Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MY laptop is very slow. It seems to be infected with some virus/malwar

Started by abhi6512 , Mar 13 2015 01:16 PM

This topic is locked

#1
abhi6512

Posted 13 March 2015 - 01:16 PM

Member

Member
143 posts

I have a Dell Vostro. 1500. Intel core 2 Duo, 2 GB RAM, 32 bit OS.

My machine was slow since a while but assuming it to be a old note book I pay least heed to it.

But these days it's [bleep] slow & even opening a website drives me to ad pages & then I have to request back to website.

I feel it to be infected by virus/malware. I need your help to get my machine clean & run better without any ads.

Pls. do reply to me & help me.

Regards,

Abhishek

#2
BrianDrab

Posted 13 March 2015 - 01:36 PM

Trusted Helper

Malware Removal
3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.

- General Instructions -

Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
Any fixes provided by myself are for this log file only and should not be used on any other systems.
Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

- Finally Before We Start-

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

OK, let's get some logs and see what is going on.

Step#1 - Fresh Set of Logs Needed
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

#3
abhi6512

Posted 14 March 2015 - 12:18 PM

Member

Topic Starter
Member
143 posts

Hi Brian,

Sincere thanks for your quick response.

I'm running the tool & shall post back soon with the logs.

Once again thanks a ton for your quick support. It means a lot to me.

Regards,

Abhishek

#4
abhi6512

Posted 14 March 2015 - 12:33 PM

Member

Topic Starter
Member
143 posts

Hi Brian,

PFB the scan results :

Also to share I'm OK with removing any additional softwares that might occur to you in the scan report & you feel are of no use or of any negative impact to my machine.

FRST.txt

********************************************************************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by Abhishek (administrator) on ABHISHEK-PC on 14-03-2015 23:47:44

Running from C:\Users\Abhishek\Desktop

Loaded Profiles: Abhishek (Available profiles: Abhishek)

Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

() C:\Windows\System32\WLTRYSVC.EXE

(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe

() C:\ProgramData\DatacardService\HWDeviceService.exe

(Nero AG) C:\Program Files\Nero\Update\NASvc.exe

(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe

(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

() C:\ProgramData\Trusted Publisher\SW-Booster\SW-Booster.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe

(Gteko Ltd.) C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

() C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)

HKLM\...\Run: [AnyProtect Scanner] => "C:\Program Files\AnyProtectEx\AnyProtect.exe"

HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [296096 2012-08-14] (RealNetworks, Inc.)

HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0

HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2010-02-17] (Yahoo! Inc.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Facebook Update] => "C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [RockMelt Update] => C:\Users\Abhishek\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [136336 2012-03-14] (RockMelt Inc.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [BitTorrent] => C:\Users\Abhishek\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-03-04] (BitTorrent Inc.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [se] => C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe /minimized

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: F - F:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {125455f7-730c-11e1-b195-fe93e5c86024} - F:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {12545601-730c-11e1-b195-810d70a76acb} - F:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {12545671-730c-11e1-b195-c85622b6b4be} - F:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {1d5b41de-e447-11e1-b0c6-fd68a3cebc60} - F:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {1d5b41e7-e447-11e1-b0c6-ce3d81501a1b} - F:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {5b7a2728-ff3b-11e0-906f-823332b82114} - F:\Setup.exe /Auto

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {9dd422bd-6701-11dd-81bc-001d09b30651} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Sys.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {acc5c1d9-1f88-11e4-a92f-806e6f6e6963} - E:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {adf0e9fe-2749-11e4-9ac2-001d09b30651} - E:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {b0d1cfb3-7a14-11e1-b5e3-d760c0553e51} - F:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {b6d8a72f-e9df-11e1-b68f-fdbd6f5861f1} - G:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {cb2824ac-1ec7-11e4-b21b-001dd9e8829b} - E:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {e28707c4-e56f-11e1-af60-d142243269b5} - G:\AutoRun.exe

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-16] (Google)

BootExecute:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.sea...&cc=IN&unqvl=69

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

URLSearchHook: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

URLSearchHook: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File

URLSearchHook: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 - SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)

SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=IN&unqvl=69

SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2790392

SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=IN&unqvl=69

SearchScopes: HKU\.DEFAULT -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.c...rms}&tbid=60327

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2790392

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> {0B8DCF56-50E2-494C-A325-E0BD2C6B5126} URL = http://in.search.yah...p={searchTerms}

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.c...rms}&tbid=60327

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> {837120EB-FFE3-48FD-8F7B-F2761B06F918} URL = http://websearch.ask...DA-BEDB00C0D3C6

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2790392

SearchScopes: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...&cc=IN&unqvl=69

BHO: NewSaver -> {06f6f85c-bac2-43be-bece-e15eb4c475e8} -> C:\ProgramData\NewSaver\tzwCSK8UufN0Xr.dll [2014-11-22] ()

BHO: SaveLots -> {48910c32-ad9e-4c84-8b67-adc12dd96b33} -> C:\ProgramData\SaveLots\h3pa0wL8juCiLv.dll [2014-11-20] ()

BHO: SaverExtension -> {4c282ea3-6f71-42c7-bb27-d21973d82f4c} -> C:\ProgramData\SaverExtension\juoCGNsZDb21JF.dll [2014-11-22] ()

BHO: CoupExtension -> {5c614e31-e6b7-452d-b9ac-84c4aa2fcb0a} -> C:\ProgramData\CoupExtension\dljAtBLwlPxX5B.dll [2014-11-20] ()

Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-12-28] (Google Inc.)

Toolbar: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-12-28] (Google Inc.)

Toolbar: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

Toolbar: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-04-26] (Adobe Systems, Inc.)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-08-14] (RealPlayer)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin: @videolan.org/vlc;version=0.8.6f -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Abhishek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\Abhishek\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll [2012-03-14] (RockMelt Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]

FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-05-01]

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-14]

FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension

FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-05-01]

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (TheFreeDictionarycom Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap [2014-11-22]

CHR Extension: (Google Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]

CHR Extension: (eRail.in) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2014-06-29]

CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-09]

CHR Extension: (Google Search) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-09]

CHR Extension: (NickelBlock) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpmbhfdelldocceoekndfaholphcobg [2014-11-20]

CHR Extension: (Google Wallet) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-09]

CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-09]

CHR HKLM\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\Abhishek\AppData\Local\Temp\tbch.crx [Not Found]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]

CHR HKLM\...\Chrome\Extension: [mpjidcokcfencofcmondgimdoobddnoe] - C:\Users\Abhishek\AppData\Local\CRE\mpjidcokcfencofcmondgimdoobddnoe.crx [2012-05-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [3906048 2014-11-16] () [File not signed] <==== ATTENTION

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-03-02] (Symantec Corporation)

R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-03-02] (Symantec Corporation)

S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-16] (Google)

R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)

R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)

R2 MaintainerSvc2.02.5636706; C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe [123632 2015-03-14] ()

R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)

R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [810320 2008-01-28] (Safer Networking Ltd.)

R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2010-03-02] (Symantec Corporation)

S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2010-03-02] (Symantec Corporation)

R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [570880 2008-08-30] (Crawler.com) [File not signed]

R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)

R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2010-03-02] (Symantec Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-22] (Dell Inc.) [File not signed]

S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2010-03-02] (Symantec Corporation)

R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-24] (Gteko Ltd.)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-17] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-06-17] (Symantec Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-26] (Malwarebytes Corporation)

R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)

R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20120617.009\NAVENG.SYS [87928 2012-05-16] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20120617.009\NAVEX15.SYS [1589752 2012-05-16] (Symantec Corporation)

R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-19] (SingleClick Systems)

R3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-06] (Gteko Ltd.) [File not signed]

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]

R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2010-03-02] (Symantec Corporation)

R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [141312 2008-08-19] () [File not signed]

R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [281648 2010-03-02] (Symantec Corporation)

S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320560 2010-03-02] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-03-02] (Symantec Corporation)

R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2012-06-18] (Symantec Corporation)

S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2010-03-02] (Symantec Corporation)

