Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MY laptop is very slow. It seems to be infected with some virus/malwar


  • This topic is locked This topic is locked

#46
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Once you are done with Cleanwipe please download the following network driver and install.

http://downloads.del...ork/R154494.EXE

 

Thanks.


  • 0

Advertisements


#47
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hey Brian,

This time it worked. Hip Hip Hurray. Whole issue was symantec, this utility wiped it out completely.

sincere thanks, for first time in last so many days em writing from my laptop thanks a ton.

I was just tired of that small screen, leaving my neck soar :)

 

My internet is working do u still want me to download & install those drivers. Pls. let me know & I shall proceed accordingly.

 

-Abhi


  • 0

#48
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Great news! I knew it was Symantec but unfortunately the tool is not publically available (which is why I emailed it to you). I contacted Symantec support on your behalf to obtain it.

 

Yes we do still need to install that driver. Please let me know when it's done and we can continue cleaning your machine.


  • 0

#49
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Sincere thanks Brian,

Yeah I have already started the download. I shall install & let u know.

In the interim just to update you that my net connection is very slow not sure if it's from provider end or something locally. Just wanted to share with you.

 

-Abhi


  • 0

#50
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

I'm done with the installation of the driver. Do you want me to reboot?


  • 0

#51
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Do you want me to reboot?

 

Only if prompted.

 

net connection is very slow

 

No problem. We'll address all of your concerns but let's ensure we get you cleaned up first. Once you have installed that driver please continue with the following. These are the steps we didn't get to because of the Symantec issue. I will be stepping out for a little but will be back later.

 

Step#2 - Install Microsoft Security Essentials
I see you downloaded this so at this point let's see if this will install for you.
 
Step#3 - FRST Registry Search
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words
Facebook video;Ask Toolbar;Symantec into the Search box and click the Search Registry button.
    Search.JPG
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

Step#4 - Re-install Chrome

Chrome has been compromised and needs to be uninstalled and re-installed. It has been converted into the dev build of the software which allows malware to install extensions at will amongst other things.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks If you don't have bookmarks that you need to save just do bullets 4 & 5 below.
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

 

 

 

Items for your next post

1. FRST Registry Search log


  • 0

#52
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Brian,

PFB the search log as asked for:

Just glanced thru the log & we can still see humpty no of symantec entries .. even after the cleanup ... strange.

Anyways pls. just let me know the next steps once you are back. I will try to be up as much as possible. it's already 2 am for me :)

 

Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Abhishek at 2015-03-22 01:59:19
Running from C:\Users\Abhishek\Desktop
Boot Mode: Normal
 
================== Search Registry: "Facebook video;Ask Toolbar;Symantec" ===========
 
 
===================== Search result for "Facebook video" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C\InstallProperties]
"DisplayName"="Facebook Video Calling 1.2.0.287"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A789A075-219B-4817-8B9A-736D010F6EE7}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Abhishek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE|"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A789A075-219B-4817-8B9A-736D010F6EE7}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Abhishek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE|"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A789A075-219B-4817-8B9A-736D010F6EE7}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Abhishek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE|"
 
[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin]
 
[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin]
"ProductName"="Facebook Video Calling 3.1.0.521"
 
[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin]
""="Facebook Video Calling Plugin"
 
[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]
""="Facebook Video Calling Plugin"
 
[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1]
""="Facebook Video Calling Plugin"
 
===================== Search result for "Symantec" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B}\InprocServer32]
""="C:\PROGRA~2\Symantec\SyKnAppS\SyKnAppS.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A}\0.0\0\win32]
""="C:\PROGRA~2\Symantec\SyKnAppS\SyKnAppS.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]
""="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Symantec\"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\ccInst.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\rcAlert.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F815C3124010547971DF191BC1F2F6]
"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\ccL60.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6863B6A31DB198C4A9004B226A88E144]
"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\rcSvcHst.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C402F663CCF7F747950A8CB1BC65DF0]
"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9564B09A01EE9544F8FAC969954CABBD]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\SPManifests\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1908545DC7015C4F9B24A3A22FDA1DE]
"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC4377FD9FC3734F9AD63CE4955FE71]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\rcLgView.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B89A123E3228AD04989794840B9B14A7]
"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\ccScanW.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFF5FB428728B774CB0E9EDFA7291356]
"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
"List"="System Reserved
EMS
WdfLoadGroup
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Virtualization
FSFilter Encryption
FSFilter Compression
FSFilter Imaging
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Streams Drivers
NDIS Wrapper
COM Infrastructure
Event Log
AudioGroup
ProfSvc_Group
UIGroup
MS_WindowsLocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
wltrysvc
Symantec Core Services
Symantec Services
iSCSI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
SmartCardGroup
NetworkProvider
MS_WindowsRemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder]
"List"="System Reserved
EMS
WdfLoadGroup
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Virtualization
FSFilter Encryption
FSFilter Compression
FSFilter Imaging
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Streams Drivers
NDIS Wrapper
COM Infrastructure
Event Log
AudioGroup
ProfSvc_Group
UIGroup
MS_WindowsLocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
wltrysvc
Symantec Core Services
Symantec Services
iSCSI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
SmartCardGroup
NetworkProvider
MS_WindowsRemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
"List"="System Reserved
EMS
WdfLoadGroup
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Virtualization
FSFilter Encryption
FSFilter Compression
FSFilter Imaging
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Streams Drivers
NDIS Wrapper
COM Infrastructure
Event Log
AudioGroup
ProfSvc_Group
UIGroup
MS_WindowsLocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
wltrysvc
Symantec Core Services
Symantec Services
iSCSI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
SmartCardGroup
NetworkProvider
MS_WindowsRemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions"
 
