Jump to content

cdn.zeusclicks.com


minotaur

Recommended Posts

Hello - I accidentally clicked on a link relating "update java" and of course, it went and ingratiated itself with the computer.

I have had a rather nightmare of a time trying to get rid of various unwanted stuff ie Adware mainly

 

Its still not completely clear - Unfortunately.

 

Most of the stuff on other links I have ultimately blocked by amending the host file

 

On a shopping website i am still getting dynamic pricer ads which i am still trying to get rid of. While fiddling around , I noticed that the Anti-Malware Premium program has on its options menu has got a prompt " Add (cdn.zeusclicks.com) to Web Exclusions"

Having searched the web, it does appear to be a malicious addition

 

While trying to get rid of it, I came to the forums here

 

https://forums.malwarebytes.org/index.php?/topic/152084-computer-infected-with-cdnzeusclickscom/

 

Unfortunately, the person who had started the topic, has not mentioned how he got rid of it

 

Hence , here I am.

I have followed what was initially asked ie logs etc on that post

 

 

 

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

  • Press Scan button.

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply [ Pasted the log below ]

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. [ File attached ]

 

 

and

 

 

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingc...ad/roguekiller/

 

 

  •  

  • Quit all running programs.

     

  • For Windows XP, double-click to start.

     

  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.

     

  • Read and accept the EULA (End User Licene Agreement)

     

  • Click Scan to scan the system.

     

  • When the scan completes Close the program > Don't Fix anything!

     

  • Post back the report which should be located on your desktop [ Pasted below ]

 

 

===========================================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Rohit (administrator) on ROHIT-PC on 27-09-2014 10:31:01
Running from C:\Users\Rohit\Downloads
Loaded Profiles: Rohit & Administrator & Guest & DefaultAppPool (Available profiles: Rohit & Administrator & Guest & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link Tray Agent.exe
(Livedrive Internet Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [596320 2014-08-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [update Service] => C:\Program Files (x86)\Common Files\Teknum Systems\update.exe [19456 2013-04-01] (Teknum Systems AS)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1842840 2014-07-24] (Livedrive Internet Ltd)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BackupOverlay -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: LivedriveDownloadOverlay -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSharedOverlay -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSyncedOverlay -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveUploadOverlay -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 16 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 16 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854}: [NameServer] 81.218.119.15,199.203.35.75
Tcpip\..\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4}: [NameServer] 81.218.119.15,199.203.35.75
Tcpip\..\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F}: [NameServer] 5.79.84.141,8.38.77.107