R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2010-03-02] (Symantec Corporation)

R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [50064 2010-03-02] (Symantec Corporation)

R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2010-03-02] (Symantec Corporation)

S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [167936 2011-06-21] (Symantec Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]

S3 zteusbser; system32\DRIVERS\ztemtusbser.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 23:47 - 2015-03-14 23:49 - 00026602 _____ () C:\Users\Abhishek\Desktop\FRST.txt

2015-03-14 23:46 - 2015-03-14 23:47 - 00000000 ____D () C:\FRST

2015-03-14 09:54 - 2015-03-14 09:55 - 01135104 _____ (Farbar) C:\Users\Abhishek\Desktop\FRST.exe

2015-03-12 08:25 - 2015-01-29 07:05 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-12 08:24 - 2015-02-26 05:48 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-12 08:24 - 2015-01-29 07:05 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-12 03:09 - 2015-02-20 07:33 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-12 03:09 - 2015-02-20 05:58 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-12 03:08 - 2015-02-26 07:31 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-03-12 03:08 - 2015-02-26 07:31 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-12 03:08 - 2015-01-09 07:34 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-12 03:08 - 2015-01-09 05:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-12 03:07 - 2015-01-21 07:32 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-12 03:06 - 2015-03-06 09:31 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-12 03:04 - 2014-10-13 06:42 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-03-12 03:03 - 2015-02-18 07:32 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 12:24 - 2015-02-21 23:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-03-11 12:24 - 2015-02-21 22:59 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 12:24 - 2015-02-21 22:58 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 12:24 - 2015-02-21 22:52 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 12:24 - 2015-02-21 22:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 12:24 - 2015-02-21 22:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 12:24 - 2015-02-21 22:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-03-11 12:24 - 2015-02-21 22:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 12:24 - 2015-02-21 22:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 12:24 - 2015-02-21 22:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 12:24 - 2015-02-21 22:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 12:24 - 2015-02-21 22:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-03-11 12:24 - 2015-02-21 22:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-03-11 12:24 - 2015-02-21 22:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-03-11 12:24 - 2015-02-21 22:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 12:23 - 2015-02-21 23:07 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 12:23 - 2015-02-21 22:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-09 23:32 - 2015-03-09 23:32 - 00143720 _____ () C:\Windows\Minidump\Mini030915-01.dmp

2015-03-07 00:40 - 2015-03-07 00:40 - 00143720 _____ () C:\Windows\Minidump\Mini030715-01.dmp

2015-02-26 11:19 - 2015-02-26 11:19 - 00087040 _____ () C:\Users\Abhishek\Downloads\DISTRIBUTION SCHEDULE MAR15.xls

2015-02-12 03:04 - 2014-11-26 07:35 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-12 03:02 - 2015-01-15 09:43 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-12 03:01 - 2014-12-08 07:29 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 23:49 - 2008-08-11 22:32 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Skype

2015-03-14 23:38 - 2014-08-11 00:19 - 00000400 _____ () C:\Windows\Tasks\WpsNotifyTask_Abhishek.job

2015-03-14 23:23 - 2014-08-17 16:13 - 00000400 _____ () C:\Windows\Tasks\WpsUpdateTask_Abhishek.job

2015-03-14 23:15 - 2012-03-30 08:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-14 23:04 - 2012-03-14 21:58 - 00000940 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job

2015-03-14 22:54 - 2014-05-09 11:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-14 22:32 - 2007-12-28 13:46 - 01648833 _____ () C:\Windows\WindowsUpdate.log

2015-03-14 22:19 - 2011-12-19 14:05 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job

2015-03-14 22:18 - 2011-12-19 14:05 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job

2015-03-14 22:03 - 2012-03-14 21:58 - 00000888 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job

2015-03-14 21:50 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-14 21:50 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-14 21:22 - 2014-10-08 00:47 - 00000000 ____D () C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8

2015-03-14 18:23 - 2010-08-26 00:07 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\BitTorrent

2015-03-14 18:02 - 2014-11-16 22:10 - 00000482 ____H () C:\Windows\Tasks\SW-Booster-S-792098896.job

2015-03-14 18:02 - 2014-05-09 11:25 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-14 17:52 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\tracing

2015-03-14 17:50 - 2008-09-17 23:12 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2015-03-14 17:49 - 2006-11-02 18:28 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-13 22:19 - 2006-11-02 18:19 - 00137834 _____ () C:\Windows\setupact.log

2015-03-12 08:45 - 2006-11-02 18:14 - 00299240 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-12 08:41 - 2007-12-28 13:46 - 00000012 _____ () C:\Windows\bthservsdp.dat

2015-03-12 08:41 - 2006-11-02 18:28 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-12 08:24 - 2013-07-22 22:24 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-12 08:06 - 2006-11-02 15:54 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-03-09 23:32 - 2012-08-12 00:50 - 232144477 _____ () C:\Windows\MEMORY.DMP

2015-03-09 23:32 - 2008-07-19 12:11 - 00000000 ____D () C:\Windows\Minidump

2015-03-09 11:10 - 2008-04-09 10:45 - 00006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat

2015-03-09 00:36 - 2015-01-24 22:53 - 00000561 _____ () C:\Users\Abhishek\Desktop\weekend getaways.txt

2015-03-05 23:33 - 2015-02-09 10:07 - 00000277 _____ () C:\Users\Abhishek\Desktop\cover letter.txt

2015-03-02 13:59 - 2015-01-25 00:53 - 00000493 _____ () C:\Users\Abhishek\Desktop\onsite consultants.txt

2015-02-24 03:23 - 2014-03-10 01:21 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-02-19 19:52 - 2007-12-28 14:12 - 00164302 _____ () C:\Windows\PFRO.log

2015-02-16 17:53 - 2012-01-09 15:05 - 11600557 _____ () C:\Users\Abhishek\Downloads\Invitation card (1).rar

==================== Files in the root of some directories =======

2014-09-28 14:06 - 2014-09-28 14:10 - 6010880 _____ () C:\Program Files\GUT80A5.tmp

2014-08-07 12:58 - 2014-08-07 12:58 - 0000314 _____ () C:\Users\Abhishek\AppData\Roaming\aps.uninstall.scan.results

2008-08-09 15:15 - 2012-08-13 00:44 - 0000568 _____ () C:\Users\Abhishek\AppData\Roaming\wklnhst.dat

2008-04-09 10:45 - 2015-03-09 11:10 - 0006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat

2008-01-04 09:26 - 2015-01-25 14:55 - 0137216 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-07 13:01 - 2014-08-07 13:01 - 0575544 _____ (ClickMeIn Limited) C:\Users\Abhishek\AppData\Local\nscB950.tmp

2014-08-07 12:49 - 2014-08-07 12:49 - 0591056 _____ (ClickMeIn Limited) C:\Users\Abhishek\AppData\Local\nsh752B.tmp

2014-09-09 07:23 - 2014-09-09 07:23 - 0000000 _____ () C:\Users\Abhishek\AppData\Local\{53F4DD30-6599-4858-AC72-0DA3ECAD8514}

2008-08-11 22:33 - 2008-08-11 22:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-14 18:05

==================== End Of Log ============================

Addition.txt

************************************************************************************************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Abhishek at 2015-03-14 23:49:55

Running from C:\Users\Abhishek\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Symantec Endpoint Protection (Enabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\{C7888C3F-0506-555F-7907-CDD3F81719A5}) (Version: 1.5 - Adobe Systems Incorporated)

Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )

Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )

Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION

Ask Toolbar Updater (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION

BitTorrent (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)

Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )

CoupExtension (HKLM\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version: - "") <==== ATTENTION

Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)

Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )

Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )

Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

EasyBits GO (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Game Organizer) (Version: - EasyBits Media)

Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)

FileZilla Client 3.1.1.1 (HKLM\...\FileZilla Client) (Version: 3.1.1.1 - )

Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)

Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )

Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216034FF}) (Version: 6.0.370 - Oracle)

Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)

Kundli for Windows v4.5 (Demo) (HKLM\...\Kundli for Windows (Demo)_is1) (Version: - )

Laptop Integrated Webcam Driver (1.03.02.0719) (HKLM\...\Creative OEM002) (Version: - )

Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)

LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)

Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)

MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden

MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

My Program version 1.5 (HKLM\...\My Program_is1) (Version: 1.5 - )

Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)

Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)

Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)

NewSaver (HKLM\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version: - "") <==== ATTENTION

Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)

Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)

Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden

OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)

Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden

OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden

PC Connectivity Solution (HKLM\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)

PC-Sustainer (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}) (Version: - Genuine P Software) <==== ATTENTION

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)

QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)

RockMelt (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\RockMelt) (Version: 0.16.91.483 - RockMelt, Inc.)

SaveLots (HKLM\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version: - "") <==== ATTENTION

SaverExtension (HKLM\...\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}) (Version: - "") <==== ATTENTION

Search Settings v1.2.3 (HKLM\...\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}) (Version: - Spigot, Inc.) <==== ATTENTION

SkypEmoticons (HKLM\...\SkypEmoticons_is1) (Version: - ) <==== ATTENTION

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.06.13151 - Sony Corporation)

Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.5.2 - Safer Networking Limited)

Spyware Terminator (HKLM\...\Spyware Terminator_is1) (Version: 2.3.0.487 - Crawler Inc.)

SW-Booster (HKLM\...\S-792098896) (Version: 1.2.0.1878 - SW-Booster) <==== ATTENTION

Symantec Endpoint Protection (HKLM\...\{2EFCC193-D915-4CCB-9201-31773A27BC06}) (Version: 11.0.5002.333 - Symantec Corporation)

Tata Photon+ (HKLM\...\Tata Photon+) (Version: 11.030.01.28.628 - Huawei Technologies Co.,Ltd)

User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )

Vaudix (HKLM\...\{681002C6-5019-81A2-7871-A43754F71E56}) (Version: 4.3.0.1667 - Vaudix) <==== ATTENTION

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)

Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)

Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )

Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version: - )

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

YoutubeAdBlocke (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION

Zoozoo widget (HKLM\...\{7E6A5DAD-B31B-4752-8F84-11705FA593D0}) (Version: 1.0.0 - Vodafone)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 -> No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{03C43AFB-0EA0-46AA-99A1-B85DF1C8D3D6}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\RockMelt\Update\1.2.189.1\rmupdate.dll (RockMelt Inc.)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{0FC7E9BC-E053-4AD8-BB2B-C52837B9008D}\localserver32 -> C:\Users\Abhishek\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{3F65C453-D051-4B7A-A5EA-0F3FAB0BA77F}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 -> No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 -> No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\AskToolbar\Downloaded Program Files\Nero.dll (Ask.com)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Abhishek\AppData\Local\Temp\e1605937\temp\Download.exe No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

18-02-2015 02:40:05 Windows Update

18-02-2015 03:00:10 Windows Update

19-02-2015 09:10:47 Scheduled Checkpoint

24-02-2015 18:27:14 Windows Update

28-02-2015 11:13:50 Windows Update

01-03-2015 10:25:46 Scheduled Checkpoint

03-03-2015 20:38:15 Scheduled Checkpoint

04-03-2015 01:46:25 Windows Update

07-03-2015 10:50:06 Scheduled Checkpoint

09-03-2015 12:02:41 Scheduled Checkpoint

10-03-2015 08:33:07 Scheduled Checkpoint

10-03-2015 12:01:10 Windows Update

12-03-2015 03:00:22 Windows Update

12-03-2015 08:04:20 Windows Update

14-03-2015 11:52:48 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 15:53 - 2008-08-22 01:11 - 00259901 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 1001-search.info

127.0.0.1 www.1001-search.info

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.123topsearch.com

127.0.0.1 123topsearch.com

127.0.0.1 www.132.com

127.0.0.1 132.com

127.0.0.1 136136.net

127.0.0.1 www.136136.net

127.0.0.1 www.139mm.com

127.0.0.1 139mm.com

127.0.0.1 www.163ns.com

127.0.0.1 163ns.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001B59FC-7DCC-4D33-A2ED-15182A2F5686} - System32\Tasks\{2CD37C56-66DD-4BDE-B7B9-492866C3E6C4} => pcalua.exe -a C:\Users\Abhishek\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe -d "C:\Program Files\OpenOffice.org 3\program"