[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url16"="C:\Program Files\Symantec\Symantec Endpoint Protection\Help"
 
====== End Of Search ======

  • 0

#53
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Wow. It's late there. We can finish tomorrow. I wont be home for two hours.
  • 0

#54
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
ohk .. I'm just completing the chrome re-installation. I will hit the sack in a while. You can leave 
 
next steps for me though. Once again before calling it a day a BIG thanks to you for getting me my 
 
internet back :)
 
 
-Abhi

  • 0

#55
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem Abhi. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   4.43KB   61 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

Step4 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix log

2. Junkware Log

3. Rootkit Scan log
4. FRST and Addition logs

 

 


  • 0

Advertisements


#56
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
1. FRST Fix log
***********************************************************************************************
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Abhishek at 2015-03-22 13:16:07 Run:3
Running from C:\Users\Abhishek\Desktop\lappy servicing
Loaded Profiles: Abhishek (Available profiles: Abhishek)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C]
cmd: reg delete "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7}
cmd: reg delete "HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7}
cmd: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7}
[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin]
[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin]
[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]
[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\"
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\"
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\"
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F815C3124010547971DF191BC1F2F6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6863B6A31DB198C4A9004B226A88E144]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C402F663CCF7F747950A8CB1BC65DF0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9564B09A01EE9544F8FAC969954CABBD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1908545DC7015C4F9B24A3A22FDA1DE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC4377FD9FC3734F9AD63CE4955FE71]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B89A123E3228AD04989794840B9B14A7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFF5FB428728B774CB0E9EDFA7291356]
cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Core Services"
cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Services"
cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Core Services"
cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Services"
cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Core Services"
cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Services"
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
CMD: ipconfig /release
CMD: ipconfig /renew 
EmptyTemp:
 
*****************
 
Restore point was successfully created.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C => Key Deleted Successfully.
 
=========  reg delete "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7} =========
 
Delete the registry value {A789A075-219B-4817-8B9A-736D010F6EE7} (Yes/No)? The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7} =========
 
Delete the registry value {A789A075-219B-4817-8B9A-736D010F6EE7} (Yes/No)? The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7} =========
 
Delete the registry value {A789A075-219B-4817-8B9A-736D010F6EE7} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1 => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe => Key Deleted successfully.
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\" =========
 
Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\" =========
 
Delete the registry value C:\ProgramData\Symantec" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\" =========
 
Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\" =========
 
Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F815C3124010547971DF191BC1F2F6 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6863B6A31DB198C4A9004B226A88E144 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C402F663CCF7F747950A8CB1BC65DF0 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9564B09A01EE9544F8FAC969954CABBD => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1908545DC7015C4F9B24A3A22FDA1DE => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC4377FD9FC3734F9AD63CE4955FE71 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B89A123E3228AD04989794840B9B14A7 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFF5FB428728B774CB0E9EDFA7291356 => Key Deleted successfully.
 
