Jump to content

Malwarebytes won't run -- tried strategies


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-09-2014

Ran by Ravita (administrator) on RAVITA-PC on 02-09-2014 17:41:09

Running from C:\Users\Ravita\Downloads

Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKU\S-1-5-21-1702411345-2340117848-901548383-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-1702411345-2340117848-901548383-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\Users\Ewus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\Ravita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicyUsers\S-1-5-21-1702411345-2340117848-901548383-1003\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()


Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR CustomProfile: C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2001-03-24]

CHR Extension: (Google Drive) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2001-03-24]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

CHR Extension: (YouTube) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2001-03-24]

CHR Extension: (Coupons.com Toolbar) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf [2014-06-01]

CHR Extension: (Google Search) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2001-03-24]

CHR Extension: (Google Wallet) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]

CHR Extension: (Gmail) - C:\Users\Ravita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2001-03-24]

CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx [2013-07-15]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MTKSCVAD; C:\Windows\System32\drivers\mtkvad.sys [37376 2012-07-16] (Ralink Technology, Corp.)

R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1321568 2012-08-17] (Ralink Technology Corp.)

R3 tifmsony; C:\Windows\System32\drivers\tifmsony.sys [77312 2005-08-12] (Texas Instruments)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-02 17:41 - 2014-09-02 17:42 - 00006808 _____ () C:\Users\Ravita\Downloads\FRST.txt

2014-09-02 17:41 - 2014-09-02 17:41 - 00000000 ____D () C:\FRST

2014-09-02 17:40 - 2014-09-02 17:40 - 01096704 _____ (Farbar) C:\Users\Ravita\Downloads\FRST.exe

2014-09-02 17:08 - 2014-09-02 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSafety

2014-09-02 17:08 - 2014-09-02 17:08 - 00000964 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-02 17:08 - 2014-09-02 17:08 - 00000000 ____D () C:\Program Files\VSafety.com

2014-09-02 17:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-02 17:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-02 17:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-02 17:04 - 2014-09-02 17:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ravita\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-09-02 15:27 - 2014-09-02 15:28 - 04872677 _____ () C:\Users\Ravita\Downloads\mbam-chameleon-3.1.4.0.zip

2014-09-02 15:09 - 2014-09-02 17:23 - 00000000 ____D () C:\Users\Ravita\AppData\Local\CrashDumps

2014-09-02 15:01 - 2014-09-02 15:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ravita\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-09-02 14:58 - 2014-09-02 14:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ravita\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-02 08:27 - 2014-09-02 08:31 - 11241816 _____ (Microsoft Corporation) C:\Users\Ravita\Downloads\mseinstall.exe

2014-09-02 08:03 - 2014-09-02 08:03 - 00138240 _____ () C:\Windows\Minidump\090214-30656-01.dmp

2014-09-01 13:47 - 2014-09-01 13:47 - 00000000 ____D () C:\Users\Ewus\Desktop\New folder

2014-08-29 07:15 - 2014-08-29 07:15 - 00176552 _____ () C:\Windows\Minidump\082914-29125-01.dmp

2014-08-27 18:02 - 2014-08-27 18:02 - 00138424 _____ () C:\Windows\Minidump\082714-33265-01.dmp

2014-08-26 20:10 - 2014-08-26 20:10 - 00002392 _____ () C:\Users\Ravita\Downloads\SID

2014-08-26 06:46 - 2014-08-26 06:46 - 00176736 _____ () C:\Windows\Minidump\082614-41812-01.dmp

2014-08-16 07:25 - 2014-08-22 07:43 - 00000000 ____D () C:\NPE

2014-08-16 07:21 - 2014-08-22 08:27 - 00000000 ____D () C:\ProgramData\SMR410

2014-08-16 06:54 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-16 06:54 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-16 06:54 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-16 06:54 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-16 06:49 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-16 06:30 - 2014-08-22 07:47 - 00000000 ____D () C:\Users\Ravita\AppData\Local\NPE

2014-08-16 06:24 - 2014-08-16 06:25 - 03077584 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NPE (1).exe

2014-08-16 06:24 - 2014-08-16 06:25 - 01022080 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NBRT-Retail-Downloader (2).exe

2014-08-16 06:17 - 2014-08-16 06:17 - 03077584 ____N (Symantec Corporation) C:\Users\Ravita\Downloads\NPE.exe

2014-08-16 06:16 - 2014-08-16 06:17 - 01022080 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NBRT-Retail-Downloader (1).exe

2014-08-15 22:10 - 2014-08-15 22:10 - 00138424 _____ () C:\Windows\Minidump\081514-38687-01.dmp

2014-08-15 22:01 - 2014-08-16 06:42 - 00000000 ____D () C:\Users\Ravita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

2014-08-15 22:01 - 2014-08-15 22:01 - 00000000 ____D () C:\Users\Public\Downloads\Norton

2014-08-15 22:00 - 2014-08-15 22:01 - 01022080 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NBRT-Retail-Downloader.exe

2014-08-15 21:47 - 2014-09-02 14:42 - 00000000 ____D () C:\ProgramData\Norton

2014-08-15 21:41 - 2014-08-15 21:45 - 223165336 ____N (Symantec Corporation) C:\Users\Ravita\Downloads\NIS_21.1.0.18_SYMTB_PROMO_4_MRFTT_829_10144-US1.exe

2014-08-15 21:20 - 2014-08-15 22:16 - 00239758 _____ () C:\Windows\ntbtlog.txt.bak

2014-08-15 21:20 - 2014-08-15 21:20 - 00138240 _____ () C:\Windows\Minidump\081514-22937-01.dmp

2014-08-13 21:04 - 2014-08-13 21:04 - 00138424 _____ () C:\Windows\Minidump\081314-26250-02.dmp

2014-08-13 17:00 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-13 16:59 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-13 16:59 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-13 16:58 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-13 16:24 - 2014-09-02 08:03 - 195259396 _____ () C:\Windows\MEMORY.DMP

2014-08-13 16:24 - 2014-09-02 08:03 - 00000000 ____D () C:\Windows\Minidump

2014-08-13 16:24 - 2014-08-13 16:24 - 00138472 _____ () C:\Windows\Minidump\081314-26250-01.dmp

2014-08-13 09:52 - 2014-08-13 09:52 - 00002517 _____ () C:\Users\Ravita\Downloads\CallLog_2014-08-13_13-52-15.csv

2014-08-11 08:42 - 2014-08-11 08:42 - 00000000 __SHD () C:\found.000

2014-08-03 04:20 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-03 04:20 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-03 04:20 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-03 04:20 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-03 04:19 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-03 04:19 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-03 04:19 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-03 04:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-03 04:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-02 17:42 - 2014-09-02 17:41 - 00006808 _____ () C:\Users\Ravita\Downloads\FRST.txt

2014-09-02 17:41 - 2014-09-02 17:41 - 00000000 ____D () C:\FRST

2014-09-02 17:40 - 2014-09-02 17:40 - 01096704 _____ (Farbar) C:\Users\Ravita\Downloads\FRST.exe

2014-09-02 17:37 - 2011-10-04 14:16 - 01772410 _____ () C:\Windows\WindowsUpdate.log

2014-09-02 17:37 - 2009-07-14 00:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-02 17:37 - 2009-07-14 00:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-02 17:37 - 2001-03-24 20:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-02 17:30 - 2012-05-14 22:09 - 00016384 _____ () C:\Windows\system32\Ikeext.etl

2014-09-02 17:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-02 17:30 - 2009-07-14 00:39 - 00045118 _____ () C:\Windows\setupact.log

2014-09-02 17:23 - 2014-09-02 15:09 - 00000000 ____D () C:\Users\Ravita\AppData\Local\CrashDumps

2014-09-02 17:22 - 2014-09-02 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSafety

2014-09-02 17:13 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing

2014-09-02 17:08 - 2014-09-02 17:08 - 00000964 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-02 17:08 - 2014-09-02 17:08 - 00000000 ____D () C:\Program Files\VSafety.com

2014-09-02 17:05 - 2014-09-02 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ravita\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-09-02 16:55 - 2001-03-24 20:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-02 15:28 - 2014-09-02 15:27 - 04872677 _____ () C:\Users\Ravita\Downloads\mbam-chameleon-3.1.4.0.zip

2014-09-02 15:21 - 2014-05-27 08:57 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-09-02 15:02 - 2014-09-02 15:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ravita\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-09-02 14:59 - 2014-09-02 14:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ravita\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-02 14:42 - 2014-08-15 21:47 - 00000000 ____D () C:\ProgramData\Norton

2014-09-02 14:42 - 2010-11-20 17:48 - 01250494 _____ () C:\Windows\PFRO.log

2014-09-02 12:02 - 2014-04-29 22:12 - 00000000 ____D () C:\Users\Ewus

2014-09-02 12:02 - 2011-10-04 14:42 - 00000000 ____D () C:\Users\Ravita

2014-09-02 12:02 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-09-02 12:02 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-09-02 12:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration

2014-09-02 08:31 - 2014-09-02 08:27 - 11241816 _____ (Microsoft Corporation) C:\Users\Ravita\Downloads\mseinstall.exe

2014-09-02 08:03 - 2014-09-02 08:03 - 00138240 _____ () C:\Windows\Minidump\090214-30656-01.dmp

2014-09-02 08:03 - 2014-08-13 16:24 - 195259396 _____ () C:\Windows\MEMORY.DMP

2014-09-02 08:03 - 2014-08-13 16:24 - 00000000 ____D () C:\Windows\Minidump

2014-09-01 13:47 - 2014-09-01 13:47 - 00000000 ____D () C:\Users\Ewus\Desktop\New folder

2014-08-29 11:13 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat

2014-08-29 07:15 - 2014-08-29 07:15 - 00176552 _____ () C:\Windows\Minidump\082914-29125-01.dmp

2014-08-27 18:02 - 2014-08-27 18:02 - 00138424 _____ () C:\Windows\Minidump\082714-33265-01.dmp

2014-08-26 20:10 - 2014-08-26 20:10 - 00002392 _____ () C:\Users\Ravita\Downloads\SID

2014-08-26 06:46 - 2014-08-26 06:46 - 00176736 _____ () C:\Windows\Minidump\082614-41812-01.dmp

2014-08-22 08:27 - 2014-08-16 07:21 - 00000000 ____D () C:\ProgramData\SMR410

2014-08-22 07:47 - 2014-08-16 06:30 - 00000000 ____D () C:\Users\Ravita\AppData\Local\NPE

2014-08-22 07:43 - 2014-08-16 07:25 - 00000000 ____D () C:\NPE

2014-08-16 11:58 - 2001-03-24 20:32 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-16 08:46 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache

2014-08-16 06:42 - 2014-08-15 22:01 - 00000000 ____D () C:\Users\Ravita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

2014-08-16 06:25 - 2014-08-16 06:24 - 03077584 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NPE (1).exe

2014-08-16 06:25 - 2014-08-16 06:24 - 01022080 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NBRT-Retail-Downloader (2).exe

2014-08-16 06:17 - 2014-08-16 06:17 - 03077584 ____N (Symantec Corporation) C:\Users\Ravita\Downloads\NPE.exe

2014-08-16 06:17 - 2014-08-16 06:16 - 01022080 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NBRT-Retail-Downloader (1).exe

2014-08-16 01:04 - 2001-03-24 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-08-15 22:16 - 2014-08-15 21:20 - 00239758 _____ () C:\Windows\ntbtlog.txt.bak

2014-08-15 22:10 - 2014-08-15 22:10 - 00138424 _____ () C:\Windows\Minidump\081514-38687-01.dmp

2014-08-15 22:01 - 2014-08-15 22:01 - 00000000 ____D () C:\Users\Public\Downloads\Norton

2014-08-15 22:01 - 2014-08-15 22:00 - 01022080 _____ (Symantec Corporation) C:\Users\Ravita\Downloads\NBRT-Retail-Downloader.exe

2014-08-15 21:45 - 2014-08-15 21:41 - 223165336 ____N (Symantec Corporation) C:\Users\Ravita\Downloads\NIS_21.1.0.18_SYMTB_PROMO_4_MRFTT_829_10144-US1.exe

2014-08-15 21:20 - 2014-08-15 21:20 - 00138240 _____ () C:\Windows\Minidump\081514-22937-01.dmp

2014-08-13 21:59 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-13 21:04 - 2014-08-13 21:04 - 00138424 _____ () C:\Windows\Minidump\081314-26250-02.dmp

2014-08-13 17:16 - 2014-05-01 07:34 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-13 17:04 - 2014-05-01 07:33 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-13 16:24 - 2014-08-13 16:24 - 00138472 _____ () C:\Windows\Minidump\081314-26250-01.dmp

2014-08-13 09:52 - 2014-08-13 09:52 - 00002517 _____ () C:\Users\Ravita\Downloads\CallLog_2014-08-13_13-52-15.csv

2014-08-11 11:24 - 2013-03-01 10:23 - 00000000 ____D () C:\Users\Ravita\Documents\CEC

2014-08-11 08:42 - 2014-08-11 08:42 - 00000000 __SHD () C:\found.000

2014-08-05 09:20 - 2014-05-02 09:43 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

Some content of TEMP:

====================

C:\Users\Ravita\AppData\Local\Temp\Couponscom.exe

C:\Users\Ravita\AppData\Local\Temp\DefaultPack.exe

C:\Users\Ravita\AppData\Local\Temp\GLFCBC1.EXE

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-27 19:57

 

==================== End Of Log ============================

Link to post
Share on other sites

Hello and :welcome:

Let's try this first....

Thank You,

Firefox

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.