Jump to content

Infected with Dolphin Deals. Random deals pop up in chrome, explorer and firefox browsers. Please help


aeronori

Recommended Posts

Hi, 

 

I have tried to remove the "dolphin deals" malware myself using the latest version of Malwarebytes Anti-Malware. 

 

One more thing i see is that my windows defender doesn't turn on how much ever I try. I don't know if "Dolphin deals" malware turned it off.  I just have the microsoft security essentials as my anti-virus software. 
 

I tried one last time with the instructions given in http://malwaretips.com/blogs/dolphin-deals-removal/

All actions have been done in "Normal" mode...

1. I used revo uninstaller to remove Dolphin deals, wajam and flash enhancer

2. Installed AdwCleaner and performed couple of scans and restarted. No issues. It actually removed the "dolphin deals" from the internet explorer's (IE11) "toolbars and extensions" and also reset the home pages. The default was "istartsurf" search page for all the 3 browsers. The istartsurf also looked fishy. I am attaching the logfile for this scan. 

3. Then tried to remove Dolphin Deals pop-up virus with Malwarebytes Anti-Malware Free version. As most of the stuff was removed by AdwCleaner...some 10-15 items showed up in the scan and I quarantined all. Next it asked me to restart and then the same old problem came up...it doesn't boot up completely after login and a black screen comes up. Then force shut down > Safe mode > system restore > normal mode restart. 

 

I looped like this trying 3-4 options and then I got frustrated....luckily I bumped into your forums....and hoping for the best

 

1.After System restore ...I followed steps 1 and 2 given above and then searched for a solution in the web (for boot loop during malware removal) when I found you guys. I then ran the Farbar Recovery Scan tool. Hope it is OK?

2. I am attaching the "scan" and "clean" logs for the AdwCleaner for your reference

 

I am posting the FRST.txt in this post itself (without attaching the files). I have attached the Addition.txt file. 

 

Looking for your help. Thanks in advance...

Regards

Venkat

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Narayana (administrator) on NARAYANA-PC on 12-09-2014 01:02:49
Running from C:\Users\Narayana\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SanDisk Corporation) C:\Users\Narayana\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Narayana\Desktop\adwcleaner_3.309.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-10-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-10-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-10-20] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-10-20] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-10-12] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\Run: [Google Update] => C:\Users\Narayana\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-20] (Google Inc.)
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\Run: [sansaDispatch] => C:\Users\Narayana\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe  ×%  âñ ÿñ                                            t . 
  
Ñ% (ãñ
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\Run: [Google+ Auto Backup] => C:\Users\Narayana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-13] (Google Inc.)
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\MountPoints2: {101125ca-bf00-11e2-ae55-f0def19bb36d} - E:\AutoRun.exe
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\MountPoints2: {101125d6-bf00-11e2-ae55-f0def19bb36d} - E:\AutoRun.exe
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\MountPoints2: {101125e1-bf00-11e2-ae55-f0def19bb36d} - E:\AutoRun.exe
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\MountPoints2: {ae0ff5b4-f43d-11e2-b1d2-f0def19bb36d} - E:\AutoRun.exe
HKU\S-1-5-21-3764160811-827429215-546219179-1000\...\MountPoints2: {ae0ff5d4-f43d-11e2-b1d2-f0def19bb36d} - E:\Startme.exe
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\NLK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\NLK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Narayana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\NLK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Narayana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\VNN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6F7864F9-DB33-11D3-8166-0060B0F885E6} https://pki.honeywell.com/pki/VSApps/vspta3.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.26.56.26 8.20.247.20
 