=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Core Services" =========
 
Delete the registry value Symantec Core Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Services" =========
 
Delete the registry value Symantec Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Core Services" =========
 
Delete the registry value Symantec Core Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Services" =========
 
Delete the registry value Symantec Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Core Services" =========
 
Delete the registry value Symantec Core Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Services" =========
 
Delete the registry value Symantec Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::1431:d9bf:255c:9b4f%13
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::1431:d9bf:255c:9b4f%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
========= End of CMD: =========
 
EmptyTemp: => Removed 157.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:17:32 ====
 
 
2. Junkware Log
***********************************************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows Vista ™ Home Basic x86
Ran by Abhishek on 22-03-2015 at 13:47:57.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Abhishek\Local Settings\Application Data\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22-03-2015 at 13:50:26.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
3. Rootkit Scan log
***********************************************************************************************
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-03-22 13:57:19
-----------------------------
13:57:19.058    OS Version: Windows 6.0.6002 Service Pack 2
13:57:19.058    Number of processors: 2 586 0xF0D
13:57:19.059    ComputerName: ABHISHEK-PC  UserName: Abhishek
13:57:52.686    Initialize success
13:57:52.830    VM: initialized successfully
13:57:52.832    VM: Intel CPU BiosDisabled 
14:41:02.635    AVAST engine defs: 15032101
14:58:39.950    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
14:58:39.956    Disk 0 Vendor: WDC_WD1600BEVS-75RST0 04.01G04 Size: 152627MB BusType: 3
14:58:40.194    Disk 0 MBR read successfully
14:58:40.220    Disk 0 MBR scan
14:58:40.488    Disk 0 Windows VISTA default MBR code
14:58:40.496    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       78 MB offset 63
14:58:40.583    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 161792
14:58:40.645    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       142307 MB offset 21133312
14:58:43.675    Disk 0 statistics 300/0/0 @ 0.59 MB/s
14:58:43.677    Scan stopped
14:58:49.892    Disk 0 MBR has been saved successfully to "C:\Users\Abhishek\Desktop\lappy servicing\MBR.dat"
14:58:49.908    The log file has been saved successfully to "C:\Users\Abhishek\Desktop\lappy servicing\aswMBR.txt"
 
