Jump to content

Pops with ad-type.google.com and redirecting tradeadexchange.com


Recommended Posts

aswMBR also provided the option of updating the antivirus signatures. I have run a scan once without the updation and second after updating the signature.

 

First scan log ( without update)

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-09-08 10:36:08
-----------------------------
10:36:08.843    OS Version: Windows 6.0.6002 Service Pack 2
10:36:08.843    Number of processors: 2 586 0xF02
10:36:08.843    ComputerName: KBC-PC  UserName: KBC
10:37:32.038    Initialize success
10:37:32.631    VM: initialized successfully
10:37:32.631    VM: Intel CPU virtualization not supported
10:38:07.754    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:38:07.754    Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3
10:38:07.910    Disk 0 MBR read successfully
10:38:07.910    Disk 0 MBR scan
10:38:07.910    Disk 0 Windows VISTA default MBR code
10:38:07.910    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        60314 MB offset 63
10:38:07.941    Disk 0 Partition 2 00     12  Compaq diag             12197 MB offset 287595630
10:38:07.941    Disk 0 Partition - 00     0F Extended LBA             80113 MB offset 123523785
10:38:07.972    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        80113 MB offset 123523848
10:38:07.972    Disk 0 scanning sectors +312576705
10:38:08.066    Disk 0 scanning C:\Windows\system32\drivers
10:38:29.625    Service scanning
10:39:11.636    Modules scanning
10:39:11.636    Disk 0 trace - called modules:
10:39:11.698    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:39:11.714    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86634968]
10:39:11.714    3 CLASSPNP.SYS[891bd8b3] -> nt!IofCallDriver -> [0x85460898]
10:39:11.730    5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e43030]
10:39:11.730    Disk 0 statistics 79389/0/0 @ 4.16 MB/s
10:39:11.745    Scan finished successfully
10:39:51.915    Disk 0 MBR has been saved successfully to "C:\Downloads\Avast\MBR.dat"
10:39:51.931    The log file has been saved successfully to "C:\Downloads\Avast\aswMBR.txt"

 

Second Scan Log ( after update)

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-09-08 10:43:16
-----------------------------
10:43:16.479    OS Version: Windows 6.0.6002 Service Pack 2
10:43:16.479    Number of processors: 2 586 0xF02
10:43:16.479    ComputerName: KBC-PC  UserName: KBC
10:43:18.132    Initialize success
10:43:18.163    VM: initialized successfully
10:43:18.163    VM: Intel CPU virtualization not supported
11:27:50.074    AVAST engine defs: 15090701
11:32:54.430    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:32:54.446    Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3
11:32:54.586    Disk 0 MBR read successfully
11:32:54.586    Disk 0 MBR scan
11:32:54.695    Disk 0 Windows VISTA default MBR code
11:32:54.695    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        60314 MB offset 63
11:32:54.789    Disk 0 Partition 2 00     12  Compaq diag             12197 MB offset 287595630
11:32:54.851    Disk 0 Partition - 00     0F Extended LBA             80113 MB offset 123523785
11:32:54.883    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        80113 MB offset 123523848
11:32:54.929    Disk 0 scanning sectors +312576705
11:32:55.117    Disk 0 scanning C:\Windows\system32\drivers
11:34:21.587    Service scanning
11:36:17.729    Modules scanning
11:36:17.729    Disk 0 trace - called modules:
11:36:17.761    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
11:36:17.761    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86634968]
11:36:17.761    3 CLASSPNP.SYS[891bd8b3] -> nt!IofCallDriver -> [0x85460898]
11:36:17.761    5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e43030]
11:36:19.445    AVAST engine scan C:\Windows
11:36:45.622    AVAST engine scan C:\Windows\system32
11:48:15.281    AVAST engine scan C:\Windows\system32\drivers
11:49:04.640    AVAST engine scan C:\Users\KBC
11:54:38.324    AVAST engine scan C:\ProgramData
12:00:03.490    Disk 0 statistics 2749094/0/0 @ 3.06 MB/s
12:00:03.490    Scan finished successfully
12:16:27.304    Disk 0 MBR has been saved successfully to "C:\Downloads\Avast\MBR.dat"
12:16:27.320    The log file has been saved successfully to "C:\Downloads\Avast\aswMBR2.txt"

Thank you for your continuing advice.

 

Regards

Link to post
Share on other sites

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Link to post
Share on other sites

here are teh results from the MiniToolBox.