Task: {084AD666-F8B5-4090-9C38-CFFF8D6C4E67} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe http://ui.skype.com/...l?page=tsPlugin

Task: {15859CE5-7BDD-48CB-9612-007393573DFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {175EE4E5-2A4A-452F-877F-5AF4F456B744} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA => C:\Users\Abhishek\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-14] (RockMelt Inc.)

Task: {1AB3785F-41B9-45D2-9979-9BB9785E9602} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

Task: {239F1C0C-DBFE-4EA8-861A-B7E44453A2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: {23AD59E5-7B45-4DAE-97D1-96FDD0308AD7} - System32\Tasks\WpsUpdateTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)

Task: {2487AE63-6C7A-4479-9ABD-1E7C8B06AE88} - \{35DC3473-A719-4d14-B7C1-FD326CA84A0C} No Task File <==== ATTENTION

Task: {2EE2027E-415B-4A49-BABD-947193469DB0} - System32\Tasks\SW-Booster-S-792098896 => c:\programdata\trusted publisher\sw-booster\SW-Booster.exe [2014-11-16] () <==== ATTENTION

Task: {33009D32-EEF0-44B4-8975-E7C369FD6136} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar

Task: {48A1C5B8-70E1-400A-895D-FF14337BD979} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {59C5AF6B-06D2-4B46-8392-73D58A8AD652} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {654AB3CF-CB0C-45EC-8E16-CF49A6CEE017} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core => C:\Users\Abhishek\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-03-14] (RockMelt Inc.)

Task: {8D03BECD-CE00-41FD-A701-9A337B93B57E} - \{66BA574B-1E11-49b8-909C-8CC9E0E8E015} No Task File <==== ATTENTION

Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads

Task: {97E4E69E-19EC-4C83-8ABF-10483E4C0D98} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {9D454D67-0B49-4FA0-A2C9-52651399FED3} - \ASP No Task File <==== ATTENTION

Task: {B08BEFB2-8905-46BB-8E23-FB99ECF897F7} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION

Task: {B5E80C9A-78B6-4B1D-B89E-B6B2B8EF0956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: {C22D95F8-BEAC-4087-93D5-B9137B7160C3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

Task: {E1575974-A5DD-496D-8DAC-F91AE17A5AF6} - System32\Tasks\WpsNotifyTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)

Task: {ED0D0DE3-CAAC-4954-B6A5-339256A524FE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {EF98DFEF-37BA-4345-B88B-AC78C08D03D4} - System32\Tasks\{70D6C1BD-CE5A-4232-85BB-A37964871491} => pcalua.exe -a "C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MVG1Q4W\RealPlayer11GOLD[2].exe" -d C:\Users\Abhishek

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job => C:\Users\Abhishek\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job => C:\Users\Abhishek\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

Task: C:\Windows\Tasks\SW-Booster-S-792098896.job => c:\programdata\trusted publisher\sw-booster\SW-Booster.exeO/schedule /profile c:\programdata\trusted publisher\sw-booster\792098896.ini <==== ATTENTION

Task: C:\Windows\Tasks\WpsNotifyTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe

Task: C:\Windows\Tasks\WpsUpdateTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-12-28 13:59 - 2007-03-22 01:03 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE

2007-12-28 13:59 - 2007-03-22 01:03 - 00065536 _____ () C:\Windows\System32\bcmwlrmt.dll

2014-11-16 22:09 - 2014-11-16 22:09 - 03906048 _____ () c:\Program Files\DeltaFix\DeltaFix.dll

2010-11-16 19:07 - 2010-11-16 19:07 - 00264704 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe

2014-11-16 22:10 - 2014-11-16 22:10 - 00773632 _____ () c:\programdata\trusted publisher\sw-booster\SW-Booster.exe

2007-12-28 21:40 - 2007-06-29 14:52 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll

2008-08-11 20:18 - 2008-08-11 20:18 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2008-08-09 22:59 - 2007-05-22 10:59 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll

2014-10-29 23:45 - 2014-10-22 09:34 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-29 23:45 - 2014-10-22 09:34 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2014-05-09 12:12 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-05-09 12:12 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

2014-10-29 23:45 - 2014-10-22 09:35 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

2014-10-07 03:30 - 2015-03-14 21:22 - 00123632 _____ () C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:62E2D794

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg

DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk => C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk => C:\Windows\pss\Dell Network Assistant.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zoozoo widget.lnk => C:\Windows\pss\Zoozoo widget.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe

MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

MSCONFIG\startupreg: DellAutomatedPCTuneUp => "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup

MSCONFIG\startupreg: dscactivate => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe

MSCONFIG\startupreg: Facebook Update => "C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

MSCONFIG\startupreg: Google Update => "C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

MSCONFIG\startupreg: NSU_agent => "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: RockMelt Update => "C:\Users\Abhishek\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c

MSCONFIG\startupreg: SearchSettings => C:\Program Files\Search Settings\SearchSettings.exe

MSCONFIG\startupreg: SigmatelSysTrayApp => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

MSCONFIG\startupreg: SpywareTerminator => "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter

MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Accounts: =============================

Abhishek (S-1-5-21-4265441916-1708264049-1492465063-1000 - Administrator - Enabled) => C:\Users\Abhishek

Administrator (S-1-5-21-4265441916-1708264049-1492465063-500 - Administrator - Disabled)

Guest (S-1-5-21-4265441916-1708264049-1492465063-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #2

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #14

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: Microsoft 6to4 Adapter #15

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #15

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #16

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #16

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{C3A4FEAA-4B57-4B7E-9001-D075AF9FDEFB}

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: isatap.{F4F704F8-A7E0-4717-BBE5-4D458E54592B}

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{F4F704F8-A7E0-4717-BBE5-4D458E54592B}

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/14/2015 11:03:50 PM) (Source: Google Update) (EventID: 20) (User: Abhishek-PC)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://us-w1.rockme...date/1.0/update

Trying config: source=IE, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=IE, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072

Error: (03/14/2015 10:50:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (03/14/2015 10:50:02 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

System errors:

=============

Error: (01/26/2009 09:53:40 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 21:51:28 on 26-01-2009 was unexpected.

Error: (01/26/2009 09:51:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: 30000Schedule

Error: (01/26/2009 04:36:42 AM) (Source: BTHUSB) (EventID: 17) (User: )

Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/25/2009 10:02:25 AM) (Source: BTHUSB) (EventID: 17) (User: )

Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/24/2009 02:31:41 PM) (Source: W32Time) (EventID: 34) (User: )

Description: The time service has detected that the system time needs to be changed by +86535 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123) is working properly.

Error: (01/24/2009 02:16:14 PM) (Source: HTTP) (EventID: 15016) (User: )

Description: \Device\Http\ReqQueueKerberos

Error: (01/24/2009 00:18:13 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (01/23/2009 03:05:34 PM) (Source: W32Time) (EventID: 34) (User: )

Description: The time service has detected that the system time needs to be changed by +86534 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123) is working properly.

Error: (01/23/2009 02:50:16 PM) (Source: HTTP) (EventID: 15016) (User: )

Description: \Device\Http\ReqQueueKerberos

Error: (01/22/2009 11:09:05 PM) (Source: W32Time) (EventID: 34) (User: )

Microsoft Office Sessions:

=========================

Error: (03/14/2015 11:03:50 PM) (Source: Google Update) (EventID: 20) (User: Abhishek-PC)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://us-w1.rockme...date/1.0/update

Trying config: source=IE, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=IE, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072