 
4. FRST log
***********************************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Abhishek (administrator) on ABHISHEK-PC on 22-03-2015 15:00:01
Running from C:\Users\Abhishek\Desktop\lappy servicing
Loaded Profiles: Abhishek (Available profiles: Abhishek)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Gteko Ltd.) C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Abhishek\Desktop\lappy servicing\aswMBR.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [296096 2012-08-14] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2010-02-17] (Yahoo! Inc.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Facebook Update] => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-17] (Facebook Inc.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-04-26] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-08-14] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc;version=0.8.6f -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-05-01]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-14]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-05-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (Google Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]
CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Search) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]
CHR Extension: (Google Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-24] (Gteko Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl10c6167a; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03FD2281-7815-48F3-9B63-3F34B48BC297}\MpKsl10c6167a.sys [39464 2015-03-22] (Microsoft Corporation)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-19] (SingleClick Systems)
R3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-06] (Gteko Ltd.) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
S3 zteusbser; system32\DRIVERS\ztemtusbser.sys [X]
U3 aswMBR; \??\C:\Users\Abhishek\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Abhishek\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 13:15 - 2015-03-22 13:15 - 00004540 _____ () C:\Users\Abhishek\Downloads\fixlist (1).txt
2015-03-22 02:48 - 2015-03-22 02:48 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-22 02:48 - 2015-03-22 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-22 01:02 - 2015-03-22 01:02 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-22 00:27 - 2015-03-22 00:27 - 00000000 ____D () C:\Program Files\Cisco
2015-03-22 00:26 - 2015-03-22 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2015-03-19 08:30 - 2015-03-19 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-03-19 08:29 - 2015-03-19 08:30 - 00000000 ____D () C:\Program Files\Speccy
2015-03-17 23:03 - 2009-01-20 15:36 - 00018424 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys
2015-03-17 23:03 - 2009-01-20 15:36 - 00001591 _____ () C:\Windows\system32\Uninst_EAPModules.bat
2015-03-17 23:02 - 2015-03-17 23:02 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\InstallShield
2015-03-17 23:02 - 2009-01-20 15:36 - 06369280 _____ (Dell Inc.) C:\Windows\system32\BCMWLCPL.CPL
2015-03-17 23:02 - 2009-01-20 15:36 - 04145152 _____ (Dell Inc.) C:\Windows\system32\bcmttls.dll
2015-03-17 23:02 - 2009-01-20 15:36 - 03829760 _____ (Dell Inc.) C:\Windows\system32\bcmihvsrv.dll
2015-03-17 23:02 - 2009-01-20 15:36 - 03563520 _____ (Dell Inc.) C:\Windows\system32\WLTRAY.EXE
2015-03-17 23:02 - 2009-01-20 15:36 - 03489792 _____ (Dell Inc.) C:\Windows\system32\bcmihvui.dll
2015-03-17 23:02 - 2009-01-20 15:36 - 02654208 _____ (Dell Inc.) C:\Windows\system32\BCMWLTRY.EXE
2015-03-17 23:02 - 2009-01-20 15:36 - 01207288 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS
2015-03-17 23:02 - 2009-01-20 15:36 - 00286720 _____ (Dell Inc.) C:\Windows\system32\bcmwlu00.exe
2015-03-17 23:02 - 2009-01-20 15:36 - 00163840 _____ (Broadcom Corp.) C:\Windows\system32\bcmwlapi.dll
2015-03-17 23:02 - 2009-01-20 15:36 - 00087328 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2015-03-17 23:02 - 2009-01-20 15:36 - 00065536 _____ (Broadcom Corporation) C:\Windows\system32\wltrynt.dll
2015-03-17 23:02 - 2009-01-20 15:36 - 00055808 _____ () C:\Windows\system32\bcmwlrmt.dll
2015-03-17 23:02 - 2009-01-20 15:36 - 00024064 _____ () C:\Windows\system32\WLTRYSVC.EXE
2015-03-16 00:40 - 2015-03-16 00:40 - 00001788 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-16 00:33 - 2015-03-16 00:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-16 00:29 - 2010-04-06 01:30 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-03-15 16:14 - 2015-03-15 16:19 - 00000000 ____D () C:\AdwCleaner
2015-03-15 15:05 - 2015-03-15 15:06 - 02171392 _____ () C:\Users\Abhishek\Desktop\Unconfirmed 444166.crdownload
2015-03-15 13:05 - 2015-03-15 13:31 - 11530032 _____ (Microsoft Corporation) C:\Users\Abhishek\Desktop\mseinstall.exe
2015-03-15 11:28 - 2015-03-15 11:28 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\Facebook
2015-03-14 23:46 - 2015-03-22 15:00 - 00000000 ____D () C:\FRST
2015-03-12 08:25 - 2015-01-29 07:05 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 08:24 - 2015-02-26 05:48 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 08:24 - 2015-01-29 07:05 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 03:09 - 2015-02-20 07:33 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 03:09 - 2015-02-20 05:58 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 03:08 - 2015-02-26 07:31 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 03:08 - 2015-02-26 07:31 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 03:08 - 2015-01-09 07:34 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 03:08 - 2015-01-09 05:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 03:07 - 2015-01-21 07:32 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 03:06 - 2015-03-06 09:31 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 03:04 - 2014-10-13 06:42 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 03:03 - 2015-02-18 07:32 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 12:24 - 2015-02-21 23:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 12:24 - 2015-02-21 22:59 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 12:24 - 2015-02-21 22:58 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 12:24 - 2015-02-21 22:52 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 12:24 - 2015-02-21 22:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 12:24 - 2015-02-21 22:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 12:24 - 2015-02-21 22:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 12:24 - 2015-02-21 22:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 12:24 - 2015-02-21 22:49 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 12:24 - 2015-02-21 22:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 12:24 - 2015-02-21 22:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 12:24 - 2015-02-21 22:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 12:24 - 2015-02-21 22:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 12:24 - 2015-02-21 22:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 12:24 - 2015-02-21 22:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 12:24 - 2015-02-21 22:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 12:24 - 2015-02-21 22:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 12:24 - 2015-02-21 22:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 12:24 - 2015-02-21 22:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 12:24 - 2015-02-21 22:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 12:23 - 2015-02-21 23:07 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 12:23 - 2015-02-21 22:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-09 23:32 - 2015-03-09 23:32 - 00143720 _____ () C:\Windows\Minidump\Mini030915-01.dmp
2015-03-07 00:40 - 2015-03-07 00:40 - 00143720 _____ () C:\Windows\Minidump\Mini030715-01.dmp
2015-02-26 11:19 - 2015-02-26 11:19 - 00087040 _____ () C:\Users\Abhishek\Downloads\DISTRIBUTION SCHEDULE MAR15.xls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 15:01 - 2008-08-11 22:32 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Skype
2015-03-22 14:41 - 2014-05-09 11:25 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 14:38 - 2014-08-11 00:19 - 00000400 _____ () C:\Windows\Tasks\WpsNotifyTask_Abhishek.job
2015-03-22 14:23 - 2014-08-17 16:13 - 00000400 _____ () C:\Windows\Tasks\WpsUpdateTask_Abhishek.job
2015-03-22 14:15 - 2012-03-30 08:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 13:59 - 2006-11-02 16:03 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 13:57 - 2007-12-28 13:46 - 01507313 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 13:56 - 2014-10-12 18:05 - 00000000 ____D () C:\Users\Abhishek\Desktop\validate bin
2015-03-22 13:52 - 2008-09-17 23:12 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-22 13:52 - 2006-11-02 18:28 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 13:52 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 13:52 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 13:51 - 2007-12-28 13:46 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-22 13:51 - 2006-11-02 18:28 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-22 13:20 - 2007-12-28 14:12 - 00189540 _____ () C:\Windows\PFRO.log
2015-03-22 10:32 - 2011-12-19 14:05 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job
2015-03-22 04:51 - 2012-09-10 00:08 - 00000000 ___RD () C:\Program Files\Skype
2015-03-22 04:51 - 2008-08-11 22:29 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 04:30 - 2008-08-13 00:28 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Free Download Manager
2015-03-22 02:47 - 2007-12-28 14:04 - 00000000 ____D () C:\Program Files\Google
2015-03-22 02:36 - 2014-05-09 11:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 02:18 - 2008-01-03 04:32 - 00000911 _____ () C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-22 01:26 - 2007-12-28 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2015-03-22 00:26 - 2008-01-03 04:31 - 00000000 ____D () C:\Users\Abhishek
2015-03-22 00:26 - 2007-12-28 13:59 - 00067998 _____ () C:\Windows\bcmwl.log
2015-03-22 00:25 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\Help
2015-03-22 00:23 - 2007-12-28 21:26 - 00000000 ____D () C:\DELL
2015-03-21 10:39 - 2011-12-19 14:05 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job
2015-03-19 09:04 - 2012-04-23 23:12 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\vlc
2015-03-15 16:14 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\tracing
2015-03-15 15:25 - 2008-04-09 10:45 - 00006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat
2015-03-15 15:22 - 2014-08-07 09:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-15 15:07 - 2006-11-02 16:48 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-15 13:13 - 2009-12-19 09:59 - 00149942 _____ () C:\Windows\DPINST.LOG
2015-03-15 13:03 - 2012-03-14 21:58 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\RockMelt
2015-03-15 13:03 - 2010-08-26 00:07 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\BitTorrent
2015-03-15 13:01 - 2013-08-05 23:19 - 00000000 ____D () C:\mvs
2015-03-15 13:01 - 2008-01-04 09:26 - 00137216 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-15 12:26 - 2012-03-21 09:46 - 00000000 ____D () C:\ProgramData\DatacardService
2015-03-15 12:13 - 2009-12-19 09:56 - 00000000 ____D () C:\Program Files\Nokia
2015-03-15 12:10 - 2011-02-01 20:14 - 00000000 ____D () C:\ProgramData\Nero
2015-03-15 12:09 - 2009-12-20 13:46 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-03-15 12:06 - 2007-12-28 14:04 - 00000000 ____D () C:\ProgramData\Google
2015-03-15 12:05 - 2007-12-28 13:56 - 00000000 ____D () C:\Program Files\Java
2015-03-15 12:05 - 2007-12-28 13:56 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-15 11:47 - 2008-08-22 00:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-03-13 22:19 - 2006-11-02 18:19 - 00137834 _____ () C:\Windows\setupact.log
2015-03-12 08:45 - 2006-11-02 18:14 - 00299240 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:24 - 2013-07-22 22:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:06 - 2006-11-02 15:54 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-09 23:32 - 2012-08-12 00:50 - 232144477 _____ () C:\Windows\MEMORY.DMP
2015-03-09 23:32 - 2008-07-19 12:11 - 00000000 ____D () C:\Windows\Minidump
2015-03-09 00:36 - 2015-01-24 22:53 - 00000561 _____ () C:\Users\Abhishek\Desktop\weekend getaways.txt
2015-03-05 23:33 - 2015-02-09 10:07 - 00000277 _____ () C:\Users\Abhishek\Desktop\cover letter.txt
2015-03-03 18:46 - 2014-03-10 01:21 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 13:59 - 2015-01-25 00:53 - 00000493 _____ () C:\Users\Abhishek\Desktop\onsite consultants.txt
 
