Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
HELP !!!!! URGENT HELP REQUIRED !
Message
<blockquote data-quote="karthik0812" data-source="post: 512192" data-attributes="member: 52899"><p>here is the fresh frst report :</p><p>[code]</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01</p><p>Ran by SYSTEM on MININT-P4PTHGJ (30-05-2016 15:41:18)</p><p>Running from H:\</p><p>Platform: WIN_7 (X64) Language: English (United States)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p>Default: ControlSet001</p><p>[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]</p><p></p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-12] (Realtek Semiconductor)</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)</p><p>HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)</p><p>HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-12] (Atheros Commnucations)</p><p>HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-12] (Atheros Commnucations)</p><p>HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"</p><p>HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)</p><p>HKLM\...\Winlogon: [Userinit] </p><p>HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION</p><p>HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION</p><p>HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> </p><p>HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> </p><p>HKU\karthik\...\Run: [PowerGramo] => C:\Program Files (x86)\Freebird\PowerGramo\PGStarter.exe [126976 2013-02-01] ()</p><p>HKU\karthik\...\Run: [Spotify Web Helper] => C:\Users\karthik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-15] (Spotify Ltd)</p><p>HKU\karthik\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)</p><p>HKU\karthik\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)</p><p>HKU\karthik\Control Panel\Desktop\\SCRNSAVE.EXE -> </p><p>HKU\UpdatusUser\Control Panel\Desktop\\SCRNSAVE.EXE -> </p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S4 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-08] (Avira Operations GmbH & Co. KG)</p><p>S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG)</p><p>S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG)</p><p>S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-08] (Avira Operations GmbH & Co. KG)</p><p>S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-06] (Apple Inc.)</p><p>S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-12] (Atheros)</p><p>S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [280008 2016-04-24] (Avira Operations GmbH & Co. KG)</p><p>S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)</p><p>S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-07] (Microsoft Corporation)</p><p>S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-07] (Microsoft Corporation)</p><p>S2 i2p; C:\Program Files (x86)\i2p\I2Psvc.exe [389632 2014-09-19] (Tanuki Software, Ltd.)</p><p>S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-01-13] (Nitro PDF Software)</p><p>S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-24] (Google Inc)</p><p>S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-08] (Avira Operations GmbH & Co. KG)</p><p>S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-03-08] (Avira Operations GmbH & Co. KG)</p><p>S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-22] (Avira Operations GmbH & Co. KG)</p><p>S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-03-08] (Avira Operations GmbH & Co. KG)</p><p>S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-13] (Microsoft Corporation)</p><p>S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2011-08-03] (QUALCOMM Incorporated)</p><p>S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)</p><p>S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )</p><p>S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)</p><p>S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)</p><p>S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-04] (Duplex Secure Ltd.)</p><p>S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()</p><p>S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-03] (ZTEMT Incorporated)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-05-26 15:57 - 2016-05-30 15:41 - 00000000 ____D C:\FRST</p><p>2016-05-26 02:07 - 2016-05-26 02:07 - 00291256 _____ C:\Windows\ntbtlog.txt</p><p>2016-05-22 09:58 - 2016-05-22 09:58 - 00041549 _____ C:\Users\karthik\Downloads\63F5B1F1E420CE576443D3B29E6CF247ADF5080B.torrent</p><p>2016-05-21 12:38 - 2016-05-21 12:38 - 00109840 _____ C:\Users\karthik\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2016-05-21 10:37 - 2016-05-21 11:50 - 705592853 _____ C:\Users\karthik\Downloads\xart.15.12.07.lily.ivy.like.the.first.time.mp4</p><p>2016-05-21 10:36 - 2016-05-21 10:36 - 00054479 _____ C:\Users\karthik\Downloads\[kat.cr]x.art.2015.12.07.lily.ivy.like.the.first.time.mp4.1920x1080.torrent</p><p>2016-05-07 00:01 - 2016-05-07 00:01 - 00056836 _____ C:\Users\karthik\Downloads\[kat.cr]captain.america.civil.war.2016.english.700mb.hdcam.x264.downloadhub.torrent</p><p>2016-05-06 12:30 - 2016-05-06 12:30 - 00037014 _____ C:\Users\karthik\Downloads\[kat.cr]lemonade.hdtv.x264.esc.torrent</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-05-23 18:49 - 2012-09-21 07:43 - 00000000 ____D C:\Users\karthik\AppData\Roaming\uTorrent</p><p>2016-05-23 18:07 - 2014-07-15 21:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2016-05-23 15:59 - 2012-12-05 06:54 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3225296214-181210767-3777732035-1000UA.job</p><p>2016-05-23 11:09 - 2014-09-19 03:44 - 00000000 ____D C:\ProgramData\i2p</p><p>2016-05-23 11:09 - 2012-12-05 06:54 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3225296214-181210767-3777732035-1000Core.job</p><p>2016-05-23 02:07 - 2014-07-15 21:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2016-05-21 12:35 - 2013-07-18 21:25 - 00000000 ____D C:\Users\karthik\AppData\Roaming\vlc</p><p>2016-05-20 22:12 - 2012-09-24 09:15 - 00000000 ____D C:\Users\karthik\Downloads\Video</p><p>2016-05-18 21:49 - 2012-09-24 09:15 - 00000000 ____D C:\Users\karthik\Downloads\Compressed</p><p>2016-05-18 06:05 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2016-05-18 06:05 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2016-05-18 05:41 - 2013-05-25 12:29 - 00000000 ____D C:\Users\karthik\AppData\Roaming\IDM</p><p>2016-05-18 05:41 - 2012-10-12 01:24 - 00000000 ____D C:\Users\karthik\AppData\Local\CrashDumps</p><p>2016-05-18 05:41 - 2012-09-18 12:47 - 00000000 ____D C:\Users\karthik\AppData\Roaming\Media Player Classic</p><p>2016-05-18 05:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf</p><p>2016-05-17 10:45 - 2012-09-24 09:15 - 00000000 ____D C:\Users\karthik\AppData\Roaming\DMCache</p><p>2016-05-17 10:15 - 2013-03-20 07:14 - 00003428 _____ C:\Windows\System32\Tasks\Apple Diagnostics</p><p>2016-05-17 02:09 - 2014-07-15 21:08 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2016-05-17 02:02 - 2014-07-15 21:04 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2016-05-17 02:02 - 2014-07-15 21:04 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2016-05-17 01:31 - 2015-08-31 05:38 - 00001094 _____ C:\Users\Public\Desktop\Avira Launcher.lnk</p><p>2016-05-17 01:31 - 2015-03-25 21:25 - 00000000 ____D C:\ProgramData\Package Cache</p><p>2016-05-17 01:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2016-05-10 20:28 - 2012-09-22 20:19 - 00045056 _____ C:\Windows\System32\acovcnt.exe</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\karthik\AppData\Local\Temp\avgnt.exe</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) =========================</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\rpcss.dll => MD5 is legit</p><p>C:\Windows\System32\dnsapi.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== Association (Whitelisted) =============</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 10%</p><p>Total physical RAM: 8102.7 MB</p><p>Available physical RAM: 7259.87 MB</p><p>Total Virtual: 8100.84 MB</p><p>Available Virtual: 7254.88 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:244.04 GB) (Free:25.35 GB) NTFS</p><p>Drive e: () (Fixed) (Total:244.14 GB) (Free:52.86 GB) NTFS</p><p>Drive f: () (Fixed) (Total:210.35 GB) (Free:27.87 GB) NTFS</p><p>Drive h: (VENKY_DRIVE) (Removable) (Total:3.65 GB) (Free:3.64 GB) FAT32</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p>Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7C12E647)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=210.4 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)</p><p>Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)</p><p></p><p></p><p>LastRegBack: 2015-04-23 14:45</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p>[/code]</p></blockquote><p></p>
[QUOTE="karthik0812, post: 512192, member: 52899"] here is the fresh frst report : [code] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 Ran by SYSTEM on MININT-P4PTHGJ (30-05-2016 15:41:18) Running from H:\ Platform: WIN_7 (X64) Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-12] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-12] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-12] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM\...\Winlogon: [Userinit] HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\karthik\...\Run: [PowerGramo] => C:\Program Files (x86)\Freebird\PowerGramo\PGStarter.exe [126976 2013-02-01] () HKU\karthik\...\Run: [Spotify Web Helper] => C:\Users\karthik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-15] (Spotify Ltd) HKU\karthik\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.) HKU\karthik\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.) HKU\karthik\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\UpdatusUser\Control Panel\Desktop\\SCRNSAVE.EXE -> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-08] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-08] (Avira Operations GmbH & Co. KG) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-06] (Apple Inc.) S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-12] (Atheros) S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [280008 2016-04-24] (Avira Operations GmbH & Co. KG) S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-07] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-07] (Microsoft Corporation) S2 i2p; C:\Program Files (x86)\i2p\I2Psvc.exe [389632 2014-09-19] (Tanuki Software, Ltd.) S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-01-13] (Nitro PDF Software) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40736 2013-10-24] (Google Inc) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-08] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-03-08] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-22] (Avira Operations GmbH & Co. KG) S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-03-08] (Avira Operations GmbH & Co. KG) S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-13] (Microsoft Corporation) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2011-08-03] (QUALCOMM Incorporated) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-04] (Duplex Secure Ltd.) S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] () S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-03] (ZTEMT Incorporated) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-26 15:57 - 2016-05-30 15:41 - 00000000 ____D C:\FRST 2016-05-26 02:07 - 2016-05-26 02:07 - 00291256 _____ C:\Windows\ntbtlog.txt 2016-05-22 09:58 - 2016-05-22 09:58 - 00041549 _____ C:\Users\karthik\Downloads\63F5B1F1E420CE576443D3B29E6CF247ADF5080B.torrent 2016-05-21 12:38 - 2016-05-21 12:38 - 00109840 _____ C:\Users\karthik\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-21 10:37 - 2016-05-21 11:50 - 705592853 _____ C:\Users\karthik\Downloads\xart.15.12.07.lily.ivy.like.the.first.time.mp4 2016-05-21 10:36 - 2016-05-21 10:36 - 00054479 _____ C:\Users\karthik\Downloads\[kat.cr]x.art.2015.12.07.lily.ivy.like.the.first.time.mp4.1920x1080.torrent 2016-05-07 00:01 - 2016-05-07 00:01 - 00056836 _____ C:\Users\karthik\Downloads\[kat.cr]captain.america.civil.war.2016.english.700mb.hdcam.x264.downloadhub.torrent 2016-05-06 12:30 - 2016-05-06 12:30 - 00037014 _____ C:\Users\karthik\Downloads\[kat.cr]lemonade.hdtv.x264.esc.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-23 18:49 - 2012-09-21 07:43 - 00000000 ____D C:\Users\karthik\AppData\Roaming\uTorrent 2016-05-23 18:07 - 2014-07-15 21:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-23 15:59 - 2012-12-05 06:54 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3225296214-181210767-3777732035-1000UA.job 2016-05-23 11:09 - 2014-09-19 03:44 - 00000000 ____D C:\ProgramData\i2p 2016-05-23 11:09 - 2012-12-05 06:54 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3225296214-181210767-3777732035-1000Core.job 2016-05-23 02:07 - 2014-07-15 21:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-21 12:35 - 2013-07-18 21:25 - 00000000 ____D C:\Users\karthik\AppData\Roaming\vlc 2016-05-20 22:12 - 2012-09-24 09:15 - 00000000 ____D C:\Users\karthik\Downloads\Video 2016-05-18 21:49 - 2012-09-24 09:15 - 00000000 ____D C:\Users\karthik\Downloads\Compressed 2016-05-18 06:05 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-18 06:05 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-18 05:41 - 2013-05-25 12:29 - 00000000 ____D C:\Users\karthik\AppData\Roaming\IDM 2016-05-18 05:41 - 2012-10-12 01:24 - 00000000 ____D C:\Users\karthik\AppData\Local\CrashDumps 2016-05-18 05:41 - 2012-09-18 12:47 - 00000000 ____D C:\Users\karthik\AppData\Roaming\Media Player Classic 2016-05-18 05:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2016-05-17 10:45 - 2012-09-24 09:15 - 00000000 ____D C:\Users\karthik\AppData\Roaming\DMCache 2016-05-17 10:15 - 2013-03-20 07:14 - 00003428 _____ C:\Windows\System32\Tasks\Apple Diagnostics 2016-05-17 02:09 - 2014-07-15 21:08 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-17 02:02 - 2014-07-15 21:04 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-17 02:02 - 2014-07-15 21:04 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-17 01:31 - 2015-08-31 05:38 - 00001094 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-05-17 01:31 - 2015-03-25 21:25 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-17 01:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-10 20:28 - 2012-09-22 20:19 - 00045056 _____ C:\Windows\System32\acovcnt.exe Some files in TEMP: ==================== C:\Users\karthik\AppData\Local\Temp\avgnt.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8102.7 MB Available physical RAM: 7259.87 MB Total Virtual: 8100.84 MB Available Virtual: 7254.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:244.04 GB) (Free:25.35 GB) NTFS Drive e: () (Fixed) (Total:244.14 GB) (Free:52.86 GB) NTFS Drive f: () (Fixed) (Total:210.35 GB) (Free:27.87 GB) NTFS Drive h: (VENKY_DRIVE) (Removable) (Total:3.65 GB) (Free:3.64 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7C12E647) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=210.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0B) LastRegBack: 2015-04-23 14:45 ==================== End of FRST.txt ============================ [/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top