Jump to content

Help needed ..This program is blocked by group policy. For more information, contact your system administrator


Recommended Posts

Hi

 

I think my computer is infected because i am unable to open either Malwarebytes or McAfee as it is blocked by a message reading "This program is blocked by group policy. For more information, contact your system administrator."

 

I can open the Chameleon page and have tested all the Chameleons, but not helped out.

 

Please help me in solving this problem.As i saw a similar problem requested by another user, I ran the a Scan with TDSS-Killer and Gmer rootkit scanner and the log is attached.


Thanks in Advance

 

 

 

 

TDSSKiller.3.0.0.31_14.04.2014_22.54.54_log.txt

ark.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

Hi,

 

As advised, please find the FRST log and addition txt,

 

FRST Log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Amma (administrator) on DEUTSCHLAND on 16-04-2014 07:17:40
Running from C:\Users\Amma\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Google Inc.) C:\Users\Amma\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnagent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe [168216 2011-04-20] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [392472 2011-04-20] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [416024 2011-04-20] (Intel Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [75064 2011-04-29] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2582164999-3651936928-3911635938-1000\...\Run: [Google Update] => C:\Users\Amma\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-08] (Google Inc.)
HKU\S-1-5-21-2582164999-3651936928-3911635938-1000\...\MountPoints2: E - E:\Setup.exe /Auto
HKU\S-1-5-21-2582164999-3651936928-3911635938-1000\...\Winlogon: [shell] explorer.exe [2871808 2011-08-18] (Microsoft Corporation) <==== ATTENTION
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Amma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o7tfrod7th.lnk
ShortcutTarget: o7tfrod7th.lnk -> C:\PROGRA~3\299219~1\ht7dorft7o.cpp (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/9
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3FC408F8-5A7F-42B2-B551-10FB8A3BE2DC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {3FC408F8-5A7F-42B2-B551-10FB8A3BE2DC} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5E00BF75-5401-4833-8D7F-2DF0D8D12ED9}: [NameServer]10.228.129.113 10.228.129.114

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Amma\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Amma\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Amma\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Amma\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Amma\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Amma\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ []
FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files (x86)\WordWeb\WCaptureMoz [2011-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-11-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-29]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Amma\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid [2012-07-04]
CHR HKCU\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Amma\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-15]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Amma\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2011-09-03]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [405504 2010-11-08] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-12] (Anchorfree Inc.)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-16 07:17 - 2014-04-16 07:19 - 00020652 _____ () C:\Users\Amma\Downloads\FRST.txt
2014-04-16 07:17 - 2014-04-16 07:17 - 00000000 ____D () C:\FRST
2014-04-16 07:15 - 2014-04-16 07:15 - 02054144 _____ (Farbar) C:\Users\Amma\Downloads\FRST64.exe
2014-04-15 22:35 - 2014-04-15 22:43 - 00007951 _____ () C:\Windows\IE10_main.log
2014-04-15 09:09 - 2014-04-15 23:21 - 00447220 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-15 08:42 - 2014-04-15 23:06 - 00445970 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-14 23:35 - 2014-04-14 23:35 - 03016854 _____ () C:\Users\Amma\Desktop\ark.txt
2014-04-14 23:33 - 2013-11-27 03:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-14 23:33 - 2013-11-27 03:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-14 23:04 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-14 22:54 - 2014-04-14 22:54 - 00380416 _____ () C:\Users\Amma\Desktop\c25r1hmt.exe
2014-04-14 22:54 - 2014-04-14 22:54 - 00000000 ____D () C:\Users\Amma\Desktop\tdsskiller
2014-04-14 22:53 - 2014-04-14 22:53 - 04118280 _____ () C:\Users\Amma\Desktop\tdsskiller.zip
2014-04-14 22:53 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-04-14 22:53 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-04-14 22:41 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-14 22:41 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-14 22:41 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-14 22:41 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-14 22:40 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-14 22:40 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-14 22:40 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-14 22:40 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-14 22:40 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-14 20:46 - 2014-04-14 20:46 - 00002986 _____ () C:\Windows\System32\Tasks\{2E5A2ED6-D1A9-4733-A067-AFFD071B1264}
2014-04-14 19:14 - 2014-04-14 19:14 - 00006896 ____N () C:\bootsqm.dat
2014-04-14 16:11 - 2014-04-14 20:14 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-14 16:11 - 2014-04-14 16:11 - 00000000 ____D () C:\Users\Amma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-08 07:58 - 2014-04-08 07:58 - 00002289 _____ () C:\Users\Amma\Desktop\xing.txt
2014-04-02 07:37 - 2014-04-02 07:39 - 00000433 _____ () C:\Users\Amma\Desktop\Utensils.txt
2014-04-01 14:14 - 2014-04-16 07:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4da3f89abfff.job
2014-04-01 14:14 - 2014-04-01 14:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4da3f89abfff
2014-03-31 21:06 - 2014-03-31 21:06 - 00000830 _____ () C:\Users\Amma\Desktop\Tablet list.txt
2014-03-28 08:06 - 2014-04-16 07:11 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000UA1cf4a4bd628401f.job
2014-03-28 08:06 - 2014-03-28 08:06 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000UA1cf4a4bd628401f
2014-03-25 07:20 - 2014-03-25 07:20 - 00001375 _____ () C:\Users\Amma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-23 20:29 - 2014-03-23 20:29 - 00000000 ___RD () C:\Users\Amma\Desktop\MySyncUPFiles
2014-03-23 14:02 - 2014-03-23 14:15 - 00000000 ____D () C:\Users\Amma\Desktop\Misc
2014-03-23 12:19 - 2013-10-14 19:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-03-23 11:59 - 2014-03-23 11:59 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-23 11:59 - 2014-03-23 11:59 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-23 11:59 - 2014-03-23 11:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-23 11:59 - 2014-03-23 11:59 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-23 11:59 - 2014-03-23 11:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-23 11:55 - 2014-03-23 11:55 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-23 11:50 - 2014-03-23 11:50 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-23 11:50 - 2014-03-23 11:50 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-23 11:46 - 2014-03-23 12:19 - 00011949 _____ () C:\Windows\IE11_main.log
2014-03-23 11:03 - 2014-03-23 11:03 - 00000000 ____D () C:\Program Files (x86)\Security Stronghold
2014-03-23 11:02 - 2014-03-23 11:02 - 01586248 _____ (Security Stronghold ) C:\Users\Amma\Downloads\TrackingCookiesRemovalTool.exe
2014-03-20 22:02 - 2014-03-20 22:02 - 07288523 _____ () C:\Users\Amma\Documents\About gods.pptx
2014-03-17 08:18 - 2014-03-23 14:17 - 00000000 ____D () C:\Users\Amma\Desktop\Resume