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by KBC (administrator) on 08-09-2015 at 14:40:00
Running from "C:\Downloads\MiniToolBox"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Model: LENOVO3000 Y500 Manufacturer: Lenovo
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : KBC-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gwlan
   Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
   Physical Address. . . . . . . . . : 00-1B-77-82-F4-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
   Physical Address. . . . . . . . . : 00-1B-38-03-72-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7c9f:3909:34c6:e4c3%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 08 September 2015 09:46:09
   Lease Expires . . . . . . . . . . : 11 September 2015 14:22:42
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184556344
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-84-F5-A5-00-1B-38-03-72-AE
   DNS Servers . . . . . . . . . . . : 5.152.219.50
                                       37.220.8.190
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{7A8B311E-52BC-474D-92E3-3E6266593E19}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5896:f0c3:289e:3750:3f57:fe99(Preferred)
   Link-local IPv6 Address . . . . . : fe80::289e:3750:3f57:fe99%10(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 20:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.gwlan
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0EE7B428-166B-4A90-80A3-B56A4013BBFE}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  h5-152-219-50.host.redstation.co.uk
Address:  5.152.219.50

Name:    google.com
Addresses:  2a00:1450:4013:c00::64
   173.194.65.138
   173.194.65.101
   173.194.65.100
   173.194.65.102
   173.194.65.139
   173.194.65.113

 

Pinging google.com [173.194.65.113] with 32 bytes of data:

Reply from 173.194.65.113: bytes=32 time=1738ms TTL=38

Reply from 173.194.65.113: bytes=32 time=472ms TTL=38

 

Ping statistics for 173.194.65.113:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 472ms, Maximum = 1738ms, Average = 1105ms

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  5.152.219.50

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   2001:4998:58:c02::a9
   206.190.36.45
   98.139.183.24
   98.138.253.109

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=648ms TTL=46

Reply from 206.190.36.45: bytes=32 time=487ms TTL=46

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 487ms, Maximum = 648ms, Average = 567ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
  9 ...00 1b 77 82 f4 6f ...... Intel® PRO/Wireless 3945ABG Network Connection
  8 ...00 1b 38 03 72 ae ...... Realtek RTL8139/810x Family Fast Ethernet NIC
  1 ........................... Software Loopback Interface 1
 36 ...00 00 00 00 00 00 00 e0  isatap.{7A8B311E-52BC-474D-92E3-3E6266593E19}
 21 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 17 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #3
 18 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 19 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #5
 20 ...00 00 00 00 00 00 00 e0  Microsoft 6to4 Adapter #2
 22 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #6
 23 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #7
 31 ...00 00 00 00 00 00 00 e0  isatap.gwlan
 26 ...00 00 00 00 00 00 00 e0  isatap.{0EE7B428-166B-4A90-80A3-B56A4013BBFE}
 25 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.102     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.102    276
    192.168.1.102  255.255.255.255         On-link     192.168.1.102    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.102    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.102    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.102    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 10     18 2001::/32                On-link
 10    266 2001:0:5896:f0c3:289e:3750:3f57:fe99/128
                                    On-link
  8    276 fe80::/64                On-link
 10    266 fe80::/64                On-link
 10    266 fe80::289e:3750:3f57:fe99/128
                                    On-link
  8    276 fe80::7c9f:3909:34c6:e4c3/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
  8    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2015 10:26:09 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16685 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1354
Start Time: 01d0e9f27e5bc020
Termination Time: 16

Error: (09/04/2015 12:24:04 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (09/04/2015 12:24:03 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (08/18/2015 11:30:01 AM) (Source: AdvancedSystemCareService8) (User: )
Description: The handle is invalid

Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (User: )
Description: The handle is invalid

Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (User: )
Description: The handle is invalid

Error: (08/17/2015 05:08:02 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/17/2015 05:08:01 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (08/17/2015 03:49:23 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16684 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1248
Start Time: 01d0d8d609462d32
Termination Time: 125

Error: (08/17/2015 02:17:43 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16684 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 10ac
Start Time: 01d0d8c8329774b9
Termination Time: 141

System errors:
=============
Error: (09/08/2015 09:47:39 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/08/2015 09:47:39 AM) (Source: Service Control Manager) (User: )
Description: Advanced SystemCare Service 8%%2

Error: (09/08/2015 09:46:10 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (09/08/2015 09:44:47 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (09/05/2015 07:13:58 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/05/2015 07:13:58 PM) (Source: Service Control Manager) (User: )
Description: Advanced SystemCare Service 8%%2

Error: (09/05/2015 07:13:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/05/2015 07:12:12 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (09/04/2015 10:50:24 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/04/2015 10:50:24 AM) (Source: Service Control Manager) (User: )
Description: Advanced SystemCare Service 8%%2

Microsoft Office Sessions:
=========================
Error: (09/08/2015 10:26:09 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16685135401d0e9f27e5bc02016

Error: (09/04/2015 12:24:04 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR

Error: (09/04/2015 12:24:03 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\SAMEER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SERVICE WORKER\CACHESTORAGE\0FA95B80667BF657A6FF1012AC31D0FB34F2FA66\84F5DC1731DF005F272D0A6643765C44C36EBBF0\INDEX-DIR

Error: (08/18/2015 11:30:01 AM) (Source: AdvancedSystemCareService8)(User: )
Description: The handle is invalid

Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8)(User: )
Description: The handle is invalid

Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8)(User: )
Description: The handle is invalid

Error: (08/17/2015 05:08:02 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/17/2015 05:08:01 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (08/17/2015 03:49:23 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16684124801d0d8d609462d32125

Error: (08/17/2015 02:17:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1668410ac01d0d8c8329774b9141

CodeIntegrity Errors:
===================================
  Date: 2015-08-26 19:16:04.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:16:02.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:16:01.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:16:00.876
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:15:57.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:15:56.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:15:55.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:15:54.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:13:29.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-26 19:13:28.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EASEUS Partition Master 6.5.2 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
Easy Button (HKLM\...\EzButton) (Version:  - )
EasyCapture2.5 (HKLM\...\EasyCapture2.5) (Version:  - )
EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eToken PKI Client 4.55 (HKLM\...\{2146B7E6-FC1C-4230-9952-E9CA2260AA08}) (Version: 4.55.22 - Aladdin Knowledge Systems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.13 - Google Inc.) Hidden
HP Deskjet 3540 series Basic Device Software (HKLM\...\{29E641BB-2183-4653-B589-18B10E5D9635}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
HP Deskjet 3540 series Help (HKLM\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Internet Telephone (HKLM\...\{0CDB16C2-E258-4D2C-A572-776E667431BF}) (Version: 4.60 - Callserve Communications Ltd) Hidden
Internet Telephone 4.60 (HKLM\...\{B24E6473-5600-42D0-BD57-8E4B85ACD0BD}) (Version:  - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.3400 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3400 - Lenovo.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.276 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerCineama MagicDirector Module (HKLM\...\{13E613EF-BB55-11D9-9D77-000129760D75}) (Version:  - )
PowerCinema MakeDisc Module (HKLM\...\{FC4F90EC-B1DA-11D9-9D77-000129760D75}) (Version:  - )
Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{6945C9BA-710C-4776-BB1C-F5F2368AE45E}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5350 - Realtek Semiconductor Corp.)
Seagate Manager Installer (HKLM\...\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
ShuttleCenter (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Tally.ERP 9 (HKLM\...\{AAF5BFFE-1A0B-4A9E-B726-82AC4DD26B59}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2011.)
VeriFace (HKLM\...\VeriFace) (Version:  - )
Windows Driver Package - Animation Technologies Inc. (TridVid) Media  (01/17/2007 1.287.3.10) (HKLM\...\A06EE73B1C7DE59F5A907866B9F81C6A89C49529) (Version: 01/17/2007 1.287.3.10 - Animation Technologies Inc.)

========================= Devices: ================================

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Device ID: ROOT\*TUNMP\0001
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Device ID: ROOT\*TUNMP\0002
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Device ID: ROOT\*TUNMP\0003
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2045.75 MB
Available physical RAM: 1150.29 MB
Total Virtual: 4328 MB
Available Virtual: 3141.53 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:58.9 GB) (Free:22.05 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:78.24 GB) (Free:72 GB) NTFS

========================= Users: ========================================

User accounts for \\KBC-PC

Administrator            Guest                    KBC                     
SAMEER                  

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini082115-01.dmp

**** End of log ****

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Herewith are the results of Combofix Log report :

 