FireFox:
========
FF ProfilePath: C:\Users\Rohit\AppData\Roaming\Mozilla\Firefox\Profiles\33t98iq6.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rohit\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Rohit\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin -> C:\Users\Rohit\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rohit\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rohit\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Rohit\AppData\Roaming\Mozilla\Firefox\Profiles\33t98iq6.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Rohit\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Rohit\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Rohit\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Rohit\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-04] (Fork Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2014-07-24] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-03-28] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-12-02] (Trusteer Ltd.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [604512 2014-08-13] (Copyright 2013 SAMSUNG)
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282648 2013-12-02] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316248 2013-12-02] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397784 2013-12-02] (Trusteer Ltd.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63776 2013-05-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-07] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
U3 a32r71pa; C:\Windows\System32\Drivers\a32r71pa.sys [0 ] (Advanced Micro Devices)
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 10:31 - 2014-09-27 10:31 - 00021489 _____ () C:\Users\Rohit\Downloads\FRST.txt
2014-09-27 10:30 - 2014-09-27 10:31 - 00000000 ____D () C:\FRST
2014-09-27 10:30 - 2014-09-27 10:30 - 04893784 _____ () C:\Users\Rohit\Downloads\RogueKiller.exe
2014-09-27 10:29 - 2014-09-27 10:29 - 02108928 _____ (Farbar) C:\Users\Rohit\Downloads\FRST64.exe
2014-09-27 08:44 - 2014-09-27 08:44 - 00000000 __RHD () C:\MSOCache
2014-09-25 22:20 - 2014-09-25 20:57 - 00001479 _____ () C:\Users\Rohit\Documents\indexfile.txt
2014-09-25 22:18 - 2014-09-25 22:18 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-25 22:18 - 2014-09-25 22:18 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-25 22:18 - 2014-09-25 22:18 - 00001147 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2014-09-25 22:18 - 2014-09-25 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 22:09 - 2014-09-25 22:09 - 00001549 _____ () C:\Users\Rohit\Documents\hosts.txt
2014-09-25 21:14 - 2014-09-25 21:14 - 00003205 _____ () C:\Users\Rohit\Desktop\Sophos Virus Removal Tool.lnk
2014-09-25 21:14 - 2014-09-25 21:14 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-09-25 21:14 - 2014-09-25 21:14 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-25 21:09 - 2014-09-25 21:09 - 98298376 _____ (Sophos Limited) C:\Users\Rohit\Downloads\Sophos Virus Removal Tool.exe
2014-09-25 20:59 - 2014-09-25 20:59 - 00000000 ____D () C:\Users\Rohit\Desktop\Old Firefox Data
2014-09-25 18:59 - 2014-09-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-25 18:57 - 2014-09-25 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-25 18:56 - 2014-09-25 18:56 - 21543568 _____ () C:\WindowsMSYH.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 21302624 _____ () C:\WindowsMSJH.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 14381616 _____ () C:\WindowsMSYHBD.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 14343024 _____ () C:\WindowsMSJHBD.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 01382640 _____ () C:\WindowsNIRMALA.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 01334012 _____ () C:\WindowsNIRMALAB.tt2
2014-09-25 18:38 - 2014-09-25 18:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-09-25 18:34 - 2014-09-25 18:34 - 01054896 _____ (Microsoft Corporation) C:\Users\Rohit\Downloads\Setup.x86.en-US_ProPlusRetail_R8NM7-7YD7V-P2GX3-9J9P3-8K6XQ_act_1_.exe
2014-09-25 18:33 - 2014-09-25 18:33 - 01447600 _____ (Microsoft Corporation) C:\Users\Rohit\Downloads\Setup.x64.en-US_ProPlusRetail_R8NM7-7YD7V-P2GX3-9J9P3-8K6XQ_act_1_.exe
2014-09-24 23:48 - 2014-09-24 23:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-24 23:37 - 2014-09-24 23:37 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Lavasoft
2014-09-24 23:20 - 2014-09-25 00:20 - 00002265 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-09-24 23:20 - 2014-09-25 00:20 - 00002265 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2014-09-24 23:20 - 2014-09-24 23:20 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\LavasoftStatistics
2014-09-24 23:19 - 2014-09-24 23:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-24 23:18 - 2014-09-24 23:18 - 02806920 _____ () C:\Users\Rohit\Downloads\Adaware_Installer (1).exe
2014-09-24 23:18 - 2014-09-24 23:18 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-09-24 23:16 - 2014-09-24 23:17 - 02806920 _____ () C:\Users\Rohit\Downloads\Adaware_Installer.exe
2014-09-24 19:33 - 2014-09-24 19:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rohit\Downloads\revosetup.exe
2014-09-24 13:00 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 13:00 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 22:08 - 2014-09-23 22:08 - 00000000 ____D () C:\ProgramData\LockHunter
2014-09-23 21:46 - 2014-09-23 21:46 - 00000000 ____D () C:\Users\Rohit\Documents\Super Optimizer
2014-09-23 21:46 - 2014-09-23 21:46 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Super Optimizer
2014-09-23 21:46 - 2014-09-23 21:46 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-23 21:42 - 2014-09-01 19:28 - 00350768 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect64.dll
2014-09-23 21:42 - 2014-09-01 19:28 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll
2014-09-23 21:41 - 2014-09-24 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-23 21:41 - 2014-09-23 21:41 - 00001019 _____ () C:\Users\Guest\Desktop\PepperZip.lnk
2014-09-23 21:41 - 2014-09-23 21:41 - 00001019 _____ () C:\Users\Administrator\Desktop\PepperZip.lnk
2014-09-23 21:41 - 2014-09-23 21:41 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-23 18:33 - 2014-09-23 18:33 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Tracker Software
2014-09-21 19:50 - 2014-09-27 09:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 19:50 - 2014-09-21 19:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 19:50 - 2014-09-21 19:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-21 19:50 - 2014-09-21 19:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 19:47 - 2014-09-21 19:47 - 01055936 ____N (Adobe) C:\Users\Rohit\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe
2014-09-21 19:31 - 2014-09-21 19:35 - 37782816 _____ (Foxit Corporation ) C:\Users\Rohit\Downloads\FoxitReader623.815_prom_enu_Setup.exe
2014-09-21 19:17 - 2014-09-21 19:17 - 01057488 ____N (Adobe) C:\Users\Rohit\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-09-21 19:11 - 2014-09-21 19:11 - 01057488 ____N (Adobe) C:\Users\Rohit\Downloads\install_reader11_en_mssd_aaa_aih (1).exe
2014-09-21 18:47 - 2014-09-21 18:47 - 01057488 ____N (Adobe) C:\Users\Rohit\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-09-21 11:21 - 2014-09-21 11:21 - 00000000 _____ () C:\Users\Rohit\Documents\FAP5B43.tmp
2014-09-21 11:21 - 2014-09-21 11:21 - 00000000 _____ () C:\Users\Rohit\Documents\FAP458F.tmp
2014-09-21 11:20 - 2014-09-21 11:20 - 00000000 _____ () C:\Users\Rohit\Documents\FAP4EFF.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAPFF31.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP8A.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP800.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP6F4.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP5BA.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP3074.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP2F5A.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP246F.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP23C2.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP2288.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP1711.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP1589.tmp
2014-09-21 09:06 - 2014-09-21 09:06 - 00000000 _____ () C:\Users\Rohit\Documents\FAPC8E2.tmp
2014-09-21 09:06 - 2014-09-21 09:06 - 00000000 _____ () C:\Users\Rohit\Documents\FAP79F6.tmp
2014-09-21 08:51 - 2014-09-21 08:51 - 00000000 _____ () C:\Users\Rohit\Documents\FAP7A13.tmp
2014-09-21 06:19 - 2014-09-21 06:19 - 00001909 _____ () C:\Users\Public\Desktop\DxO Optics Pro 9.lnk
2014-09-21 06:19 - 2014-09-21 06:19 - 00001909 _____ () C:\ProgramData\Desktop\DxO Optics Pro 9.lnk
2014-09-21 06:19 - 2014-09-21 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO Optics Pro 9
2014-09-20 09:10 - 2014-09-20 09:10 - 00003150 _____ () C:\Windows\System32\Tasks\{F1D12438-3CB9-493A-AC0F-6F34BBFFD810}
2014-09-20 09:09 - 2014-09-20 09:15 - 00362029 _____ () C:\Users\Rohit\Downloads\sqlite3.dll
2014-09-20 08:45 - 2014-09-20 08:45 - 00000000 ____D () C:\MATS
2014-09-20 08:43 - 2014-09-20 08:43 - 00003088 _____ () C:\Windows\System32\Tasks\{A5253506-57A1-489D-8370-7104B12BBFC7}
2014-09-19 18:33 - 2014-09-19 18:33 - 00003088 _____ () C:\Windows\System32\Tasks\{95AD26F6-2DDE-4820-B992-FFE061F5AF72}
2014-09-19 18:32 - 2014-09-19 18:32 - 00003088 _____ () C:\Windows\System32\Tasks\{D742884A-1D66-4B6E-A38A-0560DC2E0E9A}
2014-09-18 10:01 - 2014-09-18 10:01 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-18 10:01 - 2014-09-18 10:01 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-18 10:01 - 2014-09-18 10:01 - 00001090 _____ () C:\ProgramData\Desktop\TeamViewer 9.lnk
2014-09-12 03:11 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:11 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:11 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:11 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:11 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:11 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:11 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:11 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:11 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:11 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:11 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:11 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:11 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:11 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:11 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:11 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:11 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:11 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:11 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:11 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:11 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:11 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:11 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:11 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:11 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:11 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:11 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:11 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:11 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:11 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:11 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:11 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:11 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:11 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:11 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:11 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:11 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:11 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:11 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:11 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:11 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:11 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:11 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:11 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:11 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:11 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:11 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:11 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:11 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:11 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:11 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:11 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:11 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:11 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:11 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:11 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:00 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:00 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 12:51 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 12:51 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 12:51 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 12:51 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 12:51 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 12:51 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 12:51 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 12:51 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 12:51 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 12:51 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 12:51 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-05 00:37 - 2014-09-05 08:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 22:07 - 2014-08-29 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-08-29 22:07 - 2014-08-29 22:07 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-08-28 20:57 - 2014-08-29 22:09 - 00001376 _____ () C:\Users\Rohit\Desktop\Samsung Link aniceminotaur1967@yahoo.co.uk.lnk
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Users\Rohit\Samsung Link
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Users\Rohit\.swt
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Upload
2014-08-28 20:54 - 2014-08-28 20:55 - 91916640 _____ (Copyright 2013 SAMSUNG) C:\Users\Rohit\Downloads\SamsungLink_Installer64.exe
2014-08-28 08:53 - 2014-08-28 08:53 - 03367448 _____ (PortableApps.com) C:\Users\Rohit\Downloads\PortableApps.com_Platform_Setup_12.0.1.paf.exe
2014-08-28 02:11 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 02:11 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 02:11 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 10:29 - 2013-05-03 13:15 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-09-27 10:18 - 2014-05-03 19:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 10:13 - 2013-10-24 14:52 - 00000292 _____ () C:\Windows\Tasks\DigitalSite.job
2014-09-27 10:07 - 2013-04-01 01:17 - 01128899 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 10:00 - 2013-03-31 17:48 - 00000000 ____D () C:\Users\Rohit\Documents\Outlook Files
2014-09-27 00:28 - 2013-11-24 22:59 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-25 23:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 22:36 - 2009-07-14 05:45 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 22:36 - 2009-07-14 05:45 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 22:34 - 2009-07-14 06:13 - 00875008 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 22:31 - 2013-08-21 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-09-25 22:29 - 2014-01-03 17:30 - 00001051 _____ () C:\Windows\SysWOW64\bash.exe.stackdump
2014-09-25 22:29 - 2013-11-22 00:49 - 00000000 ____D () C:\Temp
2014-09-25 22:28 - 2014-08-18 14:54 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-25 22:28 - 2013-04-01 22:40 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-25 22:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 22:28 - 2009-07-14 05:45 - 00490608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-25 22:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-09-25 22:18 - 2014-04-25 08:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 21:56 - 2013-12-21 19:30 - 00007568 _____ () C:\Windows\wininit.ini
2014-09-25 21:23 - 2013-06-23 00:30 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\vlc
2014-09-25 21:14 - 2013-12-26 20:07 - 00000000 ____D () C:\ProgramData\Sophos
2014-09-25 21:03 - 2014-03-01 09:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-25 21:03 - 2013-04-01 07:54 - 00000000 ___RD () C:\ProgramData\Skype
2014-09-25 20:55 - 2013-04-01 08:40 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Skype
2014-09-25 18:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 18:55 - 2013-03-31 17:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-24 23:58 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-24 23:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-24 23:48 - 2009-07-14 03:34 - 00000513 _____ () C:\Windows\win.ini
2014-09-24 23:37 - 2013-03-31 17:24 - 00000000 ____D () C:\Users\Rohit
2014-09-24 23:36 - 2013-04-01 15:16 - 00000000 ____D () C:\Users\Guest
2014-09-24 23:36 - 2013-04-01 07:28 - 00000000 ____D () C:\Users\Administrator
2014-09-24 23:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-09-24 21:27 - 2013-05-08 16:48 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\TeamViewer
2014-09-24 21:27 - 2013-04-01 22:59 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\uTorrent
2014-09-24 19:54 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\CSC
2014-09-23 21:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2014-09-21 18:58 - 2014-02-21 12:14 - 00000000 ____D () C:\Users\Rohit\Documents\My Digital Editions
2014-09-21 18:58 - 2013-04-01 14:54 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Adobe
2014-09-21 18:45 - 2013-04-08 19:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-21 06:21 - 2014-03-31 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO FilmPack 4
2014-09-21 06:19 - 2014-04-01 16:04 - 00000000 ____D () C:\Program Files\DxO Labs
2014-09-21 06:19 - 2013-12-21 21:36 - 00000000 ____D () C:\ProgramData\DxO Labs
2014-09-21 06:16 - 2014-03-31 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO ViewPoint 2
2014-09-20 08:58 - 2013-04-01 17:12 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Bitcoin
2014-09-20 08:03 - 2013-04-02 09:23 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-17 16:31 - 2013-12-15 23:43 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Armory
2014-09-15 09:06 - 2013-03-31 17:42 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:51 - 2014-07-31 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
2014-09-12 03:10 - 2013-07-25 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:10 - 2013-04-01 07:40 - 00858874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:01 - 2013-04-03 22:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:00 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 12:01 - 2013-09-30 21:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-05 08:25 - 2014-06-21 21:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 08:25 - 2014-06-21 21:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 02:01 - 2014-07-31 09:36 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\tor
2014-09-05 00:37 - 2013-04-01 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-05 00:37 - 2013-04-01 07:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 00:29 - 2013-04-25 08:43 - 00000000 ____D () C:\Windows\pss
2014-09-05 00:20 - 2014-06-21 21:01 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-05 00:20 - 2014-06-21 21:01 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-05 00:19 - 2013-11-05 10:05 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\ViberPC
2014-09-05 00:19 - 2010-06-15 17:50 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Dropbox
2014-09-04 11:12 - 2013-05-26 22:22 - 00000000 ____D () C:\Users\Rohit\.gimp-2.8
2014-09-03 18:46 - 2013-04-01 16:40 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Winamp
2014-09-03 16:37 - 2013-10-01 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RetroShare
2014-09-03 16:37 - 2013-04-02 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2014-08-28 20:57 - 2013-10-30 12:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-08-28 20:57 - 2013-04-29 20:04 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Samsung
2014-08-28 20:57 - 2013-04-29 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-28 20:57 - 2013-04-29 19:59 - 00000000 ____D () C:\ProgramData\Samsung

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:31

==================== End Of Log ============================

 

 

The relevant files I have attached. Also have attached a screenshot which is showing this prompt

 

 

 

================ Rogue killer Log =================

 

 

RogueKiller V9.2.13.0 [sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rohit [Admin rights]
Mode : Scan -- Date : 09/27/2014  11:11:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 39 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] DigitalSite.job -- C:\Users\Rohit\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\DigitalSite -- C:\Users\Rohit\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] gt3hdjm8.default : user_pref("network.proxy.http", "115.111.91.43"); -> FOUND
[PUM.Proxy][FIREFX:Config] gt3hdjm8.default : user_pref("network.proxy.http_port", 80); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 8dd7a50d701b286f4ae4fb986d301cea
[bSP] b2bbcd10da88414edda41a11ca5bf5a4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD154UI ATA Device +++++
--- User ---
[MBR] 4d97cb31f3618cbbd44dc697dc2bf719
[bSP] 438944f5d72fc1f43ab5544c19492a45 : Windows Vista/7/8 MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 14b8a6ea97c284b7fa7211f36e8b4f5a
[bSP] c0d33b49240a39279987362be9b41786 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

Hello - I accidentally clicked on a link relating "update java" and of course, it went and ingratiated itself with the computer.

I have had a rather nightmare of a time trying to get rid of various unwanted stuff ie Adware mainly

 

Its still not completely clear - Unfortunately.

 

Most of the stuff on other links I have ultimately blocked by amending the host file

 

On a shopping website i am still getting dynamic pricer ads which i am still trying to get rid of. While fiddling around , I noticed that the Anti-Malware Premium program has on its options menu has got a prompt " Add (cdn.zeusclicks.com) to Web Exclusions"

Having searched the web, it does appear to be a malicious addition

 

While trying to get rid of it, I came to the forums here

 

https://forums.malwarebytes.org/index.php?/topic/152084-computer-infected-with-cdnzeusclickscom/

 

Unfortunately, the person who had started the topic, has not mentioned how he got rid of it

 

Hence , here I am.

I have followed what was initially asked ie logs etc on that post

 

 

 

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

  • Press Scan button.

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply [ Pasted the log below ]

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. [ File attached ]

 

 

and

 

 

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingc...ad/roguekiller/

 

 

  •  

  • Quit all running programs.

     

  • For Windows XP, double-click to start.

     

  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.

     

  • Read and accept the EULA (End User Licene Agreement)

     

  • Click Scan to scan the system.

     

  • When the scan completes Close the program > Don't Fix anything!

     

  • Post back the report which should be located on your desktop [ Pasted below ]

 

 

===========================================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Rohit (administrator) on ROHIT-PC on 27-09-2014 10:31:01
Running from C:\Users\Rohit\Downloads
Loaded Profiles: Rohit & Administrator & Guest & DefaultAppPool (Available profiles: Rohit & Administrator & Guest & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link Tray Agent.exe
(Livedrive Internet Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [596320 2014-08-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [update Service] => C:\Program Files (x86)\Common Files\Teknum Systems\update.exe [19456 2013-04-01] (Teknum Systems AS)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1842840 2014-07-24] (Livedrive Internet Ltd)
HKU\S-1-5-21-777525085-2242243551-2312641307-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BackupOverlay -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: LivedriveDownloadOverlay -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSharedOverlay -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSyncedOverlay -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveUploadOverlay -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 16 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Winsock: Catalog9-x64 16 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854}: [NameServer] 81.218.119.15,199.203.35.75
Tcpip\..\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4}: [NameServer] 81.218.119.15,199.203.35.75
Tcpip\..\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F}: [NameServer] 5.79.84.141,8.38.77.107