==================== Files in the root of some directories =======
 
2014-09-28 14:06 - 2014-09-28 14:10 - 6010880 _____ () C:\Program Files\GUT80A5.tmp
2008-08-09 15:15 - 2012-08-13 00:44 - 0000568 _____ () C:\Users\Abhishek\AppData\Roaming\wklnhst.dat
2008-04-09 10:45 - 2015-03-15 15:25 - 0006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat
2008-01-04 09:26 - 2015-03-15 13:01 - 0137216 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 13:01 - 2014-08-07 13:01 - 0575544 _____ (ClickMeIn Limited) C:\Users\Abhishek\AppData\Local\nscB950.tmp
2014-08-07 12:49 - 2014-08-07 12:49 - 0591056 _____ (ClickMeIn Limited) C:\Users\Abhishek\AppData\Local\nsh752B.tmp
2008-08-11 22:33 - 2008-08-11 22:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-22 13:58
 
==================== End Of Log ============================
 
5. Addition logs
***********************************************************************************************
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Abhishek at 2015-03-22 15:01:45
Running from C:\Users\Abhishek\Desktop\lappy servicing
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\{C7888C3F-0506-555F-7907-CDD3F81719A5}) (Version: 1.5 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FileZilla Client 3.1.1.1 (HKLM\...\FileZilla Client) (Version: 3.1.1.1 - )
Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Laptop Integrated Webcam Driver (1.03.02.0719)   (HKLM\...\Creative OEM002) (Version:  - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.06.13151 - Sony Corporation)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Restore Points  =========================
 
15-03-2015 15:06:52 Restore Point Created by FRST
16-03-2015 00:28:42 Windows Update
16-03-2015 22:49:13 Restore Point Created by FRST
17-03-2015 23:03:11 Device Driver Package Install: Broadcom Network adapters
19-03-2015 09:34:04 Scheduled Checkpoint
20-03-2015 00:15:36 Scheduled Checkpoint
21-03-2015 17:40:11 Scheduled Checkpoint
22-03-2015 00:23:51 Removed Cisco PEAP Module
22-03-2015 00:24:15 Removed Cisco EAP-FAST Module
22-03-2015 00:24:54 Removed Cisco LEAP Module
22-03-2015 00:25:50 Device Driver Package Install: Broadcom Network adapters
22-03-2015 02:50:11 Windows Update
22-03-2015 13:16:13 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 15:53 - 2015-03-16 22:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {001B59FC-7DCC-4D33-A2ED-15182A2F5686} - System32\Tasks\{2CD37C56-66DD-4BDE-B7B9-492866C3E6C4} => pcalua.exe -a C:\Users\Abhishek\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe -d "C:\Program Files\OpenOffice.org 3\program"
Task: {084AD666-F8B5-4090-9C38-CFFF8D6C4E67} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe http://ui.skype.com/...l?page=tsPlugin
Task: {15859CE5-7BDD-48CB-9612-007393573DFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {1AB3785F-41B9-45D2-9979-9BB9785E9602} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {239F1C0C-DBFE-4EA8-861A-B7E44453A2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {23AD59E5-7B45-4DAE-97D1-96FDD0308AD7} - System32\Tasks\WpsUpdateTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {33009D32-EEF0-44B4-8975-E7C369FD6136} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-17] (Facebook Inc.)
Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads
Task: {B5E80C9A-78B6-4B1D-B89E-B6B2B8EF0956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {C22D95F8-BEAC-4087-93D5-B9137B7160C3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E1575974-A5DD-496D-8DAC-F91AE17A5AF6} - System32\Tasks\WpsNotifyTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {ED0D0DE3-CAAC-4954-B6A5-339256A524FE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-17] (Facebook Inc.)
Task: {EF98DFEF-37BA-4345-B88B-AC78C08D03D4} - System32\Tasks\{70D6C1BD-CE5A-4232-85BB-A37964871491} => pcalua.exe -a "C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MVG1Q4W\RealPlayer11GOLD[2].exe" -d C:\Users\Abhishek
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsNotifyTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-17 23:02 - 2009-01-20 15:36 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-03-17 23:02 - 2009-01-20 15:36 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2007-12-28 21:40 - 2007-06-29 14:52 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2008-08-11 20:18 - 2008-08-11 20:18 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-08-09 22:59 - 2007-05-22 10:59 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-22 02:47 - 2015-03-14 15:42 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:62E2D794
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk => C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk => C:\Windows\pss\Dell Network Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zoozoo widget.lnk => C:\Windows\pss\Zoozoo widget.lnk.Startup
 
==================== Accounts: =============================
 
Abhishek (S-1-5-21-4265441916-1708264049-1492465063-1000 - Administrator - Enabled) => C:\Users\Abhishek
Administrator (S-1-5-21-4265441916-1708264049-1492465063-500 - Administrator - Disabled)
Guest (S-1-5-21-4265441916-1708264049-1492465063-501 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 67%
Total physical RAM: 2037.45 MB
Available physical RAM: 652.27 MB
Total Pagefile: 4318.18 MB
Available Pagefile: 2528.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:42.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by abhi6512, 22 March 2015 - 03:37 AM.

