Inactive Wolf64 msupdate71

Status
Not open for further replies.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by Rohan (administrator) on 15-3542 (29-09-2015 18:56:03)
Running from C:\Users\Rohan\Desktop
Loaded Profiles: Rohan (Available Profiles: Rohan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
() C:\Users\Rohan\AppData\Local\Temp\msupdate71\dwm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487561 2010-08-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [GoogleChromeAutoLaunch_AAE9DCB2F2146D6A0245F7C8BCEFCD32] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\Rohan\AppData\Local\Temp\mdi264.dll,dalmat <===== ATTENTION
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msnoimtum.exe <===== ATTENTION
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-09-24]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A183545B-D8EC-4C51-85CA-0EC23DE65810}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> OldSearch URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MB2A96FCF-3E5A-49A5-A0B0-B6A42A144B64&SearchSource=58&CUI=&UM=8&UP=SP31AC7359-8CAA-4445-A515-7CFB40DDFD1A&q={searchTerms}&SSPV=SP22011TB_sp_ie
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_15_03_other&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCyD0CtBzyyEyCtC0C0FzytN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtB0FtBzy0EyD0CtGzzyCzyzytG0E0AyEzytGzytDtCyEtGyDyDyE0ByD0DyD0AzytB0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtDtAzztCzztByBtG0CtB0D0CtGyE0B0DzytGzytB0EyEtGtA0ByEzytByCtCyByCyBzz0E2Q&cr=862411700&ir=
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.in/
CHR StartupUrls: Default -> "hxxps://www.google.co.in/"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&from=kint1&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www.oursurfing.com
CHR DefaultSuggestURL: Default -> hxxp://www.dealhub.club/oursurfing/suggest.php?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-17]
CHR Extension: (Replace New Tab Page) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2015-09-11]
CHR Extension: (SiteAdvisor) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (OurSurfing) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhaejgjpehlnjnejmigjonkchjadnnp [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AbtSvcHost; C:\Windows\SysWOW64\AbtSvcHost_.exe [84376 2014-06-11] (Absolute Software Corp.)
S2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [5457920 2012-09-24] (ANSYS, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-01-24] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-10-15] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-05-13] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U2 McMPFSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

CompanyName} ) C:\Users\Rohan\Downloads\RecoverMyFiles-Setup.exe
2015-09-29 18:56 - 2015-09-29 18:56 - 00026088 _____ C:\Users\Rohan\Desktop\FRST.txt
2015-09-29 18:55 - 2015-09-29 18:56 - 00000000 ____D C:\FRST
2015-09-29 18:55 - 2015-09-29 18:55 - 02192384 _____ (Farbar) C:\Users\Rohan\Desktop\FRST64.exe
2015-09-29 11:56 - 2015-09-29 18:13 - 00000167 _____ C:\ProgramData\SMartCallMonitorEvent.xml
2015-09-29 11:55 - 2015-09-29 11:55 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-09-29 11:54 - 2015-09-29 11:54 - 00000000 ____H C:\ProgramData\cm-lock
2015-09-29 02:06 - 2015-09-29 02:06 - 00094998 _____ C:\Users\Rohan\Downloads\[kat.cr]quantico.s01e01.720p.hdtv.x264.dimension.rartv.torrent
2015-09-28 23:44 - 2015-09-29 15:01 - 00002790 _____ C:\Windows\setupact.log
2015-09-28 23:44 - 2015-09-28 23:44 - 00008842 _____ C:\Windows\PFRO.log
2015-09-28 23:44 - 2015-09-28 23:44 - 00000000 _____ C:\Windows\setuperr.log
2015-09-28 18:42 - 2015-09-28 18:44 - 08614046 _____ C:\Users\Rohan\Downloads\CAPTCHA_Cracking-2015-09-28 (1).zip
2015-09-28 13:35 - 2015-09-28 13:37 - 08614040 _____ C:\Users\Rohan\Downloads\CAPTCHA_Cracking-2015-09-28.zip
2015-09-27 20:31 - 2015-09-27 20:31 - 00097814 _____ C:\Users\Rohan\Downloads\OCR.zip
2015-09-27 20:22 - 2015-09-27 20:22 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Subversion
2015-09-27 20:22 - 2015-09-27 20:22 - 00000000 ____D C:\Users\Rohan\AppData\Local\MathWorks
2015-09-27 19:23 - 2015-09-27 19:23 - 00000767 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2015-09-27 19:23 - 2015-09-27 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2015-09-27 19:22 - 2015-09-29 13:05 - 00000490 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2015-09-27 19:22 - 2015-09-27 19:22 - 00003668 _____ C:\Windows\System32\Tasks\MATLAB R2014a Startup Accelerator
2015-09-27 19:22 - 2015-09-27 19:22 - 00000000 ____D C:\ProgramData\MathWorks
2015-09-27 18:03 - 2015-09-27 18:03 - 00600220 _____ C:\Users\Rohan\Downloads\MathworksMatlabR2014a-CYGiSO.rar
2015-09-27 17:43 - 2015-09-28 18:49 - 00000000 ____D C:\Users\Rohan\Documents\MATLAB
2015-09-27 17:43 - 2015-09-27 17:43 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\MathWorks
2015-09-27 16:47 - 2015-09-27 16:48 - 03393608 _____ (Lucky Driver LLC) C:\Users\Rohan\Downloads\Matlab_R2014a_X64_serial_key_gen_downloader.exe
2015-09-27 15:14 - 2015-02-27 23:14 - 00000048 _____ C:\Users\Rohan\Downloads\FILE_ID.DIZ
2015-09-27 15:14 - 2015-02-27 14:16 - 00010535 _____ C:\Users\Rohan\Downloads\TSRh.nfo
2015-09-27 15:14 - 2015-02-27 13:43 - 00407956 _____ C:\Users\Rohan\Downloads\Mathworks.Matlab.R2014a.Cygiso.keygen.exe
2015-09-27 15:13 - 2015-09-27 15:13 - 00320764 _____ C:\Users\Rohan\Downloads\Mathworks.Matlab.R2014a.Cygiso.keygen.exe.zip
2015-09-27 15:10 - 2015-09-27 15:10 - 00000000 ____D C:\Program Files\MATLAB
2015-09-26 15:58 - 2015-09-27 02:10 - 00015382 ____H C:\Users\Rohan\Desktop\~WRL0003.tmp
2015-09-25 17:24 - 2015-09-25 17:24 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\PowerISO
2015-09-24 21:06 - 2015-09-24 21:12 - 09053487 _____ C:\Users\Rohan\Downloads\YU-Yureka-RootFiles.zip
2015-09-24 20:27 - 2015-09-24 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2015-09-24 18:14 - 2015-09-24 18:14 - 00039882 _____ C:\Users\Rohan\Downloads\[limetorrents.cc]Matlab.R2014a..8.03..Windows.x32.64.[2014..ENG].torrent
2015-09-20 12:48 - 2015-09-21 20:38 - 00000000 ____D C:\Users\Rohan\Desktop\New folder
2015-09-19 16:40 - 2015-09-19 16:43 - 11113044 _____ (Igor Pavlov) C:\Users\Rohan\Downloads\cstrike.exe
2015-09-19 16:31 - 2015-09-19 16:44 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2015-09-19 12:42 - 2015-09-19 12:42 - 00524683 _____ C:\Users\Rohan\Desktop\A3_1215041_Manufacturing Systems.pptx
2015-09-19 12:31 - 2015-09-19 12:31 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2015-09-19 12:23 - 2015-09-19 12:28 - 34345088 _____ ({code:GDConstant
2015-09-19 11:39 - 2015-09-19 11:39 - 00001658 _____ C:\Users\Rohan\Desktop\Recuva.lnk
2015-09-19 11:39 - 2015-09-19 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-09-19 11:39 - 2015-09-19 11:39 - 00000000 ____D C:\Program Files\Recuva
2015-09-19 11:38 - 2015-09-19 11:39 - 04426120 _____ (Piriform Ltd) C:\Users\Rohan\Downloads\rcsetup152.exe
2015-09-18 12:42 - 2015-09-18 12:43 - 00102541 ____N C:\Windows\SysWOW64\abtsvchost.xml
2015-09-18 12:42 - 2014-06-11 23:08 - 00084376 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe
2015-09-12 00:56 - 2015-09-12 00:58 - 09036267 _____ C:\Users\Rohan\Downloads\Drama.mp4
2015-09-10 23:59 - 2015-09-28 19:57 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 23:57 - 2015-09-09 23:57 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-31 08:40 - 2015-08-31 08:46 - 00000000 ___RD C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 18:54 - 2015-01-09 03:43 - 01583228 _____ C:\Windows\WindowsUpdate.log
2015-09-29 18:53 - 2015-01-10 08:21 - 00002112 _____ C:\ProgramData\netsh.out
2015-09-29 18:47 - 2015-01-09 05:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 18:13 - 2009-07-14 10:15 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 18:13 - 2009-07-14 10:15 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 18:08 - 2015-01-10 09:52 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-29 18:08 - 2015-01-10 08:21 - 00000231 _____ C:\ProgramData\SmartCallConfig.xml
2015-09-29 15:47 - 2015-01-09 05:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 15:35 - 2009-07-14 10:43 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 11:55 - 2015-01-09 06:57 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-29 11:54 - 2015-01-21 21:16 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-29 11:54 - 2015-01-09 07:32 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2015-09-29 11:54 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 05:42 - 2015-07-17 19:25 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\uTorrent
2015-09-28 23:44 - 2015-02-05 17:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-28 23:44 - 2015-02-05 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-28 19:29 - 2015-01-09 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-09-28 19:29 - 2015-01-09 07:04 - 00000000 ____D C:\Program Files (x86)\Acro Software
2015-09-28 19:21 - 2015-08-15 23:39 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\IDM
2015-09-28 19:21 - 2015-05-13 12:19 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\DAEMON Tools Lite
2015-09-28 19:21 - 2015-01-15 21:58 - 00000000 ____D C:\Users\Rohan\AppData\Local\CrashDumps
2015-09-28 18:47 - 2015-01-09 05:53 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-28 18:40 - 2015-08-11 12:35 - 00000000 ____D C:\Users\Rohan\Desktop\CAPTCHA Cracking
2015-09-28 18:39 - 2015-01-10 08:19 - 00000192 _____ C:\ProgramData\2012.par
2015-09-27 21:17 - 2009-07-14 10:38 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-27 16:27 - 2015-07-30 13:06 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-27 16:24 - 2015-01-09 06:18 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-27 00:20 - 2015-01-09 05:43 - 00000000 ____D C:\ProgramData\McAfee
2015-09-26 09:55 - 2015-03-25 00:35 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Skype
2015-09-26 01:36 - 2015-07-22 00:38 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-24 20:27 - 2015-08-07 22:11 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2015-09-24 18:15 - 2015-08-17 22:40 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\ApexDC++
2015-09-21 21:02 - 2015-04-15 16:34 - 00000000 ____D C:\Users\Rohan\Desktop\AIESEC
2015-09-21 20:31 - 2015-01-09 06:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-20 13:12 - 2015-01-09 09:27 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Adobe
2015-09-19 16:44 - 2015-01-09 03:43 - 00000000 ____D C:\Users\Rohan\AppData\Local\VirtualStore
2015-09-19 12:38 - 2015-01-09 03:43 - 00000000 ____D C:\Users\Rohan
2015-09-16 01:48 - 2015-01-24 16:33 - 00000000 ____D C:\Users\Rohan\AppData\Local\TempSWBackupDirectory
2015-09-16 01:10 - 2015-01-24 15:32 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\SolidWorks
2015-09-15 15:42 - 2015-01-09 05:46 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 15:42 - 2015-01-09 05:46 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-12 16:57 - 2015-01-09 05:46 - 00000000 ____D C:\Users\Rohan\AppData\Local\Google
2015-09-01 16:14 - 2015-01-09 04:27 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Atheros
2015-08-31 08:47 - 2015-01-09 04:19 - 00000000 ____D C:\Users\Rohan\Documents\Bluetooth Folder

==================== Files in the root of some directories =======

2015-01-12 21:15 - 2015-07-06 18:01 - 0007680 _____ () C:\Users\Rohan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-09 07:30 - 2015-05-28 15:51 - 7990216 _____ (Absolute Software Corp.) C:\Users\Rohan\AppData\Local\Setup.exe
2015-01-10 08:19 - 2015-09-28 18:39 - 0000192 _____ () C:\ProgramData\2012.par
2015-01-09 07:37 - 2015-05-06 20:37 - 0001856 __RSH () C:\ProgramData\3014.abs
2014-11-17 23:32 - 2014-11-17 23:32 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2015-09-29 11:54 - 2015-09-29 11:54 - 0000000 ____H () C:\ProgramData\cm-lock
2015-01-09 04:28 - 2015-01-09 04:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-10 08:21 - 2015-09-29 18:53 - 0002112 _____ () C:\ProgramData\netsh.out
2015-01-10 08:21 - 2015-09-29 18:08 - 0000231 _____ () C:\ProgramData\SmartCallConfig.xml
2015-09-29 11:56 - 2015-09-29 18:13 - 0000167 _____ () C:\ProgramData\SMartCallMonitorEvent.xml

Some files in TEMP:
====================
C:\Users\Rohan\AppData\Local\Temp\mdi264.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-24 23:07

==================== End of FRST.txt ============================
 
Hi sir,
I am facing a problem since a few days. A message box titled hi pops up repeatedly. I tried deleting the folder located by it named msupdate71 but it recreated itself.
I then searched for information on same and came across your site. I read all the instructions and followed the procedure as mentioned.
Above is the FRST.txt results of scan. and next I am posting the addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Rohan (2015-09-29 18:57:00)
Running from C:\Users\Rohan\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-01-08 22:13:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1899591628-1257761022-1329165971-500 - Administrator - Disabled)
Guest (S-1-5-21-1899591628-1257761022-1329165971-501 - Limited - Disabled)
Rohan (S-1-5-21-1899591628-1257761022-1329165971-1000 - Administrator - Enabled) => C:\Users\Rohan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.04) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ApexDC++ 1.6.0 (HKLM\...\{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1) (Version: 1.6.0 - ApexDC++ Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Electronic Piano 2.5 (HKLM-x32\...\Electronic Piano 2.5_is1) (Version: - Maurício Antunes Oliveira)
Free YouTube Downloader 4.0.365 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
McAfee All Access – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 14 CTP Redistributable (x64) - 14.0.22129 (HKLM-x32\...\{8a6c0ef2-b24e-4897-a1d7-367c3212a70b}) (Version: 14.0.22129.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MixMeister Fusion Demo 7.4.4 (HKLM-x32\...\mmfsetup_is1) (Version: - MixMeister Technology LLC)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.78 - NCH Software)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{2A8C5C0E-DC54-46BF-92AE-A062C63A1033}) (Version: 7.02.5521 - Nero AG)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PdaNet+ for Android 4.18 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SolidWorks 2013 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20130-40000-1100-100) (Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2013 SP0 x64 Edition (Version: 21.00.5025 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
VLC media player 0.9.9 (HKLM-x32\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
Windows Driver Package - Dell Inc (DellRbtn) HIDClass (06/26/2013 1.4.1) (HKLM\...\F83757BC3DFF5684ED21F4FD63A2BBB0B9F79953) (Version: 06/26/2013 1.4.1 - Dell Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-09-2015 00:13:41 Scheduled Checkpoint
11-09-2015 18:22:24 Scheduled Checkpoint
24-09-2015 20:27:57 Device Driver Package Install: Google USB Android Phone
26-09-2015 06:17:55 Windows Update
28-09-2015 19:27:39 Removed Absolute Notifier.
28-09-2015 19:30:29 Removed Microsoft Silverlight

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2015-08-11 16:24 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D2798E6-749D-4750-8A8C-E859B78A00EA} - System32\Tasks\{F46DBB51-F81A-4B69-AA5E-CEA27B07278B} => E:\Games\Crysis 3\Bin32\Crysis3.exe
Task: {54B22A89-7212-4F92-9933-4F2F9FDE4FF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6FDC782B-C5EC-49AC-A8FF-2FFC1ECF14BC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {891D590A-81C5-4D06-A8D5-832A5132E23F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {97C47843-9343-480F-A321-489EE6A16D6C} - System32\Tasks\{C9F5651F-A314-4AC7-AA7B-71E7929BE5BB} => Chrome.exe http://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsProgressBar
Task: {E0F4F6B2-642F-4752-B332-1296840421D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {EE0153B9-7883-4355-96C4-34757433A1AB} - System32\Tasks\MATLAB R2014a Startup Accelerator => E:\Matlab\r2014a\bin\win64\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {F1BC914E-FB5D-46E4-B556-3C5371374FAA} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-01-09] ()
Task: {FDA8AA9A-E49F-4C7D-AC97-800510F21DA0} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => E:\Matlab\r2014a\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-09 04:38 - 2015-01-10 13:37 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-09 04:42 - 2015-01-10 04:59 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-09 07:05 - 2005-08-08 04:24 - 00167936 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2014-01-08 00:58 - 2014-01-08 00:58 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2015-08-07 23:15 - 2015-09-03 14:44 - 01058616 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2015-05-05 00:55 - 2015-05-05 00:55 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-09-29 18:32 - 2015-09-29 18:35 - 00032256 _____ () C:\Users\Rohan\AppData\Local\Temp\msupdate71\dwm.exe
2015-01-09 04:38 - 2015-01-10 13:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-09-27 16:15 - 2015-09-27 16:15 - 00126976 ____N () C:\Users\Rohan\AppData\Local\Temp\mdi264.dll
2015-01-09 03:55 - 2013-12-10 18:57 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-09-26 00:50 - 2015-09-24 08:04 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-26 00:50 - 2015-09-24 08:04 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-26 00:50 - 2015-09-24 08:04 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Fast Start.lnk => C:\Windows\pss\SolidWorks 2013 Fast Start.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rohan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ApexDC++.lnk => C:\Windows\pss\ApexDC++.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Rohan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Absolute Notifier => "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{702E522F-0956-458B-AD3C-B3B841BE6D17}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{91E47AB2-A830-4995-B305-1C97B05FE408}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1AF422FD-8493-4CDC-8014-A23D356115C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{18C3D6D1-2880-4909-8A6B-2287C4B4C6CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AFE426F9-8388-4651-8A11-65E63F7B9E8D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE605E3F-F0CE-4F35-8A50-7EF3EC57F5CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3039842-91A8-4BF5-881E-D85210DA3116}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8AA609B4-52DA-47B2-B10C-2FEE93AF9504}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0D28A2C8-2938-47A9-BF81-5DC8D6E51933}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6CF4180F-428C-442D-B664-271AFBDAA792}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{53B3691F-76CA-4250-9C59-49E507AB1259}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{806AC7CB-33C9-4F30-BE6D-1CE255E38E5F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{3645AA2A-39F9-42BF-ACA6-7F62F491CD49}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{0C2B60FF-B89F-4E6B-A6B7-1FC5943350F1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{0CFECCD8-AF6D-4A20-BFF2-FCE1D4F555BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{531CC7FE-8954-4CAD-A52D-6AAF232820F8}] => (Allow) LPort=2869
FirewallRules: [{922FA1A7-2713-4DF1-950F-62948455ED0B}] => (Allow) LPort=1900
FirewallRules: [{3F950ABB-C803-4506-94C1-3C7712563057}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{3C4174DA-0CA7-4675-A7CD-A745BCD0A431}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{E6099DD8-7E98-41D5-BE90-A70C73DF04B1}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{F71A2C94-D5F6-4625-91C7-4524FA733A1E}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{405F113F-E764-44F4-B087-249AA046A9C1}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{1D968EF6-0DC7-40BD-8D23-1B107B4F9795}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{75490E5C-55F6-4DD2-B8C2-513F144247A9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{812F8CC0-7377-456F-9815-3FF97A993C03}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Block) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe
FirewallRules: [UDP Query User{2D11E2A7-2A78-4AF9-A122-7B9ED67C4561}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Block) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe
FirewallRules: [TCP Query User{60516200-D027-419E-97C3-CB7828F463B3}C:\program files\ansys inc\v145\framework\bin\win64\ansysfww.exe] => (Block) C:\program files\ansys inc\v145\framework\bin\win64\ansysfww.exe
FirewallRules: [UDP Query User{4F71073A-D94B-469E-9EA7-F50AB6DE6C44}C:\program files\ansys inc\v145\framework\bin\win64\ansysfww.exe] => (Block) C:\program files\ansys inc\v145\framework\bin\win64\ansysfww.exe
FirewallRules: [{1573C19D-89FF-4269-BE64-882ABD6516C1}] => (Allow) C:\Users\Rohan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E021AB2-7AD5-467F-8E15-C6FBD14C4891}] => (Allow) C:\Users\Rohan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B3BE2292-1486-4394-84BB-FBF8B57DDCCF}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [{A5824534-ECDA-414D-AA6C-849F3371D4A3}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [{AC3D415C-9BFB-4625-B49B-E16052DDAA12}] => (Allow) C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
FirewallRules: [TCP Query User{4181A8C2-3D64-4562-8730-32DEF8757BEB}C:\program files\apexdc++\apexdc-x64.exe] => (Allow) C:\program files\apexdc++\apexdc-x64.exe
FirewallRules: [UDP Query User{F2FAF8B2-3795-4774-8220-285AB2B856B7}C:\program files\apexdc++\apexdc-x64.exe] => (Allow) C:\program files\apexdc++\apexdc-x64.exe
FirewallRules: [{F57D842B-9A81-4A62-8F35-C3B813FD908D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{801F6A0D-8072-4B54-A697-E7C4EE9738C9}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{4E78E21E-FBFE-4E89-9140-81A6A3F2C18A}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{D9741388-D9AD-4138-9007-981F7065D697}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [{56489652-00A4-4C83-9EAB-40D4AC92AAED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AD7F8C96-7584-4787-A05F-7167047E6077}E:\matlab\r2014a\bin\win64\matlab.exe] => (Allow) E:\matlab\r2014a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{7BD8F8A4-023D-4ABE-9F10-D27D99F41CF9}E:\matlab\r2014a\bin\win64\matlab.exe] => (Allow) E:\matlab\r2014a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{A3E67103-CF3B-419B-B3A6-B3D9F13BAFEB}E:\matlab\r2014a\bin\win64\smpd.exe] => (Allow) E:\matlab\r2014a\bin\win64\smpd.exe
FirewallRules: [UDP Query User{0B5D2CFF-4E6C-4FD0-A6F2-00DD24E9453A}E:\matlab\r2014a\bin\win64\smpd.exe] => (Allow) E:\matlab\r2014a\bin\win64\smpd.exe
FirewallRules: [TCP Query User{19422A11-5450-4D8E-B2A1-1E7068F81E23}E:\matlab\r2014a\bin\win64\mpiexec.exe] => (Allow) E:\matlab\r2014a\bin\win64\mpiexec.exe
FirewallRules: [UDP Query User{F17549A5-225D-4276-AA95-7DF3BC699E5C}E:\matlab\r2014a\bin\win64\mpiexec.exe] => (Allow) E:\matlab\r2014a\bin\win64\mpiexec.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1705 Bluetooth
Description: Dell Wireless 1705 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2015 11:55:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 11:45:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 07:39:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Nss.exe version 4.3.0.43 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cac

Start Time: 01d0f9f6e97f1460

Termination Time: 0

Application Path: C:\Program Files (x86)\Norton Security Scan\Engine\4.3.0.43\Nss.exe

Report Id: 6a55129c-65ea-11e5-8788-2047470d9ad8

Error: (09/28/2015 07:30:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Remote Procedure Call (RPC) LD since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (09/28/2015 07:27:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Remote Procedure Call (RPC) LD since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (09/28/2015 06:37:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 04:20:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 02:39:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 01:33:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 10:44:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/29/2015 06:08:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/29/2015 06:08:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/29/2015 03:28:05 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/29/2015 03:28:03 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/29/2015 12:01:48 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/29/2015 11:54:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ANSYS, Inc. License Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (09/29/2015 05:41:22 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/29/2015 01:20:45 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/28/2015 11:45:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ANSYS, Inc. License Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (09/28/2015 06:39:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AbtSvcHost service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 66%
Total physical RAM: 3999.95 MB
Available physical RAM: 1331.11 MB
Total Virtual: 7998.11 MB
Available Virtual: 5036.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:345.48 GB) (Free:271.59 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:236.2 GB) NTFS
Drive e: () (Fixed) (Total:292.97 GB) (Free:243.88 GB) NTFS
Drive f: (Grp 09 (2011-15)) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F6EF342)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=345.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Thank you sir for this quick response.
As soon as I posted the results of FRST.txt and ADDITION.txt, when I switched off my laptop, automatic updates began to install. It installed 29 updates. Then on restarting I found out that the wolf64 message box does not pop up any more. The pc is running fine as so far.
I have not yet tried the second stage cleaning you sent me as a reply since I had to clear this thing with you. I think that there is no more risk of the msupdate71. I kindly request for your thoughts and suggestions on this.
 
Good news but we need to finish cleaning process so please continue with my previous reply.
 
Status
Not open for further replies.
Back