FireFox:
========
FF ProfilePath: C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default
FF Keyword.URL: hxxp://www.google.com/search?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Narayana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Narayana\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Narayana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Narayana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Narayana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Narayana\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\Extensions\clickclean@hotcleaner.com [2013-03-30]
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\Extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} [2012-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-10-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-08]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\extensions\lazarus@interclue.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [Not Found]
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\extensions\savedpasswordeditor@daniel.dawson.xpi [Not Found]
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\extensions\client@anonymox.net.xpi [Not Found]
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\extensions\{f2dee4ac-05d0-4e54-80bc-2dc0ba61a2c7}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> 8FCC4CFE87BF63718C16F3E2A856B4FA0896F4772FC5B034426AF9094556BAC7
CHR DefaultSearchProvider: Default -> A159A02A34C0E6D56C7A46D3AFBDE700B79DE5B0C30A9B96BAF2047F86C73E98
CHR DefaultSearchURL: Default -> F6A080D088DEA6C37D16F0BD9ECCCB58295908581BA5A879D20842AD8D9EF9C0
CHR Profile: C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Google Docs) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Google Search) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (Google Sheets) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (Skype Click to Call) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Gmail) - C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-05-24] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [204304 2012-04-11] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 DS1410D; C:\Windows\SysWow64\Drivers\DS1410D.sys [7328 2006-03-22] () [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2013-05-24] (Huawei Technologies Co., Ltd.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 01:02 - 2014-09-12 01:04 - 00027957 _____ () C:\Users\Narayana\Desktop\FRST.txt
2014-09-12 01:02 - 2014-09-12 01:02 - 00000000 ____D () C:\FRST
2014-09-12 00:59 - 2014-09-12 01:00 - 02105856 _____ (Farbar) C:\Users\Narayana\Desktop\FRST64.exe
2014-09-12 00:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-12 00:07 - 2014-09-12 00:07 - 01370467 _____ () C:\Users\Narayana\Desktop\adwcleaner_3.309.exe
2014-09-11 23:29 - 2014-08-19 23:35 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-11 23:29 - 2014-08-19 23:09 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-11 23:29 - 2014-08-19 04:31 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-11 23:29 - 2014-08-19 03:59 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-11 23:29 - 2014-08-19 03:59 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-11 23:29 - 2014-08-19 03:56 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-11 23:29 - 2014-08-19 03:50 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-11 23:29 - 2014-08-19 03:49 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-11 23:29 - 2014-08-19 03:45 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-11 23:29 - 2014-08-19 03:45 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-11 23:29 - 2014-08-19 03:44 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-11 23:29 - 2014-08-19 03:44 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-11 23:29 - 2014-08-19 03:38 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-11 23:29 - 2014-08-19 03:38 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-11 23:29 - 2014-08-19 03:38 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-11 23:29 - 2014-08-19 03:35 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-11 23:29 - 2014-08-19 03:33 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-11 23:29 - 2014-08-19 03:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-11 23:29 - 2014-08-19 03:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-11 23:29 - 2014-08-19 03:27 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-11 23:29 - 2014-08-19 03:26 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-11 23:29 - 2014-08-19 03:21 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-11 23:29 - 2014-08-19 03:16 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-11 23:29 - 2014-08-19 03:15 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:29 - 2014-08-19 03:15 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-11 23:29 - 2014-08-19 03:14 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-11 23:29 - 2014-08-19 03:14 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-11 23:29 - 2014-08-19 03:12 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-11 23:29 - 2014-08-19 03:10 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-11 23:29 - 2014-08-19 03:09 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-11 23:29 - 2014-08-19 03:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-11 23:29 - 2014-08-19 03:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-11 23:29 - 2014-08-19 03:08 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-11 23:29 - 2014-08-19 03:07 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-11 23:29 - 2014-08-19 03:06 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-11 23:29 - 2014-08-19 03:05 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-11 23:29 - 2014-08-19 02:57 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-11 23:29 - 2014-08-19 02:55 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-11 23:29 - 2014-08-19 02:55 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-11 23:29 - 2014-08-19 02:53 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-11 23:29 - 2014-08-19 02:53 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-11 23:29 - 2014-08-19 02:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 23:29 - 2014-08-19 02:49 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-11 23:29 - 2014-08-19 02:47 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-11 23:29 - 2014-08-19 02:47 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-11 23:29 - 2014-08-19 02:46 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-11 23:29 - 2014-08-19 02:45 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-11 23:29 - 2014-08-19 02:45 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-11 23:29 - 2014-08-19 02:39 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-11 23:29 - 2014-08-19 02:38 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-11 23:29 - 2014-08-19 02:37 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-11 23:29 - 2014-08-19 02:25 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-11 23:29 - 2014-08-19 02:16 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-11 23:29 - 2014-08-19 02:08 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-11 23:29 - 2014-08-19 02:08 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-11 23:29 - 2014-08-19 02:06 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-11 23:16 - 2014-06-27 07:38 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-11 23:16 - 2014-06-27 07:15 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 20:37 - 2014-09-12 00:59 - 00000000 ____D () C:\AdwCleaner
2014-09-11 20:35 - 2014-09-12 00:34 - 00000383 _____ () C:\Users\Narayana\Desktop\doly.txt
2014-09-11 19:43 - 2014-09-11 19:43 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\HpUpdate
2014-09-11 07:13 - 2014-08-01 17:23 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-11 07:13 - 2014-08-01 17:05 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-11 07:12 - 2014-06-24 08:59 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-11 07:12 - 2014-06-24 08:29 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-11 07:11 - 2014-07-07 07:36 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-11 07:11 - 2014-07-07 07:36 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-11 07:11 - 2014-07-07 07:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-11 07:11 - 2014-07-07 07:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-11 07:11 - 2014-07-07 07:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 07:10 - 2014-09-05 07:40 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-11 07:10 - 2014-09-05 07:35 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 06:50 - 2014-09-11 06:50 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\IsolatedStorage