  • 0

#57
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, things are looking much better now. The previous fix may have helped your internet speed issue as well. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   4.46KB   38 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Step#3 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button.
  • Once the scan completes click the Save Results link in the bottom right-corner of the form. Note: Do this before removing any malware that may have been found.
  • Then click the Copy to clipboard button and paste into your next post.
  • CopytoClipboard.JPG
  • If malware was detected you can now click the Remove Selected Button.
  • RemoveSelected.JPG
  • Once the malware is removed you will get a prompt asking you to reboot. Note: Please ensure you have pasted the results of the scan into a reply on your post before answering yes.
  • Restart.JPG
  • Go ahead and reboot.

     

     

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

 

1. FRST Fix

2. Security Check log

3. Malwarebytes log
4. Contents of the ESET log file


  • 0

#58
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Brian,

PFB all the data as asked for. ESET scan is taking time. I shall share that soon with you moment done.

 

1. FRST Fix
*****************************************************************************************************
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Abhishek at 2015-03-22 20:53:56 Run:4
Running from C:\Users\Abhishek\Desktop\lappy servicing
Loaded Profiles: Abhishek (Available profiles: Abhishek)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\\"
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\\"
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\\"
cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\\"
cmd: reg add "HKLM\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ /d 
 
"EMS\0WdfLoadGroup\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI 
 
Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy 
 
Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota 
 
Management\0FSFilter Virtualization\0FSFilter Encryption\0FSFilter Compression\0FSFilter 
 
Imaging\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota 
 
Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter 
 
Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File 
 
System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video 
 
Save\0File System\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0Event 
 
Log\0AudioGroup\0ProfSvc_Group\0UIGroup\0MS_WindowsLocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0wltr
 
ysvc\0iSCSI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0SmartCardGroup\0NetworkProvide
 
r\0MS_WindowsRemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS 
 
Transactions"
cmd: reg add "HKLM\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ /d 
 
"EMS\0WdfLoadGroup\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI 
 
Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy 
 
Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota 
 
Management\0FSFilter Virtualization\0FSFilter Encryption\0FSFilter Compression\0FSFilter 
 
Imaging\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota 
 
Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter 
 
Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File 
 
System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video 
 
Save\0File System\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0Event 
 
Log\0AudioGroup\0ProfSvc_Group\0UIGroup\0MS_WindowsLocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0wltr
 
ysvc\0iSCSI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0SmartCardGroup\0NetworkProvide
 
r\0MS_WindowsRemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS 
 
Transactions"
cmd: reg add "HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ /d 
 
"EMS\0WdfLoadGroup\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI 
 
Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy 
 
Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota 
 
Management\0FSFilter Virtualization\0FSFilter Encryption\0FSFilter Compression\0FSFilter 
 
Imaging\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota 
 
Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter 
 
Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File 
 
System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video 
 
Save\0File System\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0Event 
 
Log\0AudioGroup\0ProfSvc_Group\0UIGroup\0MS_WindowsLocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0wltr
 
ysvc\0iSCSI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0SmartCardGroup\0NetworkProvide
 
r\0MS_WindowsRemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS 
 
Transactions"
2015-03-22 01:02 - 2015-03-22 01:02 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-15 11:47 - 2008-08-22 00:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
AlternateDataStreams: C:\ProgramData\TEMP:62E2D794
EmptyTemp:
 
*****************
 
Restore point was successfully created.
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\\" =========
 
Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\ (Yes/No)? The 
 
operation completed successfully.
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\\" =========
 
Delete the registry value C:\ProgramData\Symantec\ (Yes/No)? The operation completed successfully.
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\\" =========
 
Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\ (Yes/No)? The 
 
operation completed successfully.
========= End of CMD: =========
 
 
=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v 
 
"C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\\" =========
 
Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\ (Yes/No)? 
 
The operation completed successfully.
========= End of CMD: =========
 
 
=========  reg add "HKLM\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ /d 
 
"EMS\0WdfLoadGroup\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI 
 
Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy 
 
Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota 
 
Management\0FSFilter Virtualization\0FSFilter Encryption\0FSFilter Compression\0FSFilter 
 
Imaging\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota 
 
Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter 
 
Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File 
 
System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video 
 
Save\0File System\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0Event 
 
Log\0AudioGroup\0ProfSvc_Group\0UIGroup\0MS_WindowsLocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0wltr
 
ysvc\0iSCSI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0SmartCardGroup\0NetworkProvide
 
r\0MS_WindowsRemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS 
 
Transactions" =========
 
Value List exists, overwrite(Yes/No)? The operation completed successfully.
========= End of CMD: =========
 
 
=========  reg add "HKLM\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ /d 
 
"EMS\0WdfLoadGroup\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI 
 
Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy 
 
Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota 
 
Management\0FSFilter Virtualization\0FSFilter Encryption\0FSFilter Compression\0FSFilter 
 