ComboFix 15-09-25.01 - KBC 28/09/2015  11:33:52.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.91.1033.18.2046.1111 [GMT 5.5:30]
Running from: c:\users\KBC\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
c:\windows\system32\zip32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-28 to 2015-09-28  )))))))))))))))))))))))))))))))
.
.
2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----w- c:\program files\Common Files\Skype
2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----r- c:\program files\Skype
2015-09-22 06:06 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-09-22 06:06 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-09-22 06:03 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-22 06:03 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-22 05:54 . 2015-07-10 14:21 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-22 05:53 . 2015-08-05 15:58 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-09-22 05:52 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-22 05:52 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-09-22 05:52 . 2015-09-02 19:55 2067456 ----a-w- c:\windows\system32\win32k.sys
2015-09-22 05:50 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-01 15:10 . 2015-09-01 14:04 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-01 14:56 . 2015-09-02 03:26 -------- d-----w- C:\zoek
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-28 05:41 . 2015-08-15 17:22 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 11:49 . 2015-08-15 16:43 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-04 18:33 . 2015-08-04 18:33 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 18:33 . 2015-08-04 18:33 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 21:46 . 2015-08-17 08:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-07-31 21:46 . 2015-08-17 08:53 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-07-31 21:46 . 2015-08-17 08:53 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-07-31 21:46 . 2015-08-17 08:53 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-07-31 20:41 . 2015-08-17 08:53 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-31 20:40 . 2015-08-17 08:53 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-07-31 20:35 . 2015-08-17 08:53 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-07-31 20:33 . 2015-08-17 08:53 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-07-31 20:33 . 2015-08-17 08:53 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-07-31 19:27 . 2015-08-17 09:00 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 20:55 . 2015-08-17 09:01 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-07-21 16:07 . 2015-08-17 09:01 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-21 16:07 . 2015-08-17 09:01 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-21 16:07 . 2015-08-17 09:01 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-21 16:07 . 2015-08-17 09:01 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-07-21 16:03 . 2015-08-17 09:01 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-21 16:03 . 2015-08-17 09:01 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-07-21 16:03 . 2015-08-17 09:01 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-18 16:03 . 2015-08-17 08:54 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-07-10 19:37 . 2015-08-17 08:58 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\notepad.exe
2015-07-03 16:04 . 2015-08-01 04:22 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 15:57 . 2015-08-16 10:16 199680 ----a-w- c:\windows\system32\WebClnt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-07-17 6453528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-08-07 53729824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-02-11 562688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-07-17 18:33 6453528 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut]
2006-12-26 20:06 1392640 ----a-w- c:\program files\Lenovo\EnergyCut\EnergyCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton]
2007-01-05 11:38 450560 ----a-w- c:\progra~1\EzButton\EzButton.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2006-11-22 9728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ    BthServ
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-26 08:43 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31]
.
2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31]
.
2015-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0f4f05a2ef6a0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 5.152.219.51 5.152.219.52
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Advanced SystemCare 8 - c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Advanced SystemCare 8_is1 - c:\program files\IObit\Advanced SystemCare 8\unins000.exe
AddRemove-IObitUninstall - c:\program files\IObit\IObit Uninstaller\UninstallDisplay.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-28 11:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-09-28  11:48:25
ComboFix-quarantined-files.txt  2015-09-28 06:18
.
Pre-Run: 19,213,307,904 bytes free
Post-Run: 18,686,803,968 bytes free
.
- - End Of File - - 7C3E6223DBB00CBD17A9AEA2C3F56602
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton]

DDS::

Trusted Zone: webcompanion.com

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Thank you. Here attached is the updated log after this.

 

ComboFix 15-09-25.01 - KBC 29/09/2015  17:02:57.2.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.91.1033.18.2046.1121 [GMT 5.5:30]
Running from: c:\users\KBC\Desktop\ComboFix.exe
Command switches used :: c:\users\KBC\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-28 to 2015-09-29  )))))))))))))))))))))))))))))))
.
.
2015-09-29 11:41 . 2015-09-29 11:42 -------- d-----w- c:\users\KBC\AppData\Local\temp
2015-09-29 11:41 . 2015-09-29 11:41 -------- d-----w- c:\users\SAMEER\AppData\Local\temp
2015-09-29 11:41 . 2015-09-29 11:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----w- c:\program files\Common Files\Skype
2015-09-24 11:20 . 2015-09-24 11:20 -------- d-----r- c:\program files\Skype
2015-09-22 06:06 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-09-22 06:06 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-09-22 06:03 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-22 06:03 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-22 05:54 . 2015-07-10 14:21 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-22 05:53 . 2015-08-05 15:58 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-09-22 05:52 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-22 05:52 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-09-22 05:52 . 2015-09-02 19:55 2067456 ----a-w- c:\windows\system32\win32k.sys
2015-09-22 05:50 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-01 15:10 . 2015-09-01 14:04 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-01 14:56 . 2015-09-02 03:26 -------- d-----w- C:\zoek
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-28 05:41 . 2015-08-15 17:22 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 11:49 . 2015-08-15 16:43 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-04 18:33 . 2015-08-04 18:33 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 18:33 . 2015-08-04 18:33 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 21:46 . 2015-08-17 08:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-07-31 21:46 . 2015-08-17 08:53 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-07-31 21:46 . 2015-08-17 08:53 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-07-31 21:46 . 2015-08-17 08:53 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-07-31 20:41 . 2015-08-17 08:53 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-31 20:40 . 2015-08-17 08:53 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-07-31 20:35 . 2015-08-17 08:53 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-07-31 20:33 . 2015-08-17 08:53 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-07-31 20:33 . 2015-08-17 08:53 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-07-31 19:27 . 2015-08-17 09:00 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 20:55 . 2015-08-17 09:01 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-07-21 16:07 . 2015-08-17 09:01 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-21 16:07 . 2015-08-17 09:01 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-21 16:07 . 2015-08-17 09:01 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-21 16:07 . 2015-08-17 09:01 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-07-21 16:03 . 2015-08-17 09:01 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-21 16:03 . 2015-08-17 09:01 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-07-21 16:03 . 2015-08-17 09:01 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-18 16:03 . 2015-08-17 08:54 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-07-10 19:37 . 2015-08-17 08:58 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 14:25 . 2015-08-16 10:15 151040 ----a-w- c:\windows\notepad.exe
2015-07-03 16:04 . 2015-08-01 04:22 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 15:57 . 2015-08-16 10:16 199680 ----a-w- c:\windows\system32\WebClnt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-07-17 6453528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-08-07 53729824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-02-11 562688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-07-17 18:33 6453528 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyCut]
2006-12-26 20:06 1392640 ----a-w- c:\program files\Lenovo\EnergyCut\EnergyCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2006-11-22 9728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ    BthServ
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-26 08:43 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31]
.
2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31]
.
2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0f4f05a2ef6a0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-03 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
Trusted Zone: localhost
TCP: DhcpNameServer = 5.152.219.51 5.152.219.52
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-29 17:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-09-29  17:14:45
ComboFix-quarantined-files.txt  2015-09-29 11:44
ComboFix2.txt  2015-09-28 06:18
.
Pre-Run: 18,708,996,096 bytes free
Post-Run: 18,472,529,920 bytes free
.
- - End Of File - - 95615B155EB9751A32BDBBD37C9838A8
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

  • 2 weeks later...

OK, here attached are the scan reports.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
Ran by KBC (administrator) on KBC-PC (09-10-2015 12:39:02)
Running from C:\Downloads\Farbar
Loaded Profiles: KBC (Available Profiles: KBC & SAMEER)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
() C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
(Seagate Technology LLC) D:\Program Files\Sync\FreeAgentService.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [155648 2006-09-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-595894999-490155728-2440704941-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 5.152.219.50 37.220.8.190
Tcpip\..\Interfaces\{7A8B311E-52BC-474D-92E3-3E6266593E19}: [DhcpNameServer] 5.152.219.50 37.220.8.190

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-595894999-490155728-2440704941-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-595894999-490155728-2440704941-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> DefaultScope {C6B85888-FA66-4085-BBFF-26AC5E787B95} URL = hxxps://in.search.yahoo.com/search?fr=mcafee&type=B011IN0D20141106&p={searchTerms}
SearchScopes: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> {C6B85888-FA66-4085-BBFF-26AC5E787B95} URL = hxxps://in.search.yahoo.com/search?fr=mcafee&type=B011IN0D20141106&p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-09-22]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-05]

Chrome:
=======
CHR Profile: C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29]
CHR Extension: (YouTube) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Google Sheets) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (SiteAdvisor) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-03-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0203281444372169mcinstcleanup; C:\Windows\TEMP\020328~1.EXE [883024 2015-05-05] (McAfee, Inc.)
R2 CLCapSvc; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [274529 2007-01-06] () [File not signed]
R2 CLSched; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [118879 2007-01-06] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-07] (Macrovision Europe Ltd.) [File not signed]
R2 FreeAgentGoNext Service; D:\Program Files\Sync\FreeAgentService.exe [189736 2009-12-18] (Seagate Technology LLC)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-09-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2007-01-05] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [9728 2006-11-23] (Lenovo Corporation)
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2007-09-11] (Aladdin Knowledge Systems, Ltd.)
S3 CapFilt; C:\Windows\system32\Drivers\CapFilt.sys [18944 2007-09-21] (ensurebit) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
R1 DritekPortIO; C:\Program Files\EzButton\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
R3 eTSCFLT; C:\Windows\System32\DRIVERS\eTSCFLT.sys [12456 2007-09-11] (Aladdin Knowledge Systems, Ltd.)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-09-06] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [67584 2012-09-06] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-09-06] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
R3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [159104 2007-09-21] (Trident Multimedia Technologies Co.,Ltd)
S3 UDA; C:\Windows\System32\Drivers\rcudawdm.sys [25760 2012-04-17] (Rainbow China Co,. Ltd.)
S3 wdf_usb_vista; C:\Windows\System32\DRIVERS\usb2ser_vista.sys [38912 2012-10-11] (MediaTek Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\KBC\AppData\Local\Temp\catchme.sys [X]
S3 EraserUtilDrv11110; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U2 wuaserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 18:00 - 2015-09-29 18:00 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-29 18:00 - 2015-09-29 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-29 17:57 - 2015-10-09 12:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 17:57 - 2015-10-09 11:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 17:14 - 2015-09-29 17:14 - 00011841 _____ C:\ComboFix.txt
2015-09-28 11:31 - 2015-09-29 17:14 - 00000000 ____D C:\Qoobox
2015-09-28 11:31 - 2011-06-26 12:15 - 00256000 _____ C:\Windows\PEV.exe
2015-09-28 11:31 - 2010-11-07 22:50 - 00208896 _____ C:\Windows\MBR.exe
2015-09-28 11:31 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-28 11:31 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-28 11:31 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-28 11:31 - 2000-08-31 05:30 - 00098816 _____ C:\Windows\sed.exe
2015-09-28 11:31 - 2000-08-31 05:30 - 00080412 _____ C:\Windows\grep.exe
2015-09-28 11:31 - 2000-08-31 05:30 - 00068096 _____ C:\Windows\zip.exe
2015-09-28 11:30 - 2015-09-28 11:46 - 00000000 ____D C:\Windows\erdnt
2015-09-28 11:00 - 2015-09-28 11:01 - 05636489 ____R (Swearware) C:\Users\KBC\Desktop\ComboFix.exe
2015-09-24 16:50 - 2015-09-24 16:50 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ___RD C:\Program Files\Skype
2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-22 14:32 - 2015-09-22 15:50 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-22 14:32 - 2015-09-22 14:32 - 00001852 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-09-22 11:36 - 2015-08-13 19:45 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-22 11:36 - 2015-08-13 19:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-22 11:33 - 2015-09-03 02:56 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-22 11:33 - 2015-09-03 02:56 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-22 11:24 - 2015-07-10 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-22 11:22 - 2015-09-03 02:56 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-22 11:22 - 2015-09-03 01:25 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-22 11:22 - 2015-09-03 01:24 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-22 11:20 - 2015-08-05 21:29 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-22 10:43 - 2015-08-17 22:48 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-22 10:43 - 2015-08-17 22:47 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-22 10:43 - 2015-08-17 22:44 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-22 10:43 - 2015-08-17 22:43 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-22 10:43 - 2015-08-17 22:42 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-22 10:43 - 2015-08-17 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-22 10:43 - 2015-08-17 22:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-22 10:43 - 2015-08-17 22:41 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-22 10:43 - 2015-08-17 22:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-22 10:43 - 2015-08-17 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-22 10:43 - 2015-08-17 22:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-22 10:43 - 2015-08-17 22:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 12:39 - 2015-08-17 10:56 - 00000000 ____D C:\FRST
2015-10-09 12:26 - 2015-07-30 22:25 - 01894952 _____ C:\Windows\WindowsUpdate.log
2015-10-09 12:06 - 2009-06-24 14:18 - 00000000 ____D C:\Users\KBC\AppData\Roaming\Skype
2015-10-09 11:59 - 2014-03-05 13:19 - 00000000 ____D C:\Program Files\McAfee
2015-10-09 11:54 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.001
2015-10-09 11:52 - 2007-09-21 09:43 - 16030545 _____ C:\FaceProv.log
2015-10-09 11:52 - 2006-11-02 18:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 11:52 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 11:52 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 15:42 - 2008-01-28 14:40 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-10-04 15:42 - 2006-11-02 18:28 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-04 14:40 - 2009-11-09 11:28 - 00781404 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 14:24 - 2015-07-31 16:23 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.dat
2015-10-04 14:24 - 2015-07-31 16:23 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.001
2015-10-04 14:23 - 2015-08-17 12:15 - 00008070 _____ C:\Windows\PFRO.log
2015-10-03 20:31 - 2015-08-01 19:05 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\Skype
2015-10-03 20:28 - 2009-06-24 14:18 - 00000000 ____D C:\ProgramData\Skype
2015-09-29 18:00 - 2015-02-22 19:50 - 00000000 ____D C:\Users\KBC\AppData\Local\Google
2015-09-29 17:59 - 2015-02-22 19:51 - 00000000 ____D C:\Program Files\Google
2015-09-29 17:54 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.dat
2015-09-29 17:12 - 2006-11-02 15:53 - 00000189 _____ C:\Windows\system.ini
2015-09-28 11:48 - 2006-11-02 16:48 - 00000000 __RHD C:\Users\Default
2015-09-28 11:48 - 2006-11-02 16:48 - 00000000 ___RD C:\Users\Public
2015-09-28 11:11 - 2015-08-15 22:52 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-22 15:50 - 2008-01-25 17:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-22 15:39 - 2012-10-05 22:32 - 00000000 ____D C:\Temp delete after use
2015-09-22 14:34 - 2008-01-25 17:01 - 00000000 ____D C:\Users\KBC\AppData\Local\Adobe
2015-09-22 14:32 - 2011-02-25 17:06 - 00000000 ____D C:\Program Files\Adobe
2015-09-22 14:32 - 2008-01-25 17:00 - 00000000 ____D C:\ProgramData\Adobe
2015-09-22 12:08 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-22 12:01 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\rescache
2015-09-22 11:45 - 2006-11-02 18:14 - 00399736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-22 11:36 - 2011-02-28 09:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-22 11:16 - 2013-07-31 15:16 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2008-01-25 11:34 - 2010-12-24 09:37 - 0011760 ____H () C:\Users\KBC\AppData\Roaming\KBC.idx
2008-01-25 10:14 - 2015-10-09 11:54 - 0090657 _____ () C:\Users\KBC\AppData\Roaming\nvModes.001
2008-01-25 10:14 - 2015-09-29 17:54 - 0090657 _____ () C:\Users\KBC\AppData\Roaming\nvModes.dat
2008-02-05 14:45 - 2013-12-20 14:23 - 0007484 _____ () C:\Users\KBC\AppData\Local\d3d9caps.dat
2008-02-19 16:00 - 2015-07-30 19:51 - 0060928 _____ () C:\Users\KBC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-20 16:13 - 2014-02-20 16:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-25 15:30 - 2013-03-25 15:30 - 0002001 _____ () C:\ProgramData\eTdsWizard1314_A8D59B57-C4D3-4DEE-88D4-9466F7421A5F.swidtag
2009-06-24 14:28 - 2009-06-24 14:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-02-12 14:45 - 2014-04-12 14:40 - 0043280 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-09 12:11