2014-09-11 06:19 - 2014-09-11 21:54 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Malwarebytes
2014-09-11 06:19 - 2014-09-11 21:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-11 05:46 - 2014-09-11 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-10 22:46 - 2014-09-10 22:46 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Macromedia
2014-09-09 23:50 - 2014-09-10 11:28 - 00000000 ____D () C:\Program Files (x86)\GUMFB5E.tmp
2014-09-09 23:50 - 2014-09-10 00:30 - 06010880 _____ () C:\Program Files (x86)\GUTFB5F.tmp
2014-09-09 23:49 - 2014-09-10 23:54 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Deployment
2014-09-09 23:17 - 2014-09-09 23:49 - 00077848 _____ () C:\Users\Narayana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 23:19 - 2014-09-11 23:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 10:01 - 2014-09-08 10:01 - 00000687 _____ () C:\awhE714.tmp
2014-09-05 21:26 - 2014-09-05 22:58 - 00018951 _____ () C:\Users\Narayana\Downloads\Stocks.ods
2014-09-05 10:06 - 2014-09-05 10:06 - 00000687 _____ () C:\awh6A47.tmp
2014-08-29 12:00 - 2014-08-29 12:00 - 00000687 _____ () C:\awh4068.tmp
2014-08-28 13:28 - 2014-08-23 07:37 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 13:28 - 2014-08-23 07:15 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 13:28 - 2014-08-23 06:29 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-23 16:15 - 2014-05-14 21:53 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-23 16:15 - 2014-05-14 21:53 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-23 16:15 - 2014-05-14 21:53 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-23 16:15 - 2014-05-14 21:51 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-23 16:14 - 2014-05-14 21:53 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-23 16:14 - 2014-05-14 21:53 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-23 16:14 - 2014-05-14 21:53 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-23 16:14 - 2014-05-14 21:53 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-23 16:14 - 2014-05-14 21:50 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-23 16:14 - 2014-05-14 21:47 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-23 16:13 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-23 16:13 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-23 16:13 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-23 16:13 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-22 16:36 - 2014-09-11 23:09 - 00000000 ____D () C:\Users\Narayana\AppData\Local\5826
2014-08-22 16:26 - 2014-08-22 16:33 - 00448704 _____ () C:\Users\Narayana\Downloads\FlashPlayer__2937_i1206192150_il36.exe
2014-08-22 16:25 - 2014-08-22 16:26 - 01922200 _____ () C:\Users\Narayana\Downloads\iLividSetup-r1543-n-bc.exe
2014-08-20 01:11 - 2014-08-20 01:11 - 00108544 _____ () C:\windows\SysWOW64\hfnapi.dll
2014-08-19 15:31 - 2014-08-19 15:32 - 00096768 _____ () C:\Users\Narayana\Downloads\Stocks.xls
2014-08-15 14:00 - 2014-07-01 03:54 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 14:00 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 14:00 - 2014-03-10 03:18 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 14:00 - 2014-03-10 03:18 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 14:00 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 14:00 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-15 13:59 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 13:59 - 2014-06-06 11:42 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 10:41 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 10:41 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 10:41 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 10:41 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 10:41 - 2014-07-09 07:33 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 10:41 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 10:41 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 10:41 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 10:41 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 10:41 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 10:41 - 2014-07-09 04:08 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 10:41 - 2014-07-09 04:00 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 10:35 - 2014-07-16 08:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 10:35 - 2014-07-16 08:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 10:35 - 2014-06-03 15:32 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 10:35 - 2014-06-03 15:32 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 10:35 - 2014-06-03 15:32 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 10:35 - 2014-06-03 15:32 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 10:35 - 2014-06-03 14:59 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 10:35 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 10:35 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 10:34 - 2014-06-25 07:35 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 10:34 - 2014-06-25 07:11 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-14 10:34 - 2014-06-16 07:40 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 10:29 - 2014-07-14 07:32 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 10:29 - 2014-07-14 07:10 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-13 04:30 - 2014-08-13 04:30 - 04575232 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 01:04 - 2014-09-12 01:02 - 00027957 _____ () C:\Users\Narayana\Desktop\FRST.txt
2014-09-12 01:02 - 2014-09-12 01:02 - 00000000 ____D () C:\FRST
2014-09-12 01:00 - 2014-09-12 00:59 - 02105856 _____ (Farbar) C:\Users\Narayana\Desktop\FRST64.exe
2014-09-12 00:59 - 2014-09-11 20:37 - 00000000 ____D () C:\AdwCleaner
2014-09-12 00:50 - 2012-01-22 04:07 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764160811-827429215-546219179-1000UA.job
2014-09-12 00:45 - 2009-07-14 10:15 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 00:45 - 2009-07-14 10:15 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 00:42 - 2009-07-14 10:43 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-12 00:41 - 2011-10-20 15:19 - 01966553 _____ () C:\windows\WindowsUpdate.log
2014-09-12 00:37 - 2011-10-20 16:11 - 04633035 _____ () C:\windows\system32\fastboot.set
2014-09-12 00:37 - 2011-10-20 16:07 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 00:37 - 2011-10-20 15:57 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-12 00:36 - 2011-10-20 15:57 - 04485173 _____ () C:\FaceProv.log
2014-09-12 00:36 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-12 00:36 - 2009-07-14 10:21 - 00109542 _____ () C:\windows\setupact.log
2014-09-12 00:35 - 2012-10-06 12:12 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-12 00:35 - 2012-10-06 12:12 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-12 00:35 - 2011-12-17 12:13 - 00000995 _____ () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-12 00:35 - 2011-10-20 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-12 00:35 - 2010-11-21 09:17 - 00169704 _____ () C:\windows\PFRO.log
2014-09-12 00:34 - 2014-09-11 20:35 - 00000383 _____ () C:\Users\Narayana\Desktop\doly.txt
2014-09-12 00:18 - 2011-10-20 16:07 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 00:07 - 2014-09-12 00:07 - 01370467 _____ () C:\Users\Narayana\Desktop\adwcleaner_3.309.exe
2014-09-12 00:07 - 2012-10-12 14:55 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 00:03 - 2012-08-02 21:25 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Skype
2014-09-12 00:03 - 2011-12-17 12:12 - 00000000 ____D () C:\Users\Narayana
2014-09-11 23:27 - 2011-12-18 23:12 - 00768866 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-11 23:26 - 2012-05-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 23:26 - 2012-01-08 13:20 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 23:26 - 2012-01-08 13:20 - 00001945 _____ () C:\windows\epplauncher.mif