FireFox:
========
FF ProfilePath: C:\Users\Rohit\AppData\Roaming\Mozilla\Firefox\Profiles\33t98iq6.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rohit\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Rohit\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin -> C:\Users\Rohit\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rohit\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rohit\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Rohit\AppData\Roaming\Mozilla\Firefox\Profiles\33t98iq6.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Rohit\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Rohit\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Rohit\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Rohit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Rohit\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-04] (Fork Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2014-07-24] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-03-28] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-12-02] (Trusteer Ltd.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [604512 2014-08-13] (Copyright 2013 SAMSUNG)
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282648 2013-12-02] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316248 2013-12-02] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397784 2013-12-02] (Trusteer Ltd.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63776 2013-05-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-07] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
U3 a32r71pa; C:\Windows\System32\Drivers\a32r71pa.sys [0 ] (Advanced Micro Devices)
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 10:31 - 2014-09-27 10:31 - 00021489 _____ () C:\Users\Rohit\Downloads\FRST.txt
2014-09-27 10:30 - 2014-09-27 10:31 - 00000000 ____D () C:\FRST
2014-09-27 10:30 - 2014-09-27 10:30 - 04893784 _____ () C:\Users\Rohit\Downloads\RogueKiller.exe
2014-09-27 10:29 - 2014-09-27 10:29 - 02108928 _____ (Farbar) C:\Users\Rohit\Downloads\FRST64.exe
2014-09-27 08:44 - 2014-09-27 08:44 - 00000000 __RHD () C:\MSOCache
2014-09-25 22:20 - 2014-09-25 20:57 - 00001479 _____ () C:\Users\Rohit\Documents\indexfile.txt
2014-09-25 22:18 - 2014-09-25 22:18 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-25 22:18 - 2014-09-25 22:18 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-25 22:18 - 2014-09-25 22:18 - 00001147 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2014-09-25 22:18 - 2014-09-25 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 22:09 - 2014-09-25 22:09 - 00001549 _____ () C:\Users\Rohit\Documents\hosts.txt
2014-09-25 21:14 - 2014-09-25 21:14 - 00003205 _____ () C:\Users\Rohit\Desktop\Sophos Virus Removal Tool.lnk
2014-09-25 21:14 - 2014-09-25 21:14 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-09-25 21:14 - 2014-09-25 21:14 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-25 21:09 - 2014-09-25 21:09 - 98298376 _____ (Sophos Limited) C:\Users\Rohit\Downloads\Sophos Virus Removal Tool.exe
2014-09-25 20:59 - 2014-09-25 20:59 - 00000000 ____D () C:\Users\Rohit\Desktop\Old Firefox Data
2014-09-25 18:59 - 2014-09-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-25 18:57 - 2014-09-25 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-25 18:56 - 2014-09-25 18:56 - 21543568 _____ () C:\WindowsMSYH.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 21302624 _____ () C:\WindowsMSJH.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 14381616 _____ () C:\WindowsMSYHBD.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 14343024 _____ () C:\WindowsMSJHBD.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 01382640 _____ () C:\WindowsNIRMALA.tt2
2014-09-25 18:56 - 2014-09-25 18:56 - 01334012 _____ () C:\WindowsNIRMALAB.tt2
2014-09-25 18:38 - 2014-09-25 18:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-09-25 18:34 - 2014-09-25 18:34 - 01054896 _____ (Microsoft Corporation) C:\Users\Rohit\Downloads\Setup.x86.en-US_ProPlusRetail_R8NM7-7YD7V-P2GX3-9J9P3-8K6XQ_act_1_.exe
2014-09-25 18:33 - 2014-09-25 18:33 - 01447600 _____ (Microsoft Corporation) C:\Users\Rohit\Downloads\Setup.x64.en-US_ProPlusRetail_R8NM7-7YD7V-P2GX3-9J9P3-8K6XQ_act_1_.exe
2014-09-24 23:48 - 2014-09-24 23:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-24 23:37 - 2014-09-24 23:37 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Lavasoft
2014-09-24 23:20 - 2014-09-25 00:20 - 00002265 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-09-24 23:20 - 2014-09-25 00:20 - 00002265 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2014-09-24 23:20 - 2014-09-24 23:20 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\LavasoftStatistics
2014-09-24 23:19 - 2014-09-24 23:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-24 23:18 - 2014-09-24 23:18 - 02806920 _____ () C:\Users\Rohit\Downloads\Adaware_Installer (1).exe
2014-09-24 23:18 - 2014-09-24 23:18 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-09-24 23:16 - 2014-09-24 23:17 - 02806920 _____ () C:\Users\Rohit\Downloads\Adaware_Installer.exe
2014-09-24 19:33 - 2014-09-24 19:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rohit\Downloads\revosetup.exe
2014-09-24 13:00 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 13:00 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 22:08 - 2014-09-23 22:08 - 00000000 ____D () C:\ProgramData\LockHunter
2014-09-23 21:46 - 2014-09-23 21:46 - 00000000 ____D () C:\Users\Rohit\Documents\Super Optimizer
2014-09-23 21:46 - 2014-09-23 21:46 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Super Optimizer
2014-09-23 21:46 - 2014-09-23 21:46 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-23 21:42 - 2014-09-01 19:28 - 00350768 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect64.dll
2014-09-23 21:42 - 2014-09-01 19:28 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll
2014-09-23 21:41 - 2014-09-24 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-23 21:41 - 2014-09-23 21:41 - 00001019 _____ () C:\Users\Guest\Desktop\PepperZip.lnk
2014-09-23 21:41 - 2014-09-23 21:41 - 00001019 _____ () C:\Users\Administrator\Desktop\PepperZip.lnk
2014-09-23 21:41 - 2014-09-23 21:41 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-23 18:33 - 2014-09-23 18:33 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Tracker Software
2014-09-21 19:50 - 2014-09-27 09:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 19:50 - 2014-09-21 19:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-21 19:50 - 2014-09-21 19:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-21 19:50 - 2014-09-21 19:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-21 19:47 - 2014-09-21 19:47 - 01055936 ____N (Adobe) C:\Users\Rohit\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe
2014-09-21 19:31 - 2014-09-21 19:35 - 37782816 _____ (Foxit Corporation ) C:\Users\Rohit\Downloads\FoxitReader623.815_prom_enu_Setup.exe
2014-09-21 19:17 - 2014-09-21 19:17 - 01057488 ____N (Adobe) C:\Users\Rohit\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-09-21 19:11 - 2014-09-21 19:11 - 01057488 ____N (Adobe) C:\Users\Rohit\Downloads\install_reader11_en_mssd_aaa_aih (1).exe
2014-09-21 18:47 - 2014-09-21 18:47 - 01057488 ____N (Adobe) C:\Users\Rohit\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-09-21 11:21 - 2014-09-21 11:21 - 00000000 _____ () C:\Users\Rohit\Documents\FAP5B43.tmp
2014-09-21 11:21 - 2014-09-21 11:21 - 00000000 _____ () C:\Users\Rohit\Documents\FAP458F.tmp
2014-09-21 11:20 - 2014-09-21 11:20 - 00000000 _____ () C:\Users\Rohit\Documents\FAP4EFF.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAPFF31.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP8A.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP800.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP6F4.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP5BA.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP3074.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP2F5A.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP246F.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP23C2.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP2288.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP1711.tmp
2014-09-21 10:34 - 2014-09-21 10:34 - 00000000 _____ () C:\Users\Rohit\Documents\FAP1589.tmp
2014-09-21 09:06 - 2014-09-21 09:06 - 00000000 _____ () C:\Users\Rohit\Documents\FAPC8E2.tmp
2014-09-21 09:06 - 2014-09-21 09:06 - 00000000 _____ () C:\Users\Rohit\Documents\FAP79F6.tmp
2014-09-21 08:51 - 2014-09-21 08:51 - 00000000 _____ () C:\Users\Rohit\Documents\FAP7A13.tmp
2014-09-21 06:19 - 2014-09-21 06:19 - 00001909 _____ () C:\Users\Public\Desktop\DxO Optics Pro 9.lnk
2014-09-21 06:19 - 2014-09-21 06:19 - 00001909 _____ () C:\ProgramData\Desktop\DxO Optics Pro 9.lnk
2014-09-21 06:19 - 2014-09-21 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO Optics Pro 9
2014-09-20 09:10 - 2014-09-20 09:10 - 00003150 _____ () C:\Windows\System32\Tasks\{F1D12438-3CB9-493A-AC0F-6F34BBFFD810}
2014-09-20 09:09 - 2014-09-20 09:15 - 00362029 _____ () C:\Users\Rohit\Downloads\sqlite3.dll
2014-09-20 08:45 - 2014-09-20 08:45 - 00000000 ____D () C:\MATS
2014-09-20 08:43 - 2014-09-20 08:43 - 00003088 _____ () C:\Windows\System32\Tasks\{A5253506-57A1-489D-8370-7104B12BBFC7}
2014-09-19 18:33 - 2014-09-19 18:33 - 00003088 _____ () C:\Windows\System32\Tasks\{95AD26F6-2DDE-4820-B992-FFE061F5AF72}
2014-09-19 18:32 - 2014-09-19 18:32 - 00003088 _____ () C:\Windows\System32\Tasks\{D742884A-1D66-4B6E-A38A-0560DC2E0E9A}
2014-09-18 10:01 - 2014-09-18 10:01 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-18 10:01 - 2014-09-18 10:01 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-18 10:01 - 2014-09-18 10:01 - 00001090 _____ () C:\ProgramData\Desktop\TeamViewer 9.lnk
2014-09-12 03:11 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:11 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:11 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:11 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:11 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:11 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:11 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:11 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:11 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:11 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:11 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:11 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:11 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:11 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:11 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:11 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:11 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:11 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:11 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:11 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:11 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:11 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:11 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:11 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:11 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:11 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:11 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:11 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:11 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:11 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:11 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:11 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:11 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:11 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:11 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:11 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:11 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:11 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:11 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:11 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:11 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:11 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:11 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:11 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:11 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:11 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:11 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:11 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:11 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:11 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:11 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:11 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:11 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:11 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:11 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:11 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:00 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:00 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 12:51 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 12:51 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 12:51 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 12:51 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 12:51 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 12:51 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 12:51 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 12:51 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 12:51 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 12:51 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 12:51 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-05 00:37 - 2014-09-05 08:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 22:07 - 2014-08-29 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-08-29 22:07 - 2014-08-29 22:07 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-08-28 20:57 - 2014-08-29 22:09 - 00001376 _____ () C:\Users\Rohit\Desktop\Samsung Link aniceminotaur1967@yahoo.co.uk.lnk
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Users\Rohit\Samsung Link
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Users\Rohit\.swt
2014-08-28 20:57 - 2014-08-28 20:57 - 00000000 ____D () C:\Upload
2014-08-28 20:54 - 2014-08-28 20:55 - 91916640 _____ (Copyright 2013 SAMSUNG) C:\Users\Rohit\Downloads\SamsungLink_Installer64.exe
2014-08-28 08:53 - 2014-08-28 08:53 - 03367448 _____ (PortableApps.com) C:\Users\Rohit\Downloads\PortableApps.com_Platform_Setup_12.0.1.paf.exe
2014-08-28 02:11 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 02:11 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 02:11 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 10:29 - 2013-05-03 13:15 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-09-27 10:18 - 2014-05-03 19:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 10:13 - 2013-10-24 14:52 - 00000292 _____ () C:\Windows\Tasks\DigitalSite.job
2014-09-27 10:07 - 2013-04-01 01:17 - 01128899 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 10:00 - 2013-03-31 17:48 - 00000000 ____D () C:\Users\Rohit\Documents\Outlook Files
2014-09-27 00:28 - 2013-11-24 22:59 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-25 23:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 22:36 - 2009-07-14 05:45 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 22:36 - 2009-07-14 05:45 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 22:34 - 2009-07-14 06:13 - 00875008 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 22:31 - 2013-08-21 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-09-25 22:29 - 2014-01-03 17:30 - 00001051 _____ () C:\Windows\SysWOW64\bash.exe.stackdump
2014-09-25 22:29 - 2013-11-22 00:49 - 00000000 ____D () C:\Temp
2014-09-25 22:28 - 2014-08-18 14:54 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-25 22:28 - 2013-04-01 22:40 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-25 22:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 22:28 - 2009-07-14 05:45 - 00490608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-25 22:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-09-25 22:18 - 2014-04-25 08:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 21:56 - 2013-12-21 19:30 - 00007568 _____ () C:\Windows\wininit.ini
2014-09-25 21:23 - 2013-06-23 00:30 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\vlc
2014-09-25 21:14 - 2013-12-26 20:07 - 00000000 ____D () C:\ProgramData\Sophos
2014-09-25 21:03 - 2014-03-01 09:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-25 21:03 - 2013-04-01 07:54 - 00000000 ___RD () C:\ProgramData\Skype
2014-09-25 20:55 - 2013-04-01 08:40 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Skype
2014-09-25 18:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 18:55 - 2013-03-31 17:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-24 23:58 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-24 23:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-24 23:48 - 2009-07-14 03:34 - 00000513 _____ () C:\Windows\win.ini
2014-09-24 23:37 - 2013-03-31 17:24 - 00000000 ____D () C:\Users\Rohit
2014-09-24 23:36 - 2013-04-01 15:16 - 00000000 ____D () C:\Users\Guest
2014-09-24 23:36 - 2013-04-01 07:28 - 00000000 ____D () C:\Users\Administrator
2014-09-24 23:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-09-24 21:27 - 2013-05-08 16:48 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\TeamViewer
2014-09-24 21:27 - 2013-04-01 22:59 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\uTorrent
2014-09-24 19:54 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\CSC
2014-09-23 21:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2014-09-21 18:58 - 2014-02-21 12:14 - 00000000 ____D () C:\Users\Rohit\Documents\My Digital Editions
2014-09-21 18:58 - 2013-04-01 14:54 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Adobe
2014-09-21 18:45 - 2013-04-08 19:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-21 06:21 - 2014-03-31 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO FilmPack 4
2014-09-21 06:19 - 2014-04-01 16:04 - 00000000 ____D () C:\Program Files\DxO Labs
2014-09-21 06:19 - 2013-12-21 21:36 - 00000000 ____D () C:\ProgramData\DxO Labs
2014-09-21 06:16 - 2014-03-31 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO ViewPoint 2
2014-09-20 08:58 - 2013-04-01 17:12 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Bitcoin
2014-09-20 08:03 - 2013-04-02 09:23 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-17 16:31 - 2013-12-15 23:43 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Armory
2014-09-15 09:06 - 2013-03-31 17:42 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:51 - 2014-07-31 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
2014-09-12 03:10 - 2013-07-25 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:10 - 2013-04-01 07:40 - 00858874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:01 - 2013-04-03 22:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:00 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 12:01 - 2013-09-30 21:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-05 08:25 - 2014-06-21 21:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 08:25 - 2014-06-21 21:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 02:01 - 2014-07-31 09:36 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\tor
2014-09-05 00:37 - 2013-04-01 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-05 00:37 - 2013-04-01 07:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 00:29 - 2013-04-25 08:43 - 00000000 ____D () C:\Windows\pss
2014-09-05 00:20 - 2014-06-21 21:01 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-05 00:20 - 2014-06-21 21:01 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-05 00:19 - 2013-11-05 10:05 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\ViberPC
2014-09-05 00:19 - 2010-06-15 17:50 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Dropbox
2014-09-04 11:12 - 2013-05-26 22:22 - 00000000 ____D () C:\Users\Rohit\.gimp-2.8
2014-09-03 18:46 - 2013-04-01 16:40 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Winamp
2014-09-03 16:37 - 2013-10-01 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RetroShare
2014-09-03 16:37 - 2013-04-02 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2014-08-28 20:57 - 2013-10-30 12:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-08-28 20:57 - 2013-04-29 20:04 - 00000000 ____D () C:\Users\Rohit\AppData\Roaming\Samsung
2014-08-28 20:57 - 2013-04-29 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-28 20:57 - 2013-04-29 19:59 - 00000000 ____D () C:\ProgramData\Samsung