==================== One Month Modified Files and Folders =======

2014-04-16 07:19 - 2014-04-16 07:17 - 00020652 _____ () C:\Users\Amma\Downloads\FRST.txt
2014-04-16 07:19 - 2014-04-01 14:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4da3f89abfff.job
2014-04-16 07:19 - 2013-11-07 23:33 - 01809292 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 07:17 - 2014-04-16 07:17 - 00000000 ____D () C:\FRST
2014-04-16 07:15 - 2014-04-16 07:15 - 02054144 _____ (Farbar) C:\Users\Amma\Downloads\FRST64.exe
2014-04-16 07:11 - 2014-03-28 08:06 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000UA1cf4a4bd628401f.job
2014-04-16 07:11 - 2013-12-08 10:53 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000Core1cef3f2fbe0294a.job
2014-04-16 07:06 - 2013-11-03 12:50 - 00126856 _____ () C:\Users\Amma\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 07:06 - 2011-08-18 06:32 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-16 07:06 - 2011-08-18 06:08 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-16 07:05 - 2014-03-06 09:09 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 06:56 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 06:56 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 06:48 - 2010-11-21 05:47 - 00254168 _____ () C:\Windows\PFRO.log
2014-04-16 06:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 06:48 - 2009-07-14 06:51 - 00154062 _____ () C:\Windows\setupact.log
2014-04-16 00:01 - 2009-07-14 07:13 - 00788770 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 23:59 - 2011-02-10 18:10 - 00767342 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-15 23:21 - 2014-04-15 09:09 - 00447220 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-04-15 23:06 - 2014-04-15 08:42 - 00445970 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-04-15 22:43 - 2014-04-15 22:35 - 00007951 _____ () C:\Windows\IE10_main.log
2014-04-15 18:34 - 2011-09-28 08:55 - 00000000 ____D () C:\Users\Guest\AppData\Local\Nero
2014-04-15 18:23 - 2013-11-29 00:21 - 00001806 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-04-15 13:21 - 2011-09-25 14:23 - 00126856 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-15 11:09 - 2009-07-14 06:45 - 00462432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 10:41 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-15 10:41 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-15 10:41 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-15 10:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-15 07:42 - 2011-08-22 04:57 - 00000000 ____D () C:\Users\Amma\AppData\Local\Nero
2014-04-14 23:35 - 2014-04-14 23:35 - 03016854 _____ () C:\Users\Amma\Desktop\ark.txt
2014-04-14 22:54 - 2014-04-14 22:54 - 00380416 _____ () C:\Users\Amma\Desktop\c25r1hmt.exe
2014-04-14 22:54 - 2014-04-14 22:54 - 00000000 ____D () C:\Users\Amma\Desktop\tdsskiller
2014-04-14 22:53 - 2014-04-14 22:53 - 04118280 _____ () C:\Users\Amma\Desktop\tdsskiller.zip
2014-04-14 22:00 - 2013-02-03 14:04 - 00000000 ____D () C:\Users\Amma\AppData\Roaming\Skype
2014-04-14 20:50 - 2013-12-27 15:43 - 00000005 _____ () C:\Users\Amma\AppData\Roaming\mbam.context.scan
2014-04-14 20:46 - 2014-04-14 20:46 - 00002986 _____ () C:\Windows\System32\Tasks\{2E5A2ED6-D1A9-4733-A067-AFFD071B1264}
2014-04-14 20:14 - 2014-04-14 16:11 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-14 19:14 - 2014-04-14 19:14 - 00006896 ____N () C:\bootsqm.dat
2014-04-14 16:11 - 2014-04-14 16:11 - 00000000 ____D () C:\Users\Amma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 13:28 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 07:58 - 2014-04-08 07:58 - 00002289 _____ () C:\Users\Amma\Desktop\xing.txt