2014-09-11 23:26 - 2012-01-08 13:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 23:25 - 2013-08-15 19:03 - 00000000 ____D () C:\windows\system32\MRT
2014-09-11 23:18 - 2012-08-14 12:52 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-11 23:16 - 2014-05-08 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-11 23:10 - 2012-10-12 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-11 23:10 - 2012-10-12 15:30 - 00000000 ____D () C:\Program Files (x86)\Freecorder Toolbar
2014-09-11 23:09 - 2014-09-08 23:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 23:09 - 2014-08-22 16:36 - 00000000 ____D () C:\Users\Narayana\AppData\Local\5826
2014-09-11 23:09 - 2014-07-30 16:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-11 23:09 - 2012-11-30 19:19 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-11 23:09 - 2012-10-12 15:35 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Real
2014-09-11 23:09 - 2012-10-12 15:35 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-11 23:09 - 2012-10-03 07:45 - 00000000 ____D () C:\Users\NLK
2014-09-11 23:09 - 2012-10-02 22:05 - 00000000 ___RD () C:\Users\NSM\Dropbox
2014-09-11 23:09 - 2012-10-02 22:04 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-11 23:09 - 2012-10-02 21:56 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-09-11 23:09 - 2012-10-02 21:56 - 00000000 ____D () C:\Users\NSM\AppData\Local\Google
2014-09-11 23:09 - 2012-10-02 21:56 - 00000000 ____D () C:\Users\NSM\AppData\Local\BioExcess
2014-09-11 23:09 - 2012-10-02 13:30 - 00000000 ___RD () C:\Users\VNN\Virtual Machines
2014-09-11 23:09 - 2012-10-02 12:40 - 00000000 ___RD () C:\Users\NSM\Virtual Machines
2014-09-11 23:09 - 2012-10-02 12:32 - 00000000 ____D () C:\Users\VNN
2014-09-11 23:09 - 2012-10-02 12:10 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-11 23:09 - 2012-10-02 12:10 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-11 23:09 - 2012-10-02 12:10 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-11 23:09 - 2012-10-02 12:10 - 00000000 ____D () C:\Users\NSM
2014-09-11 23:09 - 2012-04-20 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Actel Libero IDE v9.1
2014-09-11 23:09 - 2012-04-20 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsemi SoftConsole v3.3
2014-09-11 23:09 - 2011-12-17 12:14 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-09-11 23:09 - 2011-12-17 12:13 - 00000000 ____D () C:\Users\Narayana\AppData\Local\BioExcess
2014-09-11 23:09 - 2011-12-17 12:13 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Apps\2.0
2014-09-11 23:09 - 2011-12-17 12:12 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-11 23:09 - 2011-10-20 15:59 - 00000000 ____D () C:\ProgramData\Best Buy pc app
2014-09-11 23:09 - 2011-10-20 15:57 - 00000000 ____D () C:\ProgramData\Port Locker
2014-09-11 23:09 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\system32\NDF
2014-09-11 23:09 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\schemas
2014-09-11 23:09 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-11 23:09 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\AppCompat
2014-09-11 23:09 - 2009-07-14 08:50 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-11 23:08 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\registration
2014-09-11 23:07 - 2012-10-02 12:38 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\OpenOffice.org
2014-09-11 23:06 - 2012-10-12 15:33 - 00000000 ____D () C:\ProgramData\Real
2014-09-11 23:06 - 2012-10-02 22:03 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Dropbox
2014-09-11 23:06 - 2012-10-02 21:56 - 00000000 ____D () C:\Users\NSM\AppData\Local\Apps\2.0
2014-09-11 23:05 - 2011-10-20 16:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-11 21:54 - 2014-09-11 06:19 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Malwarebytes
2014-09-11 21:54 - 2014-09-11 06:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-11 19:43 - 2014-09-11 19:43 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\HpUpdate
2014-09-11 07:00 - 2014-09-11 05:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-11 06:50 - 2014-09-11 06:50 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\IsolatedStorage
2014-09-11 06:22 - 2012-10-02 10:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-10 23:54 - 2014-09-09 23:49 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Deployment
2014-09-10 23:02 - 2012-11-22 10:44 - 00001264 _____ () C:\Users\Narayana\Desktop\Revo Uninstaller.lnk
2014-09-10 22:46 - 2014-09-10 22:46 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Macromedia
2014-09-10 14:44 - 2012-10-02 11:20 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Dropbox
2014-09-10 14:44 - 2011-12-20 02:44 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Google
2014-09-10 13:08 - 2012-10-12 14:55 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 13:08 - 2012-06-16 18:06 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:08 - 2012-06-16 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 12:50 - 2012-01-22 04:07 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764160811-827429215-546219179-1000Core.job
2014-09-10 11:28 - 2014-09-09 23:50 - 00000000 ____D () C:\Program Files (x86)\GUMFB5E.tmp
2014-09-10 11:28 - 2014-04-27 14:14 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Sony
2014-09-10 11:28 - 2014-03-15 13:40 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-09-10 11:28 - 2013-12-24 20:15 - 00000000 ____D () C:\Users\Narayana\AppData\Local\FileViewPro
2014-09-10 11:28 - 2013-05-31 22:59 - 00000000 ____D () C:\Users\VNN\AppData\Roaming\Skype
2014-09-10 11:28 - 2013-05-18 07:35 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2014-09-10 11:28 - 2013-05-18 07:34 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\SanDisk
2014-09-10 11:28 - 2013-01-24 23:52 - 00000000 ____D () C:\Users\VNN\AppData\Local\Apps\2.0
2014-09-10 11:28 - 2013-01-24 23:51 - 00000000 ____D () C:\Users\VNN\AppData\Local\Google
2014-09-10 11:28 - 2013-01-24 23:51 - 00000000 ____D () C:\Users\VNN\AppData\Local\BioExcess
2014-09-10 11:28 - 2012-11-04 15:01 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\LifeSignMini
2014-09-10 11:28 - 2012-10-15 14:09 - 00000000 ____D () C:\Users\NLK\AppData\Roaming\Real
2014-09-10 11:28 - 2012-10-10 23:01 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Mozilla
2014-09-10 11:28 - 2012-10-07 23:48 - 00000000 ____D () C:\Users\NLK\AppData\Roaming\vlc
2014-09-10 11:28 - 2012-10-07 12:16 - 00000000 ____D () C:\Users\NLK\AppData\Roaming\SoftGrid Client
2014-09-10 11:28 - 2012-10-06 19:00 - 00000000 ____D () C:\Users\NLK\AppData\Roaming\OpenOffice.org
2014-09-10 11:28 - 2012-10-06 12:12 - 00000000 ____D () C:\Users\NLK\AppData\Roaming\Mozilla
2014-09-10 11:28 - 2012-10-06 12:12 - 00000000 ____D () C:\Users\NLK\AppData\Local\Mozilla
2014-09-10 11:28 - 2012-10-06 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-10 11:28 - 2012-10-06 09:33 - 00000000 ____D () C:\Users\NLK\AppData\Local\Jaksta_Technologies_Pty_L
2014-09-10 11:28 - 2012-10-03 19:58 - 00000000 ____D () C:\Users\NLK\AppData\Local\Google
2014-09-10 11:28 - 2012-10-03 07:46 - 00000000 ____D () C:\Users\NLK\AppData\Local\BioExcess
2014-09-10 11:28 - 2012-10-02 12:34 - 00000000 ____D () C:\Users\VNN\AppData\Roaming\OpenOffice.org
2014-09-10 11:28 - 2012-10-02 11:21 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-10 11:28 - 2012-09-28 11:23 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Mozilla
2014-09-10 11:28 - 2012-08-18 15:59 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Jaksta_Technologies_Pty_L
2014-09-10 11:28 - 2012-06-17 10:39 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\dvdcss
2014-09-10 11:28 - 2012-06-17 10:37 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\vlc
2014-09-10 11:28 - 2012-05-06 18:04 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-10 11:28 - 2012-05-04 00:37 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Downloaded Installations
2014-09-10 11:28 - 2012-04-20 19:07 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\hte
2014-09-10 11:28 - 2012-04-20 14:31 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Actel
2014-09-10 11:28 - 2012-04-20 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synopsys
2014-09-10 11:28 - 2012-04-20 13:51 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Synplicity
2014-09-10 11:28 - 2012-03-17 00:10 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Lenovo Security Suite
2014-09-10 11:28 - 2012-01-08 16:45 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\OpenOffice.org
2014-09-10 11:28 - 2012-01-08 16:32 - 00000000 ____D () C:\Users\Narayana\AppData\Local\CyberLink
2014-09-10 11:28 - 2011-12-20 02:47 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\Adobe
2014-09-10 11:28 - 2011-12-18 23:12 - 00000000 ____D () C:\Users\Narayana\AppData\Roaming\SoftGrid Client
2014-09-10 11:28 - 2011-12-17 12:13 - 00000000 ____D () C:\Users\Narayana\AppData\Local\VirtualStore
2014-09-10 11:28 - 2011-12-17 12:12 - 00000000 ___RD () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-10 11:28 - 2011-12-17 12:12 - 00000000 ___RD () C:\Users\Narayana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-10 11:28 - 2011-10-20 15:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-10 11:26 - 2012-10-03 07:49 - 00000000 ____D () C:\Users\NLK\AppData\Roaming\Dropbox
2014-09-10 11:25 - 2014-03-01 21:02 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Skype
2014-09-10 11:25 - 2012-01-04 14:44 - 00000000 ____D () C:\Users\Narayana\AppData\Local\Microsoft Games
2014-09-10 11:22 - 2012-04-20 13:42 - 00000000 ____D () C:\Actel
2014-09-10 00:30 - 2014-09-09 23:50 - 06010880 _____ () C:\Program Files (x86)\GUTFB5F.tmp
2014-09-09 23:49 - 2014-09-09 23:17 - 00077848 _____ () C:\Users\Narayana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-09 16:46 - 2011-02-22 17:12 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-08 23:19 - 2012-10-02 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 10:49 - 2012-11-22 11:00 - 00000000 ____D () C:\windows\WinActive
2014-09-08 10:31 - 2014-02-12 10:55 - 00000000 ____D () C:\Users\Narayana\Desktop\kusum
2014-09-08 10:30 - 2014-02-12 10:56 - 00000000 ____D () C:\Users\Narayana\Desktop\venkat
2014-09-08 10:01 - 2014-09-08 10:01 - 00000687 _____ () C:\awhE714.tmp
2014-09-08 09:55 - 2009-07-14 08:04 - 00000505 _____ () C:\windows\win.ini
2014-09-06 15:06 - 2012-10-02 11:24 - 00000000 ___RD () C:\Users\Narayana\Dropbox
2014-09-05 22:58 - 2014-09-05 21:26 - 00018951 _____ () C:\Users\Narayana\Downloads\Stocks.ods
2014-09-05 10:06 - 2014-09-05 10:06 - 00000687 _____ () C:\awh6A47.tmp
2014-09-05 07:40 - 2014-09-11 07:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 07:35 - 2014-09-11 07:10 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-05 00:32 - 2012-01-08 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-30 06:24 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\rescache
2014-08-29 12:51 - 2009-07-14 10:15 - 00315456 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 12:00 - 2014-08-29 12:00 - 00000687 _____ () C:\awh4068.tmp
2014-08-23 07:37 - 2014-08-28 13:28 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 07:15 - 2014-08-28 13:28 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 06:29 - 2014-08-28 13:28 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 16:33 - 2014-08-22 16:26 - 00448704 _____ () C:\Users\Narayana\Downloads\FlashPlayer__2937_i1206192150_il36.exe
2014-08-22 16:26 - 2014-08-22 16:25 - 01922200 _____ () C:\Users\Narayana\Downloads\iLividSetup-r1543-n-bc.exe
2014-08-21 12:38 - 2014-03-15 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-08-20 01:11 - 2014-08-20 01:11 - 00108544 _____ () C:\windows\SysWOW64\hfnapi.dll
2014-08-19 23:35 - 2014-09-11 23:29 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 23:09 - 2014-09-11 23:29 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-19 15:32 - 2014-08-19 15:31 - 00096768 _____ () C:\Users\Narayana\Downloads\Stocks.xls
2014-08-19 04:31 - 2014-09-11 23:29 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 03:59 - 2014-09-11 23:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-19 03:59 - 2014-09-11 23:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-19 03:56 - 2014-09-11 23:29 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-19 03:50 - 2014-09-11 23:29 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-19 03:49 - 2014-09-11 23:29 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-19 03:45 - 2014-09-11 23:29 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-19 03:45 - 2014-09-11 23:29 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-19 03:44 - 2014-09-11 23:29 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-19 03:44 - 2014-09-11 23:29 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-19 03:38 - 2014-09-11 23:29 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-19 03:38 - 2014-09-11 23:29 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-19 03:38 - 2014-09-11 23:29 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-19 03:35 - 2014-09-11 23:29 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-19 03:33 - 2014-09-11 23:29 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-19 03:33 - 2014-09-11 23:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-19 03:33 - 2014-09-11 23:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-19 03:27 - 2014-09-11 23:29 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-19 03:26 - 2014-09-11 23:29 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-19 03:21 - 2014-09-11 23:29 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-19 03:16 - 2014-09-11 23:29 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-19 03:15 - 2014-09-11 23:29 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 03:15 - 2014-09-11 23:29 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-19 03:14 - 2014-09-11 23:29 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-19 03:14 - 2014-09-11 23:29 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-19 03:12 - 2014-09-11 23:29 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-19 03:10 - 2014-09-11 23:29 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-19 03:09 - 2014-09-11 23:29 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-19 03:09 - 2014-09-11 23:29 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-19 03:09 - 2014-09-11 23:29 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-19 03:08 - 2014-09-11 23:29 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-19 03:07 - 2014-09-11 23:29 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-19 03:06 - 2014-09-11 23:29 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-19 03:05 - 2014-09-11 23:29 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-19 02:57 - 2014-09-11 23:29 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-19 02:55 - 2014-09-11 23:29 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-19 02:55 - 2014-09-11 23:29 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-19 02:53 - 2014-09-11 23:29 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-19 02:53 - 2014-09-11 23:29 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-19 02:52 - 2014-09-11 23:29 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 02:49 - 2014-09-11 23:29 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-19 02:47 - 2014-09-11 23:29 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-19 02:47 - 2014-09-11 23:29 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-19 02:46 - 2014-09-11 23:29 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-19 02:45 - 2014-09-11 23:29 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-19 02:45 - 2014-09-11 23:29 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-19 02:39 - 2014-09-11 23:29 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-19 02:38 - 2014-09-11 23:29 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-19 02:37 - 2014-09-11 23:29 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-19 02:25 - 2014-09-11 23:29 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-19 02:16 - 2014-09-11 23:29 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-19 02:08 - 2014-09-11 23:29 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-19 02:08 - 2014-09-11 23:29 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-19 02:06 - 2014-09-11 23:29 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-17 14:01 - 2012-10-02 11:24 - 00001332 _____ () C:\Users\Narayana\Desktop\Dropbox.lnk
2014-08-17 13:51 - 2012-09-01 12:31 - 00000000 ___RD () C:\Users\Narayana\Virtual Machines
2014-08-13 04:30 - 2014-08-13 04:30 - 04575232 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
 