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:31

==================== End Of Log ============================

 

 

The relevant files I have attached. Also have attached a screenshot which is showing this prompt

 

 

 

================ Rogue killer Log =================

 

 

RogueKiller V9.2.13.0 [sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rohit [Admin rights]
Mode : Scan -- Date : 09/27/2014  11:11:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 39 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{591F8924-9DBF-4736-9B6F-2B490D1A6354} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AB1275F-D731-4A53-A08D-F83FC33FD854} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C356DC97-7B3D-4096-848F-C1D1C8FE54F8} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C47E1418-D1CA-41AF-86E4-50EC2F4D103E} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CB5D2047-6DA2-4886-89CA-56D520F4A6F4} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | NameServer : 5.79.84.141,8.38.77.107  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E8C49414-33F9-4597-9FBF-4A062570500F} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-777525085-2242243551-2312641307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] DigitalSite.job -- C:\Users\Rohit\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\DigitalSite -- C:\Users\Rohit\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] gt3hdjm8.default : user_pref("network.proxy.http", "115.111.91.43"); -> FOUND
[PUM.Proxy][FIREFX:Config] gt3hdjm8.default : user_pref("network.proxy.http_port", 80); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 8dd7a50d701b286f4ae4fb986d301cea
[bSP] b2bbcd10da88414edda41a11ca5bf5a4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD154UI ATA Device +++++
--- User ---
[MBR] 4d97cb31f3618cbbd44dc697dc2bf719
[bSP] 438944f5d72fc1f43ab5544c19492a45 : Windows Vista/7/8 MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 14b8a6ea97c284b7fa7211f36e8b4f5a
[bSP] c0d33b49240a39279987362be9b41786 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK
 

Addition.txt

post-174105-0-53936300-1411813088_thumb.

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.