==================== End of FRST.txt ============================

 

 

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by KBC (2015-10-09 12:42:21)
Running from C:\Downloads\Farbar
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) (2007-09-21 03:41:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-595894999-490155728-2440704941-500 - Administrator - Disabled)
Guest (S-1-5-21-595894999-490155728-2440704941-501 - Limited - Enabled)
KBC (S-1-5-21-595894999-490155728-2440704941-1001 - Administrator - Enabled) => C:\Users\KBC
SAMEER (S-1-5-21-595894999-490155728-2440704941-1002 - Limited - Enabled) => C:\Users\SAMEER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EASEUS Partition Master 6.5.2 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
Easy Button (HKLM\...\EzButton) (Version:  - )
EasyCapture2.5 (HKLM\...\EasyCapture2.5) (Version:  - )
EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eToken PKI Client 4.55 (HKLM\...\{2146B7E6-FC1C-4230-9952-E9CA2260AA08}) (Version: 4.55.22 - Aladdin Knowledge Systems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HP Deskjet 3540 series Basic Device Software (HKLM\...\{29E641BB-2183-4653-B589-18B10E5D9635}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
HP Deskjet 3540 series Help (HKLM\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Internet Telephone (Version: 4.60 - Callserve Communications Ltd) Hidden
Internet Telephone 4.60 (HKLM\...\{B24E6473-5600-42D0-BD57-8E4B85ACD0BD}) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.3400 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3400 - Lenovo.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.283 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerCineama MagicDirector Module (HKLM\...\{13E613EF-BB55-11D9-9D77-000129760D75}) (Version:  - )
PowerCinema MakeDisc Module (HKLM\...\{FC4F90EC-B1DA-11D9-9D77-000129760D75}) (Version:  - )
Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{6945C9BA-710C-4776-BB1C-F5F2368AE45E}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5350 - Realtek Semiconductor Corp.)
Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Seagate Manager Installer (Version: 2.01.0700 - Seagate) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShuttleCenter (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Tally.ERP 9 (HKLM\...\{AAF5BFFE-1A0B-4A9E-B726-82AC4DD26B59}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2011.)
VeriFace (HKLM\...\VeriFace) (Version:  - )
Windows Driver Package - Animation Technologies Inc. (TridVid) Media  (01/17/2007 1.287.3.10) (HKLM\...\A06EE73B1C7DE59F5A907866B9F81C6A89C49529) (Version: 01/17/2007 1.287.3.10 - Animation Technologies Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

01-09-2015 19:37:40 zoek.exe restore point
22-09-2015 10:53:08 Windows Update
22-09-2015 13:19:49 Windows Update
28-09-2015 11:31:45 ComboFix created restore point
03-10-2015 20:21:28 McAfee Vulnerability Scanner

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 15:53 - 2015-09-28 11:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13C6C1CE-9781-4B73-B921-A8FE300322BD} - System32\Tasks\{C2DA5577-8068-4880-B1FE-EA2D7177E005} => C:\Program Files\Skype\Phone\Skype.exe [2015-09-28] (Skype Technologies S.A.)
Task: {196D8724-FA9D-4F51-9B7D-3D7A5FF312E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {B04931F7-062C-4800-933A-9872D722C34D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: {B885FFD3-0FC5-4552-A6B8-B5C242FD867B} - System32\Tasks\ASC8_SkipUac_KBC => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
Task: {C38B5FCF-E267-47FE-AE3A-17DCE91C428B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {C8C1B30C-960E-489A-8735-E3113D4668C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2007-09-21 09:42 - 2007-01-06 08:01 - 00274529 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
2007-09-21 09:42 - 2007-01-06 08:01 - 00237671 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapEngine.dll
2007-09-21 09:42 - 2007-01-06 08:01 - 00032768 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvcps.dll
2007-09-21 09:41 - 2007-01-05 20:02 - 00262247 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-09-21 09:42 - 2007-01-06 08:01 - 00118879 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
2007-09-21 09:42 - 2007-01-06 08:01 - 00114785 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSchMgr.dll
2007-09-21 09:42 - 2007-01-06 08:01 - 00339968 _____ () C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLTinyDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\localhost -> localhost

IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-595894999-490155728-2440704941-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 5.152.219.50 - 37.220.8.190
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: EnergyCut => C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F9964295-A095-4758-B0F3-225C12DC04E3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{890FC831-59AF-4118-8411-B310B441DDF5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2015 02:34:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 7ec
Start Time: 01d0fe8228dbd06a
Termination Time: 10187

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35@2X.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35@2X.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-MIDDLE-35X35.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35@2X.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35@2X.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BUTTON-LEFT-35X35.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (10/04/2015 02:31:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAMEER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20@2X.PNG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (10/09/2015 11:54:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (10/09/2015 11:54:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Advanced SystemCare Service 8%%2

Error: (10/09/2015 11:52:34 AM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (10/04/2015 02:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (10/04/2015 02:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Advanced SystemCare Service 8%%2

Error: (10/04/2015 02:24:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/04/2015 02:23:28 PM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (10/03/2015 04:54:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/03/2015 04:52:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/03/2015 04:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

CodeIntegrity:
===================================
  Date: 2015-10-09 12:40:14.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-09 12:40:12.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-09 12:40:11.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-09 12:40:10.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-09 12:30:17.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-09 12:30:16.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-09 12:30:14.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-09 12:30:13.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-29 17:04:43.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-29 17:04:42.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 52%
Total physical RAM: 2045.75 MB
Available physical RAM: 970.71 MB
Total Virtual: 4326.04 MB
Available Virtual: 3133.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.9 GB) (Free:16.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (LENOVO) (Fixed) (Total:78.24 GB) (Free:72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=58.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.9 GB) - (Type=12)
Partition 3: (Not Active) - (Size=78.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • 3 weeks later...

Hi

 

Is there any further possibility. Given the persistent problem, I think, it could be a problem with my internet service provider or perhaps some protection software code has been removed by the previous infection, leading to the problem. I am now thinking of reinstalling the windows software on my PC.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.