Some content of TEMP:
====================
C:\Users\Narayana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwcjael.dll
C:\Users\Narayana\AppData\Local\Temp\drvinst-1.exe
C:\Users\Narayana\AppData\Local\Temp\GUR24BF.exe
C:\Users\Narayana\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Narayana\AppData\Local\Temp\Quarantine.exe
C:\Users\Narayana\AppData\Local\Temp\VSUSetup.exe
C:\Users\NLK\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\NLK\AppData\Local\Temp\SearchWithGoogleUpdate.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-30 05:35
 
==================== End Of Log ============================
 
 
 
 

AdwCleaner_Scan.txt

AdwCleaner_Post Clean.txt

Addition.txt

Link to post
Share on other sites

  • Replies 84
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Dear Mr Charlie, 

 

Thanks for taking up my case...

 

I have run the following steps in "normal" mode. 

 

1. I have run the threat scan with the settings you recommended. It asked for a restart...I didn't as I was afraid that it would go back into the boot loop as I experienced earlier. I exported the log in .txt file.

2. I created a system restore point for both C and D drives when the Malwarebytes was performing a scan. It successfully created the restore point. 

3. Then with the Malware bytes tool open and the chrome browser open...I ran the roguekiller 64 bit app. It created the report in a .txt format

4. Then I re-read your post to find that you asked to close all applications and run the roguekiller....so I closed the malwarebytes and the chrome browser. Then I re-ran the roguekiller. It created the report again...

 

Now when I tried to open the chrome browser to post the log files...the computer became very slow and i could not open chrome browser. I tried to open the internet explorer...even this failed. I tried to open windows explorer...it opened after a long time and navigating in it was almost impossible. I thought of plugging in my USB reader and picking up the .txt logs.....but it is not letting me do it...

 

I am posting this from another computer. Please help...

 

1. Should I have used safe mode with networking to do all the above?

2. Or is it because that I ran adwCleaner yesterday before doing the Farbar Recovery Scan tool and the steps you suggested?

 

Please advise

Regards

Venkat

Link to post
Share on other sites

Hi Charlie, 

 

After 2-3 hrs, suddenly my computer came back to life...miraculously...

 

The mbam log file is given below...

--------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12-09-2014
Scan Time: 19:39:56
Logfile: mbam_scan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.12.03
Rootkit Database: v2014.09.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Narayana
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437458
Time Elapsed: 20 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.Wajam.A, HKU\S-1-5-21-3764160811-827429215-546219179-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [80435795403be94de358fc8d857d5fa1], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3764160811-827429215-546219179-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [80435795403be94de358fc8d857d5fa1], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3764160811-827429215-546219179-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [992afcf0e398ad893361374c7989df21], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3764160811-827429215-546219179-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [992afcf0e398ad893361374c7989df21], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-3764160811-827429215-546219179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [ab18f8f43c3f04320a9756a6b052d927], 
 
Registry Values: 3
PUP.Optional.Softomate.A, HKU\S-1-5-21-3764160811-827429215-546219179-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [2e95915bdaa1ef47bac469197e841de3], 
PUP.Optional.Softomate.A, HKU\S-1-5-21-3764160811-827429215-546219179-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [2e95915bdaa1ef47bac469197e841de3], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-3764160811-827429215-546219179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [ab18f8f43c3f04320a9756a6b052d927]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.Wajam.A, C:\Users\NLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [e9dab23a9be079bdfc8e39984eb40ff1], 
PUP.Optional.FlashEnhancer.A, C:\Users\Narayana\AppData\Local\Temp\flashEnhancer1, Quarantined, [23a055974d2e132328d525adf80aeb15], 
PUP.Optional.FlashEnhancer.A, C:\Users\Narayana\AppData\Local\Temp\flashEnhancer1\Install, Quarantined, [23a055974d2e132328d525adf80aeb15], 
 
Files: 3
PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfnapi.dll, Quarantined, [348f1ad252294beb0834c4f61ae7dc24], 
PUP.Optional.FlashEnhancer.A, C:\Users\Narayana\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe, Quarantined, [23a055974d2e132328d525adf80aeb15], 
PUP.Optional.FlashEnhancer.A, C:\Users\Narayana\AppData\Local\Temp\flashEnhancer1\Install\Lightspark-0.5.3-win32.exe, Quarantined, [23a055974d2e132328d525adf80aeb15], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

---------------------------------------------------------------------------------------------

 

then Roguekiller was run with Malwarebytes and chrome running....this log is attached...RKreport_SCN_1

 

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Narayana [Admin rights]
Mode : Scan -- Date : 09/12/2014  20:19:20
 
¤¤¤ Bad processes : 1 ¤¤¤
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 17 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Narayana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Narayana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4211EA7C-4D4E-4BBA-8EB7-EF3E9A7AE652} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD22F375-FBD0-4129-B12C-6B7DD6826435} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4211EA7C-4D4E-4BBA-8EB7-EF3E9A7AE652} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD22F375-FBD0-4129-B12C-6B7DD6826435} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4211EA7C-4D4E-4BBA-8EB7-EF3E9A7AE652} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD22F375-FBD0-4129-B12C-6B7DD6826435} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> FOUND
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-24JJ5T0 +++++
--- User ---
[MBR] 9ac9b798d867beef87a2c30f8a27e1ea
[bSP] 7492fdeec8ee4af631ff5ff3ac6b46a8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 260243 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK

 

---------------------------------------------------------------------------------------------------------------------------------------

 

Then malwarebytes and chrome browsers were closed and the Rogue killer was re-run...The log is given below

 

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Narayana [Admin rights]
Mode : Scan -- Date : 09/12/2014  20:29:38
 
¤¤¤ Bad processes : 1 ¤¤¤
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 17 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Narayana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Narayana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4211EA7C-4D4E-4BBA-8EB7-EF3E9A7AE652} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD22F375-FBD0-4129-B12C-6B7DD6826435} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4211EA7C-4D4E-4BBA-8EB7-EF3E9A7AE652} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD22F375-FBD0-4129-B12C-6B7DD6826435} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4211EA7C-4D4E-4BBA-8EB7-EF3E9A7AE652} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD22F375-FBD0-4129-B12C-6B7DD6826435} | DhcpNameServer : 8.26.56.26 8.20.247.20  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3764160811-827429215-546219179-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> FOUND
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-24JJ5T0 +++++
--- User ---
[MBR] 9ac9b798d867beef87a2c30f8a27e1ea
[bSP] 7492fdeec8ee4af631ff5ff3ac6b46a8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 260243 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK
 
---------------------------------------------------------------------------------------------------------------
 
 
I think the second rogue killer scan effected the browsers badly...but I can't explain how they came back to life after 2-3 hrs  :(
Mozilla already is disabled somehow...whenever i try to open it pops up "Couldn't load XPCOM"......
 
Hope these logs help you...
 
Have a great day
Venkat
 
 

 

 

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ===========================

    (Please download a fresh copy)

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please run a Threat Scan

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    MrC

Link to post
Share on other sites

Dear Mr. Charlie,

 

1. I have completed running delfix after creating a system restore point. 

2. I have downloaded the AdwCleaner and scanned the system. I am posting the contents of AdwCleaner[R0].txt...just want to check with you before I run the "Clean" button...do I have to save any files/folders?