Imaging\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota 
 
Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter 
 
Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File 
 
System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video 
 
Save\0File System\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0Event 
 
Log\0AudioGroup\0ProfSvc_Group\0UIGroup\0MS_WindowsLocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0wltr
 
ysvc\0iSCSI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0SmartCardGroup\0NetworkProvide
 
r\0MS_WindowsRemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS 
 
Transactions" =========
 
Value List exists, overwrite(Yes/No)? The operation completed successfully.
========= End of CMD: =========
 
 
=========  reg add "HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ 
 
/d "EMS\0WdfLoadGroup\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI 
 
Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy 
 
Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota 
 
Management\0FSFilter Virtualization\0FSFilter Encryption\0FSFilter Compression\0FSFilter 
 
Imaging\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota 
 
Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter 
 
Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File 
 
System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video 
 
Save\0File System\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0Event 
 
Log\0AudioGroup\0ProfSvc_Group\0UIGroup\0MS_WindowsLocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0wltr
 
ysvc\0iSCSI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0SmartCardGroup\0NetworkProvide
 
r\0MS_WindowsRemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS 
 
Transactions" =========
 
Value List exists, overwrite(Yes/No)? The operation completed successfully.
========= End of CMD: =========
 
C:\ProgramData\Symantec => Moved successfully.
C:\Program Files\Spybot - Search & Destroy => Moved successfully.
C:\ProgramData\TEMP => ":62E2D794" ADS removed successfully.
EmptyTemp: => Removed 331.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:10:32 ====
 
2. Security Check log
*****************************************************************************************************
 Results of screen317's Security Check version 0.99.99  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome (41.0.2272.101) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 
 
3. Malwarebytes log
*****************************************************************************************************
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22-03-2015
Scan Time: 21:54:00
Logfile: Malwarebytes log.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.03.22.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Abhishek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334920
Time Elapsed: 15 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.Multiplug, HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\TYPELIB\{157B1AA6-
 
3E5C-404A-9118-C1D91F537040}, , [dbb02d1b3951122437a1b2723ac98f71], 
PUP.Optional.Multiplug, HKU\S-1-5-21-4265441916-1708264049-1492465063-
 
1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [dbb02d1b3951122437a1b2723ac98f71], 
PUP.Optional.BitTorrentBar.A, HKU\S-1-5-21-4265441916-1708264049-1492465063-1000
 
\SOFTWARE\APPDATALOW\SOFTWARE\BitTorrentBar, , [5c2f45034842c670d2dae6d9c340eb15], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.Unizeto, C:\Users\Abhishek\Downloads\Download.exe, , [63284602a5e5a6909a952dcc976a6d93], 
PUP.Optional.FriedCookie, C:\Users\Abhishek\Downloads\FlvPlayerSetup.exe, , 
 
[ec9fca7e81091a1c5e6453890104728e], 
PUP.Optional.MovieTorrent.A, C:\Users\Abhishek\Downloads\movie-torrent-setup-free.exe, , 
 
[6724c4841f6bc07682b224e554aeb749], 
PUP.Optional.Bundler, C:\Users\Abhishek\Downloads\Bang Bang! (2014).exe, , 
 
[008b10389febc67083d8b422f60fdc24], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#59
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

In the interim regarding my speed, it has bit improved but not much. My broadband subscriber promises me 50 MB speed. But what I'm getting is not even 1 Mbps. So was just curious if it's due to some issue with my machine or I need to take this up with my service provider.

 

speed test screen shot for your reference:

 

Test History
Internet Speed Download Speed IP Address Time 497.00 kbps 62.13 KB/sec. 116.75.21.150 22-03-2015 11:16:29 PM 321.10 kbps 40.14 KB/sec. 116.75.21.150 22-03-2015 10:52:05 PM 195.20 kbps 24.4 KB/sec. 116.75.21.150 22-03-2015 10:51:31 PM 365.40 kbps 45.68 KB/sec. 116.75.21.150 22-03-2015 10:46:17 PM

  • 0

#60
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Before I can answer that I have a few questions.

1. Has your internet speed been slow like this for awhile?

2. If you plug a network cable in directly to your router (instead of using wireless) what speed to you get?

 

When doing your speed tests, let's do the wireless first again following the instructions below and then do it while being cabled directly in to your router. Let me know what each is.

 

Internet Speed Check
1. Go to http://www.speedtest.net
2. Wait until the BEGIN TEST button appears and click on it.
    BeginTest.JPG
 
3. When it's finished please let me know the Ping, Download Speed and Upload Speed
    Results.JPG


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP