26]
CHR Extension: (Enable Copy) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnganadkecefnhncokdlaohlkneihio [2013-09-04]
CHR Extension: (Ashish Mishra) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2013-09-04]
CHR Extension: (Video downloader) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlenniinblnemaeneglhgicafiahoibg [2014-07-28]
CHR Extension: (Simply Block Ads!) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2013-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKU\S-1-5-21-3982043237-1895342364-2888862755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.nationzoom.com/?type=sc&ts=1386267734&from=ild&uid=TOSHIBAXMQ01ABD050_63D2PTMXTXX63D2PTMXT
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1678040 2013-08-09] (Broadcom Corporation.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-12-06] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1879640 2015-09-11] (Microsoft Corporation)
S2 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2013-08-25] (Ryan Conrad) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-23] (Foxit Software Inc.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Idea Net Setter. RunOuc; C:\Program Files\Idea Net Setter\UpdateDog\ouc.exe [650240 2012-03-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [118272 2012-08-06] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software)
R2 UDisk Monitor Tata; C:\ProgramData\ZTEMT UDisk Service\bin\MonServiceUDisk.exe [544768 2013-03-12] () [File not signed]
R3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [54760 2012-10-12] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-30] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-30] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-30] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2014-11-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-30] ()
R3 athr; C:\WINDOWS\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [174936 2013-08-09] (Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-08-09] (Broadcom Corporation.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [242240 2014-04-03] (DT Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [15360 2015-04-25] (Microsoft Corporation)
R2 VBoxDrv; C:\Program Files\YouWave Android\vb\VBoxDrv.sys [135680 2011-07-15] (Oracle Corporation) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\system32\DRIVERS\ykinx86.sys [242688 2013-06-18] (Marvell)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 20:24 - 2015-10-06 20:26 - 00024889 _____ C:\Users\sony\Desktop\FRST.txt
2015-10-06 20:24 - 2015-10-06 20:24 - 00000000 ____D C:\FRST
2015-10-06 20:22 - 2015-10-06 20:22 - 01697792 _____ (Farbar) C:\Users\sony\Desktop\FRST.exe
2015-10-06 08:53 - 2015-10-06 20:24 - 00000000 ____D C:\Users\sony\Downloads\Microsoft Windows 10 Home and Pro x64 Clean ISO
2015-10-06 08:42 - 2015-10-06 08:42 - 00002545 _____ C:\Users\sony\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-10-06 08:42 - 2015-10-06 08:42 - 00000000 ____D C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-10-06 08:42 - 2015-10-06 08:42 - 00000000 ____D C:\Users\sony\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-10-05 22:25 - 2015-10-05 22:25 - 00058002 _____ C:\WINDOWS\system32\CCCInstall_201510052225448435.log
2015-10-05 21:55 - 2015-10-05 21:55 - 00000000 ____D C:\Users\sony\AppData\Roaming\Curiolab
2015-10-05 21:51 - 2015-10-05 22:00 - 00000000 ____D C:\Program Files\Exterminate It!
2015-10-05 21:51 - 2015-10-05 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2015-10-05 21:37 - 2015-10-05 21:37 - 00000000 ____D C:\Users\sony\AppData\LocalLow\uTorrent
2015-10-04 23:46 - 2015-10-06 19:23 - 00000013 _____ C:\Users\sony\AppData\Roaming\mbam.context.scan
2015-10-04 22:54 - 2015-10-06 20:13 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 22:54 - 2015-10-04 22:54 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-04 22:54 - 2015-10-04 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-04 22:54 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-04 22:54 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-04 22:50 - 2015-10-04 22:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-04 22:36 - 2015-10-04 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-10-04 22:36 - 2015-10-04 22:36 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2015-10-04 14:28 - 2015-10-04 14:28 - 00001910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordWeb.lnk
2015-10-04 14:28 - 2015-10-04 14:28 - 00000000 ____D C:\Program Files\WordWeb
2015-10-04 14:28 - 2015-08-02 16:32 - 02940032 ____N (WordWeb Software) C:\WINDOWS\wweb32.dll
2015-10-04 00:26 - 2015-10-04 01:49 - 447472217 _____ C:\Users\sony\Downloads\Microsoft_Office_Proffesional_Plus_2010.iso
2015-09-18 19:01 - 2015-09-15 06:48 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-18 19:01 - 2015-09-15 06:48 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-17 01:04 - 2015-07-30 19:18 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-16 23:36 - 2015-07-14 09:02 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-16 23:36 - 2015-07-14 00:31 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-16 23:31 - 2015-09-02 07:43 - 00035840 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-16 23:31 - 2015-08-22 22:52 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-16 23:31 - 2015-08-22 22:25 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-16 23:31 - 2015-08-22 22:20 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-16 23:31 - 2015-08-22 22:15 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-16 23:31 - 2015-08-22 21:58 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-16 23:31 - 2015-08-22 21:53 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-16 23:31 - 2015-08-22 21:52 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-16 23:31 - 2015-08-22 21:50 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-16 23:31 - 2015-08-22 21:48 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-16 23:31 - 2015-08-22 21:48 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-16 23:31 - 2015-08-22 21:48 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-16 23:31 - 2015-08-22 21:48 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-16 23:31 - 2015-08-22 21:30 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-16 23:31 - 2015-08-22 21:26 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-16 23:31 - 2015-08-22 21:25 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-16 23:31 - 2015-08-01 09:15 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-16 23:31 - 2015-08-01 09:08 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-16 23:31 - 2015-08-01 09:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-16 23:31 - 2015-07-22 19:55 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-16 23:31 - 2015-07-22 19:55 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-16 23:31 - 2015-07-18 23:59 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-16 23:31 - 2015-07-18 23:57 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-16 23:30 - 2015-09-03 07:47 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-16 23:30 - 2015-09-02 22:39 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-16 23:30 - 2015-09-02 07:47 - 03523584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-16 23:30 - 2015-09-02 07:47 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-16 23:30 - 2015-08-27 08:23 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-16 23:30 - 2015-08-26 23:37 - 03066368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-16 23:30 - 2015-08-26 23:31 - 02173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-16 23:30 - 2015-08-26 23:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-16 23:30 - 2015-08-04 02:45 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-16 23:30 - 2015-08-01 19:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-16 23:30 - 2015-07-30 21:52 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-16 23:30 - 2015-07-22 19:45 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-16 23:30 - 2015-07-22 19:20 - 01172992 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-16 23:30 - 2015-07-17 19:40 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-16 23:30 - 2015-07-10 23:17 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-16 23:30 - 2015-07-09 21:20 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-16 23:30 - 2015-07-04 03:26 - 01132648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-16 23:30 - 2015-06-27 17:23 - 00108888 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-16 23:30 - 2015-06-19 22:33 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-15 20:41 - 2015-07-29 19:53 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-15 20:41 - 2015-07-29 19:50 - 01088000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-15 20:41 - 2015-07-29 04:58 - 00024240 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-09-15 20:41 - 2015-07-28 19:56 - 00952320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-09-15 20:41 - 2015-07-28 19:56 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-15 20:41 - 2015-07-16 06:04 - 01469456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-15 20:41 - 2015-07-16 06:03 - 05767000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-15 20:41 - 2015-07-16 06:03 - 00082776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-15 20:41 - 2015-07-10 22:23 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-15 20:41 - 2015-06-26 19:07 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-09-15 20:41 - 2015-05-11 21:57 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-09-15 20:41 - 2015-05-03 20:28 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-15 20:41 - 2015-05-03 20:19 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-09-15 20:41 - 2015-04-30 04:51 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-09-15 20:40 - 2015-07-02 03:07 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-09-15 20:40 - 2015-07-02 03:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-09-15 20:40 - 2015-04-28 18:43 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-09-15 20:39 - 2015-07-15 03:34 - 00869720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-15 20:39 - 2015-07-15 03:29 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-09-15 20:39 - 2015-07-09 22:00 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-15 20:39 - 2015-07-09 22:00 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-15 20:39 - 2015-06-27 08:38 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-09-15 20:39 - 2015-06-27 07:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-09-15 20:39 - 2015-06-27 07:44 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-09-15 20:39 - 2015-06-16 11:06 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-09-15 20:39 - 2015-06-12 22:06 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-15 20:39 - 2015-06-12 00:56 - 01853272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-15 20:39 - 2015-04-23 20:46 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-15 20:39 - 2014-11-10 23:17 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-15 20:38 - 2015-07-10 22:44 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-09-15 20:38 - 2015-07-10 22:01 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-09-15 20:38 - 2015-07-07 15:15 - 00233304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-09-15 20:38 - 2015-07-07 15:15 - 00084824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-09-15 20:38 - 2015-07-07 15:15 - 00038928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-09-15 20:38 - 2015-05-12 18:48 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-09-15 20:38 - 2015-05-07 22:23 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-15 20:38 - 2015-05-07 21:42 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-15 20:38 - 2015-05-07 20:35 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-09-15 20:38 - 2015-05-03 20:27 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-09-15 20:38 - 2014-11-05 00:52 - 00045888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-09-15 20:38 - 2014-11-05 00:52 - 00041792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00022528 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-09-15 20:38 - 2014-11-04 10:33 - 00019968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-09-15 20:37 - 2015-07-17 01:20 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-09-15 20:37 - 2015-07-17 01:11 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-09-15 20:37 - 2015-07-17 00:22 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-15 20:37 - 2015-07-14 00:57 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-09-15 20:37 - 2015-07-14 00:57 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-09-15 20:37 - 2015-06-16 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-15 20:37 - 2015-06-16 02:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-09-15 20:37 - 2015-06-16 02:39 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-15 20:37 - 2015-06-16 02:17 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-09-15 20:37 - 2015-06-16 02:14 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-09-15 20:37 - 2015-06-16 02:13 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-09-15 20:37 - 2015-06-16 02:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-09-15 20:37 - 2015-06-16 02:11 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-09-15 20:37 - 2015-05-31 00:54 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-15 20:37 - 2015-05-31 00:54 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-15 20:37 - 2015-04-25 07:55 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb80236.sys
2015-09-15 20:37 - 2015-04-25 07:55 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-09-15 20:37 - 2015-04-23 21:47 - 00030720 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2015-09-15 20:36 - 2015-06-28 10:42 - 00851704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-15 20:36 - 2015-06-28 10:42 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-09-15 20:36 - 2015-06-28 10:36 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-09-15 20:36 - 2015-06-27 07:48 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-09-15 20:36 - 2015-06-27 07:47 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-09-15 20:36 - 2015-06-27 07:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-09-15 20:36 - 2015-06-27 06:57 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-15 20:36 - 2015-06-27 06:56 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-09-15 20:36 - 2015-05-11 23:06 - 01014272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 20:26 - 2013-08-31 22:35 - 00000000 ____D C:\Users\sony\AppData\Roaming\uTorrent
2015-10-06 20:23 - 2013-09-03 19:46 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 19:54 - 2013-09-13 22:02 - 00000342 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-10-06 19:32 - 2014-12-06 16:59 - 01530786 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-06 19:30 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-06 19:23 - 2013-09-03 19:46 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 19:19 - 2013-09-02 11:43 - 00000000 ____D C:\Users\sony\AppData\Roaming\vlc
2015-10-06 19:13 - 2013-08-22 12:53 - 00310849 _____ C:\WINDOWS\setupact.log
2015-10-06 18:38 - 2014-09-10 20:42 - 00000000 ____D C:\Users\sony\AppData\Roaming\PolarisOfficeLink
2015-10-06 18:02 - 2015-01-05 22:09 - 00217088 ___SH C:\Users\sony\Documents\Thumbs.db
2015-10-06 08:35 - 2014-12-26 11:45 - 01062912 ___SH C:\Users\sony\Downloads\Thumbs.db
2015-10-06 04:37 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-05 22:48 - 2012-07-26 12:13 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-05 22:46 - 2015-04-04 10:56 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-05 22:29 - 2013-08-28 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-05 22:22 - 2015-03-04 12:59 - 00000000 ____D C:\Program Files\Britannica Manorama
2015-10-05 20:07 - 2014-12-07 00:57 - 01821184 ___SH C:\Users\sony\Desktop\Thumbs.db
2015-10-05 19:44 - 2014-09-24 08:23 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-04 23:41 - 2013-08-22 12:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-04 23:40 - 2014-09-24 00:10 - 00047898 _____ C:\WINDOWS\PFRO.log
2015-10-04 23:40 - 2013-08-22 11:43 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-04 23:40 - 2012-07-26 12:23 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-04 23:39 - 2014-03-13 14:33 - 00000000 ____D C:\Temp
2015-10-04 23:39 - 2014-03-05 12:15 - 00000000 ____D C:\Program Files\FLV Player
2015-10-04 23:39 - 2013-09-17 13:43 - 00000000 ____D C:\ProgramData\APN
2015-10-04 22:52 - 2013-12-12 18:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-04 22:49 - 2013-09-22 13:10 - 00000000 ____D C:\Users\sony\Downloads\Compressed
2015-10-04 17:50 - 2013-09-22 13:10 - 00000000 ____D C:\Users\sony\AppData\Roaming\DMCache
2015-10-04 17:20 - 2013-09-03 19:46 - 00000000 ____D C:\Users\sony\AppData\Local\Google
2015-10-02 11:50 - 2013-08-28 23:12 - 00000000 ____D C:\Users\sony\AppData\Roaming\iolo
2015-10-02 11:50 - 2013-08-28 23:12 - 00000000 ____D C:\ProgramData\iolo
2015-09-29 23:26 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\rescache
2015-09-29 19:46 - 2015-02-05 14:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-29 18:55 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-18 18:59 - 2013-08-22 12:52 - 00542992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-18 18:58 - 2013-09-01 19:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-17 08:53 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\WinStore
2015-09-17 08:53 - 2013-08-22 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-17 01:05 - 2013-08-23 23:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-17 01:04 - 2013-08-25 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-17 00:49 - 2013-09-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-17 00:42 - 2014-12-26 21:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-17 00:42 - 2014-09-24 09:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-09-17 00:41 - 2014-09-24 08:01 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-16 23:48 - 2013-09-22 13:10 - 00000000 ____D C:\Users\sony\Downloads\Video
2015-09-16 23:19 - 2015-02-05 21:24 - 00000000 ___RD C:\Users\sony\OneDrive
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\WINDOWS\ToastData
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 20:54 - 2013-08-22 13:47 - 00000000 ____D C:\Program Files\Windows Defender
 
==================== Files in the root of some directories =======
 
2015-10-04 23:46 - 2015-10-06 19:23 - 0000013 _____ () C:\Users\sony\AppData\Roaming\mbam.context.scan
2014-03-05 12:16 - 2014-03-05 12:16 - 0000045 _____ () C:\Users\sony\AppData\Roaming\WB.CFG
2013-09-24 20:59 - 2013-09-24 20:59 - 0007610 _____ () C:\Users\sony\AppData\Local\Resmon.ResmonCfg
2013-11-19 20:38 - 2013-11-19 20:38 - 1048576 _____ () C:\Users\sony\AppData\Local\SLSTPSUSR.DAT
2013-09-02 18:39 - 2013-09-02 18:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-19 20:38 - 2013-11-19 20:38 - 1048576 _____ () C:\ProgramData\SLSTPSMCN.DAT
 
Some files in TEMP:
====================
C:\Users\sony\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\sony\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\sony\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-05 22:45
 
==================== End of FRST.txt ============================

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 08 October 2015 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Extension: GoPhotoIt - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF Extension: Torntv 3 - C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.nationzoom.com/?type=sc&ts=1386267734&from=ild&uid=TOSHIBAXMQ01ABD050_63D2PTMXTXX63D2PTMXT
C:\Users\sony\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\sony\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\sony\AppData\Local\Temp\vlc-2.2.1-win32.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
Task: {A92D6E99-8BDD-4EEF-BF2D-2688B4B36F45} - \Desk 365 RunAsStdUser -> No File <==== ATTENTION
C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi
C:\Users\sony\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 AM

Posted 14 October 2015 - 09:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users