2014-04-04 07:58 - 2013-05-15 02:39 - 00000000 ____D () C:\Users\Amma\AppData\Roaming\Sametime
2014-04-02 21:59 - 2011-08-22 04:30 - 00000000 ____D () C:\Users\Amma
2014-04-02 07:39 - 2014-04-02 07:37 - 00000433 _____ () C:\Users\Amma\Desktop\Utensils.txt
2014-04-01 14:14 - 2014-04-01 14:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4da3f89abfff
2014-04-01 14:14 - 2014-03-06 09:09 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 21:06 - 2014-03-31 21:06 - 00000830 _____ () C:\Users\Amma\Desktop\Tablet list.txt
2014-03-31 18:39 - 2011-08-23 03:07 - 00000000 ____D () C:\Amma
2014-03-30 12:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-28 08:06 - 2014-03-28 08:06 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000UA1cf4a4bd628401f
2014-03-28 08:06 - 2013-12-08 10:53 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000Core1cef3f2fbe0294a
2014-03-27 11:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-25 07:20 - 2014-03-25 07:20 - 00001375 _____ () C:\Users\Amma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-25 07:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-23 20:29 - 2014-03-23 20:29 - 00000000 ___RD () C:\Users\Amma\Desktop\MySyncUPFiles
2014-03-23 14:17 - 2014-03-17 08:18 - 00000000 ____D () C:\Users\Amma\Desktop\Resume
2014-03-23 14:16 - 2013-08-25 10:26 - 00000000 ____D () C:\Users\Amma\Desktop\Sheeba
2014-03-23 14:15 - 2014-03-23 14:02 - 00000000 ____D () C:\Users\Amma\Desktop\Misc
2014-03-23 12:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-03-23 12:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-03-23 12:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-23 12:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-23 12:19 - 2014-03-23 11:46 - 00011949 _____ () C:\Windows\IE11_main.log
2014-03-23 11:59 - 2014-03-23 11:59 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-23 11:59 - 2014-03-23 11:59 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-23 11:59 - 2014-03-23 11:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-23 11:59 - 2014-03-23 11:59 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-23 11:59 - 2014-03-23 11:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-23 11:59 - 2014-03-23 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-23 11:59 - 2014-03-23 11:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-23 11:55 - 2014-03-23 11:55 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-23 11:55 - 2014-03-23 11:55 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-23 11:50 - 2014-03-23 11:50 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-23 11:50 - 2014-03-23 11:50 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-23 11:03 - 2014-03-23 11:03 - 00000000 ____D () C:\Program Files (x86)\Security Stronghold
2014-03-23 11:02 - 2014-03-23 11:02 - 01586248 _____ (Security Stronghold ) C:\Users\Amma\Downloads\TrackingCookiesRemovalTool.exe
2014-03-20 22:02 - 2014-03-20 22:02 - 07288523 _____ () C:\Users\Amma\Documents\About gods.pptx
2014-03-19 08:06 - 2011-12-18 08:49 - 00000000 ____D () C:\Users\Amma\AppData\Roaming\Mozilla
2014-03-17 19:02 - 2013-11-04 17:51 - 00070592 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2014-03-17 18:54 - 2013-11-29 00:09 - 00185792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-03-17 18:54 - 2013-11-04 17:46 - 00345456 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-03-17 18:49 - 2013-09-24 21:22 - 00783864 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-03-17 18:47 - 2013-11-04 17:41 - 00522360 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2014-03-17 18:45 - 2013-11-04 17:40 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-03-17 18:44 - 2013-09-24 21:19 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys

Files to move or delete:
====================
C:\ProgramData\06p8iCguF.dat
C:\ProgramData\3ar9jbn.bxx
C:\ProgramData\3ar9jbn.fvv
C:\ProgramData\9195086.bat
C:\ProgramData\9195086.reg
C:\ProgramData\fr8rrg7t.bxx
C:\ProgramData\fr8rrg7t.fvv

Some content of TEMP:
====================
C:\Users\Amma\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Amma\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Amma\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Amma\AppData\Local\Temp\MSN34E8.exe
C:\Users\Amma\AppData\Local\Temp\Softonic_EN_1-5-1.exe
C:\Users\Amma\AppData\Local\Temp\Softonic_EN_1-5-1[1].exe
C:\Users\Amma\AppData\Local\Temp\tbBit0.dll
C:\Users\Amma\AppData\Local\Temp\uninst1.exe
C:\Users\Amma\AppData\Local\Temp\utt6F95.tmp.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-12 10:23

==================== End Of Log ============================

 

 

Link to post
Share on other sites

Hi,

 

Please find the attached Addition.Txt

 

Addition Txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Amma at 2014-04-16 07:20:20
Running from C:\Users\Amma\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.23 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.0 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Presentation Server Client (HKLM-x32\...\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}) (Version: 10.00.52110 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.55 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.55 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Face Recognition (HKLM\...\{2C5BEF49-4219-4751-9106-39604462939D}) (Version: 3.0.85.1 - Sensible Vision)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPL Ghostscript 8.70 (HKLM-x32\...\GPL Ghostscript 8.70) (Version: - )
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
IBM Lotus Sametime Connect 7.5 (HKLM-x32\...\{F85B6E83-276C-4932-9B3C-F64F8D0576F9}) (Version: 7.5.60808 - IBM)
Intel PROSet Wireless (Version: - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MBlaze UI (HKLM\...\ZTEWireless-101_is1) (Version: - )
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.944 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.2 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.2.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.8.21200.33.104 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.13500 - Nero AG)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
Tracking Cookies Removal Tool 1.0 (HKLM-x32\...\{D2A92E68-7CAD-4661-9C7A-D932FD5312E2}_is1) (Version: 1.0 - Security Stronghold)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {179898B4-224B-4408-8FFF-EE3B964B352A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {2A0EFDFB-8498-457B-9B51-99B71FA6EA8C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4da3f89abfff => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {2BB108D6-5788-4BA5-BFFC-103AB68AE423} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000Core1cef3f2fbe0294a => C:\Users\Amma\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {2E0337AE-0806-4266-9F88-4B42A931B374} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {35ACE3B2-4A2D-45A2-9BC6-B7562628F68A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000UA1cf4a4bd628401f => C:\Users\Amma\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {4998E473-89B7-4068-A402-FDF6FA0FB641} - System32\Tasks\{CF8167B7-D2A1-4B6B-999B-C51B50C9AE9E} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.2.0.106&LastError=12002
Task: {A3C291DF-1EE1-4C8C-AD72-B905E99CE268} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {CC1F0DF4-B4EC-4D70-B3DD-5ED186D18F53} - System32\Tasks\{2E5A2ED6-D1A9-4733-A067-AFFD071B1264} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {F07F2CE7-B505-419D-B65E-C460423CFA83} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {F7DB1110-6561-4C31-AA31-A9D1B6A72C3B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4da3f89abfff.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000Core1cef3f2fbe0294a.job => C:\Users\Amma\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582164999-3651936928-3911635938-1000UA1cf4a4bd628401f.job => C:\Users\Amma\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-01 19:10 - 2010-11-01 19:10 - 00092808 _____ () C:\Windows\system32\FAIEExtension.DLL
2010-12-17 10:23 - 2010-12-17 10:23 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-06-15 08:00 - 2010-06-17 18:26 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-09-01 16:24 - 2010-11-08 12:17 - 00405504 _____ () C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
2011-12-31 17:28 - 2011-05-28 18:35 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-18 06:08 - 2011-05-16 07:03 - 02748736 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-08-18 17:27 - 2011-04-10 20:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-17 10:23 - 2010-12-17 10:23 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 07:05 - 2010-11-17 07:05 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-04-29 12:43 - 2011-04-29 12:43 - 00075064 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2011-04-29 14:48 - 2011-04-29 14:48 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2013-01-28 09:38 - 2013-01-28 09:38 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 09:38 - 2013-01-28 09:38 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 19:14 - 2010-11-24 19:14 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-04-29 14:43 - 2011-04-29 14:43 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-04-29 14:43 - 2011-04-29 14:43 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Amma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fr8rrg7t.lnk => C:\Windows\pss\fr8rrg7t.lnk.Startup

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 07:12:41 AM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
The process cannot access the file 'C:\Users\Amma\AppData\local\softthinks\scheduler.xml' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
at System.Threading.CompressedStack.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
at System.Xml.XmlTextReaderImpl.OpenUrl()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at System.Xml.XmlDocument.Load(String filename)
at Toaster.SchedulerReader.read()
at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (04/16/2014 06:50:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: McSvHost.exe, version: 2.6.259.0, time stamp: 0x5040f1f9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x76c
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (04/16/2014 06:49:24 AM) (Source: Application Virtualization Client) (User: )
Description: The Application Virtualization Core Service failed to initialize correctly.

Error: (04/16/2014 06:49:24 AM) (Source: Application Virtualization Client) (User: )
Description: {tid=2E4}
Client core could not be initialized (rc 16D13C0A-0000E016)

Error: (04/16/2014 06:49:23 AM) (Source: Application Virtualization Client) (User: )
Description: {tid=2E4}
Initialization of the Application Virtualization file system security failed (status 16D13C0A-0000E016).

Error: (04/16/2014 00:01:24 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (04/15/2014 11:20:34 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"

Error: (04/15/2014 10:54:34 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"

Error: (04/15/2014 10:43:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: WU-IE10-Windows7-x64.exe, version: 10.0.9200.16521, time stamp: 0x51207d62
Faulting module name: WU-IE10-Windows7-x64.exe, version: 10.0.9200.16521, time stamp: 0x51207d62
Exception code: 0xc0000005
Fault offset: 0x0000b1c3
Faulting process id: 0x418
Faulting application start time: 0xWU-IE10-Windows7-x64.exe0
Faulting application path: WU-IE10-Windows7-x64.exe1
Faulting module path: WU-IE10-Windows7-x64.exe2
Report Id: WU-IE10-Windows7-x64.exe3

Error: (04/15/2014 07:47:16 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 139c

Start Time: 01cf58c6812301a0

Termination Time: 867

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (04/16/2014 07:17:06 AM) (Source: DCOM) (User: )
Description: "c:\PROGRA~1\mcafee\mpf\mpfalert.exe" -Embedding1260{C13F71BC-CC67-40A4-BEF2-1CBF44BD2A6D}

Error: (04/16/2014 07:07:18 AM) (Source: DCOM) (User: )
Description: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding1260{209500FC-6B45-4693-8871-6296C4843751}

Error: (04/16/2014 07:07:14 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error:
%%1056

Error: (04/16/2014 07:07:10 AM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (04/16/2014 07:07:10 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (04/16/2014 07:06:17 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023174.

Error: (04/16/2014 07:06:14 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (04/16/2014 07:06:14 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/16/2014 07:06:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/16/2014 07:06:14 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (04/16/2014 07:12:41 AM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
The process cannot access the file 'C:\Users\Amma\AppData\local\softthinks\scheduler.xml' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
at System.Threading.CompressedStack.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
at System.Xml.XmlTextReaderImpl.OpenUrl()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at System.Xml.XmlDocument.Load(String filename)
at Toaster.SchedulerReader.read()
at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (04/16/2014 06:50:22 AM) (Source: Application Error)(User: )
Description: McSvHost.exe2.6.259.05040f1f9ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410276c01cf592f31969eb2C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\SYSTEM32\ntdll.dll9d55ebff-c522-11e3-92da-ac728925b344

Error: (04/16/2014 06:49:24 AM) (Source: Application Virtualization Client)(User: )
Description:

Error: (04/16/2014 06:49:24 AM) (Source: Application Virtualization Client)(User: )
Description: {tid=2E4}
16D13C0A-0000E016

Error: (04/16/2014 06:49:23 AM) (Source: Application Virtualization Client)(User: )
Description: {tid=2E4}
16D13C0A-0000E016

Error: (04/16/2014 00:01:24 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (04/15/2014 11:20:34 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/15/2014 10:54:34 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/15/2014 10:43:40 PM) (Source: Application Error)(User: )
Description: WU-IE10-Windows7-x64.exe10.0.9200.1652151207d62WU-IE10-Windows7-x64.exe10.0.9200.1652151207d62c00000050000b1c341801cf58ea3e3d0f98C:\Windows\SoftwareDistribution\Download\Install\WU-IE10-Windows7-x64.exeC:\Windows\SoftwareDistribution\Download\Install\WU-IE10-Windows7-x64.exe9fd17cc5-c4de-11e3-a044-ac728925b344

Error: (04/15/2014 07:47:16 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16421139c01cf58c6812301a0867C:\Program Files (x86)\Internet Explorer\iexplore.exe

==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 2979.17 MB
Available physical RAM: 591.96 MB
Total Pagefile: 5956.52 MB
Available Pagefile: 3334.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.24 GB) (Free:70.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 306AF099)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Please help me in solving this issues,

 

Thanks in Advance.

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Hi,

 

I ran the fixlist and MBAM as you suggested and please find the log below,

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014
Ran by Amma at 2014-04-17 07:52:03 Run:1
Running from C:\Users\Amma\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-2582164999-3651936928-3911635938-1000\...\Winlogon: [shell] explorer.exe [2871808 2011-08-18] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Amma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o7tfrod7th.lnk
ShortcutTarget: o7tfrod7th.lnk -> C:\PROGRA~3\299219~1\ht7dorft7o.cpp (No File)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
CHR Extension: (No Name) - C:\Users\Amma\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid [2012-07-04]
CHR HKCU\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Amma\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Amma\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-30]

C:\PROGRA~3\299219~1
C:\ProgramData\06p8iCguF.dat
C:\ProgramData\3ar9jbn.bxx
C:\ProgramData\3ar9jbn.fvv
C:\ProgramData\9195086.bat
C:\ProgramData\9195086.reg
C:\ProgramData\fr8rrg7t.bxx
C:\ProgramData\fr8rrg7t.fvv

Reboot:
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-2582164999-3651936928-3911635938-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Amma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o7tfrod7th.lnk => Moved successfully.
C:\PROGRA~3\299219~1\ht7dorft7o.cpp not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key deleted successfully.
C:\Users\Amma\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully.
C:\Users\Amma\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully.
"C:\Users\Amma\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx" => File/Directory not found.
C:\ProgramData\2992199F9A => Moved successfully.
C:\ProgramData\06p8iCguF.dat => Moved successfully.
C:\ProgramData\3ar9jbn.bxx => Moved successfully.
C:\ProgramData\3ar9jbn.fvv => Moved successfully.
C:\ProgramData\9195086.bat => Moved successfully.
C:\ProgramData\9195086.reg => Moved successfully.
C:\ProgramData\fr8rrg7t.bxx => Moved successfully.
C:\ProgramData\fr8rrg7t.fvv => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

MBAM log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database

version: v2014.04.17.02

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Amma :: DEUTSCHLAND [administrator]

17-04-2014 08:01:11
mbam-log-2014-04-17 (08-01-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416305
Time elapsed: 34 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Thank you very much for your support and i am able to open the anitvirus software now .

 

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

CFScript.txt

Link to post
Share on other sites

 

C:\Users\Amma\Desktop\Final NVFOA\Backup

Please delete this directory.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

Hi,

 

Thank you very much for your support and advice.

 

I followed the same procedure as you suggested and everything is fine now.

 

But the only problem is, now my system got upated with latest windows updates and while restarting, it gives the message "Failure configuring windows update..Reverting changes"

 

I checked in control panel - windows update history , most of them are with status "failed"'

 

eg:

 

Security Update for Windows 7 for x64-based Systems (KB2862152)

Installation date: ‎15-‎04-‎2014 07:30

Installation status: Failed

Error details: Code 800F0826

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

More information:
http://support.microsoft.com/kb/2862152

Help

and Support:
http://support.microsoft.com

 

Similarly as above most of the Security updates for Windows 7 got failed. Anything can be done?

 

Thanks

 

 

 

 

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.