Error: (03/14/2015 10:50:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES

Error: (03/14/2015 10:50:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES

Error: (03/14/2015 10:50:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS

Error: (03/14/2015 10:50:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS

Error: (03/14/2015 10:50:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES

Error: (03/14/2015 10:50:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES

Error: (03/14/2015 10:50:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK

Error: (03/14/2015 10:50:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK

Error: (03/14/2015 10:50:02 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA

CodeIntegrity Errors:

===================================

Date: 2015-03-14 23:48:56.275

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 23:48:55.906

Date: 2015-03-14 23:48:55.515

Date: 2015-03-14 23:48:55.042

Date: 2015-03-09 23:36:39.736

Date: 2015-03-09 23:36:39.195

Date: 2015-03-09 23:36:38.605

Date: 2015-03-09 23:36:38.056

Date: 2015-03-09 23:36:09.008

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 23:36:08.572

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz

Percentage of memory in use: 88%

Total physical RAM: 2037.45 MB

Available physical RAM: 230.11 MB

Total Pagefile: 4318.18 MB

Available Pagefile: 1596.34 MB

Total Virtual: 2047.88 MB

Available Virtual: 1903.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:34.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.52 GB) NTFS

Drive e: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:200.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)

Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 465.8 GB) (Disk ID: 58C7B312)

Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#5
BrianDrab

Posted 14 March 2015 - 01:55 PM

Trusted Helper

Malware Removal
3,591 posts

OK, thanks for the info. We have a lot of work to do here but I think we can get you all cleaned up.

Step#1 - Warnings

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

Please uninstall the following Peer-to-Peer program(s): BitTorrent

Spybot Search & Destroy
I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.

Antivirus Out of Date

The Antivirus that you appear to have is Symantec Endpoint Protection however it's not updated so you are not protected. If you don't have an active subscription to this antivirus I suggest that you uninstall this and install a free version. I have listed a couple recommended free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves. Before continuing on you need to download and install one to prevent any infections from spreading. I use Microsoft Security Essentials on my home machines but the choice is yours.

Microsoft Security Essentials
Avast! (If you decide on this one, please ensure you uncheck the Google Toolbar and Google Chrome that is offered on the first screen of the install...unless you want them for some reason). In addition if you choose Avast!, please ensure that Windows Defender is disabled. Instructions for doing so are here.

Since your machine is so infected, please do the fixes I have listed below and then do this antivirus step.

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Ask Toolbar
Ask Toolbar Updater
CoupExtension
EasyBits GO
Java™ 6 Update 37
Java™ SE Runtime Environment 6
Malwarebytes Anti-Malware version 2.0.3.1025
My Program version 1.5
NewSaver
PC-Sustainer
SaveLots
SaverExtension
Search Settings v1.2.3
SkypEmoticons
Spyware Terminator
SW-Booster
Vaudix
YoutubeAdBlocke

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt 12.88KB 305 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

Step#5 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

Items for your next post

1. FRST Fix log

2. AdwCleaner log
3. FRST and Addition logs

#6
abhi6512

Posted 15 March 2015 - 07:19 AM

Member

Topic Starter
Member
143 posts

Hello Brian,

As directed I'm able to remove almost all softwares from my notebook except following few:

Symantec Endpoint Protection -

this seems to be removed but it's still showing in the list.

Ask toolbar - I get following error when trying to remove ask toolbar

-- Error 2738. Coult not access VBScript run time for custom action.

Facebook video calling 1.2.0.287 - I get following error when trying to remove this

--The installer has encountered and unexpected error installing this package. This may indicate a problem with this package. The error code is 2738.

Fix log

************************************************************************************************************

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015

Ran by Abhishek at 2015-03-15 15:06:48 Run:1

Running from C:\Users\Abhishek\Desktop

Loaded Profiles: Abhishek (Available profiles: Abhishek)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CreateRestorePoint:

(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe

() C:\ProgramData\Trusted Publisher\SW-Booster\SW-Booster.exe

C:\ProgramData\Trusted Publisher

() C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe

C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8

HKLM\...\Run: [] => [X]

HKLM\...\Run: [AnyProtect Scanner] => "C:\Program Files\AnyProtectEx\AnyProtect.exe"

C:\Program Files\AnyProtectEx