 

I shall perform the other steps once I get a "go" from you....

 

 

 

# AdwCleaner v3.310 - Report created 12/09/2014 at 23:45:07
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Narayana - NARAYANA-PC
# Running from : C:\Users\Narayana\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\NLK\AppData\Local\Google\Chrome\User Data\Default\Extensions\edhilgpnlmgniclikjhefmadegchepcg
Folder Found : C:\Users\NLK\AppData\LocalLow\HPAppData
Folder Found : C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\edhilgpnlmgniclikjhefmadegchepcg
Folder Found : C:\Users\VNN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edhilgpnlmgniclikjhefmadegchepcg
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\Narayana\AppData\Roaming\Mozilla\Firefox\Profiles\pq1stmg3.default\prefs.js ]
 
 
[ File : C:\Users\NLK\AppData\Roaming\Mozilla\Firefox\Profiles\ya92i6l2.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Narayana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3043 octets] ##########
 
 
 
Regards
Venkat
Link to post
Share on other sites

Dear Mr. Charlie, 

 

When I tried to clean those...the AdwCleaner asked me to reboot....

My computer is stuck at the reboot stage...after the login screen a black screen appears...

I tried ctrl+alt+del....but it is not working....

 

what should I do? Should I wait 2-3 hrs and expect a miracle or ???

 

Regards

Venkat

Link to post
Share on other sites

No luck Mr. Charlie. It just does the same. I tried 2-3 times...On one occassion, after repeatedly pressing ctrl+alt+del, a dialog box comes on the black screenn 

 

"The logon process was unable to display security and logon options when ctrl+alt+del was pressed. If the operating system does not respond, press Esc or restart the computer by using the power switch"

 

So,  I press esc...and somehow it comes to the desktop...Near the system tray (bottom right) i observe a message...saying "windows is not genuine or something like that"...but beyond that nothing can be done...it just gets stuck on the desktop screen....this is the best result i could get :)

 

Regards 

Venkat

Link to post
Share on other sites

Dear Mr. Charlie, 

 

Happy to see that system always reboots in safe mode. That gives some confidence :)

 

I am taking the computer to the Pre Delfix scan state. Or do you want me to take to a restore point much earlier for say...before we ran the MBAM scan?

 

This rebooting problem started whenever I tried to delete dolphin deals...especially restart after some scan (AdwCleaner or MBAM)...it never happened before...

 

So tell me which restore point I should use?

 

Regards

Venkat

Link to post
Share on other sites

Dear Mr Charlie, 

 

When I woke and saw my computer...there was this message again near the system tray (bottom right corner) "Windows 7 Build 7601 This copy of Windows is not genuine"....I can't do anything on the system though....somehow adwCleaner and/or mbam are removing files that are important for reboot :(

 

Ok, I'll reboot and see...if it doesn't reboot...there is no other option but to go to safe mode and system restore to the pre mbam scan state...

 

Regards

Venkat

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ============================

    Uninstall all of these if possible: (and any other programs you didn't install or don't recognize)

  • Buzzdock 

    Dolphin Deals 

    flash-Enhancer

    istartsurf uninstall

    OffersWizard Network System Driver 

    Software Version Updater 

    Wajam 

    YourFileDownloader 

    You can use Revo Uninstaller Free to ease the process if needed:

    Please download and install Revo Uninstaller Free

    http://www.revouninstaller.com/start_freeware_download.html

    Double click Revo Uninstaller to run it.

    From the list of programs double click on The Program to remove

    When prompted if you want to uninstall click Yes.

    Be sure the Moderate option is selected then click Next.

    The program will run, If prompted again click Yes

    when the built-in uninstaller is finished click on Next.

    Once the program has searched for leftovers click Next.

    Check/tick the bolded items only on the list then click Delete

    when prompted click on Yes and then on next.

    put a check on any folders that are found and select delete

    when prompted select yes then on next

    Once done click Finish.

    ==============================

    Download and run Avast Browser Cleanup, see if it detects any bad items. If so have the program delete them.

    ==============================

    Run AdwCleaner, but don't delete anything....just get the log and post it back here.

    MrC

Link to post
Share on other sites

Dear Mr Charlie,

 

I have run Delfix.

 

However I have some interesting things to report during the malefic program uninstallation...

1. When I installed and opened Revo uninstaller...Buzzdock and Dolphin Deals were missing in the list. When I opened the control panel > Program & features, these two were listed. When I tried to uninstall from this location...I get the pop up message " An error occurred while trying to uninstall Buzzdock. It may have already been uninstalled. Would you like to remove from the programs and features list? " I clicked Yes for Buzzdock and Dolphin deals.

 

But there is a folder "Dolphin Deals" in C:\Program Files (x86). It had the following contents

Bin folder and files such as 7za, DolphinDeals (icon), DolphinDealsBHO.dll (application extension), DolphinDealsUn (Application), DolphinDealsUninstall (Application), updateDolphinDeals (application). I didn't touch any of these files...

 

I couldn't find something similar for Buzzdock...but it maybe lurking somewhere...

 

2. I could uninstall the other items given in the list using Revo uninstaller. Of course for some of them (except wajam, istartsurf uninstall), I got the popup message " Running the application's uninstaller failed! Possible invalid uninstall command!" I just proceeded and uninstalled them as per your instructions

 

3. Even after uninstalling istartsurf....it still comes as the home page in IE browser !!

 

I shall wait for your input before proceeding to the next steps

 

Regards

Venkat

 

PS: I could not copy /paste text from my notepad / Word application....while posting here...I tried all options....anyways!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.