Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MY laptop is very slow. It seems to be infected with some virus/malwar

Started by abhi6512 , Mar 13 2015 01:16 PM

Page 4 of 6
2
3
4
5
6

This topic is locked

#46
BrianDrab

Posted 21 March 2015 - 01:36 PM

Trusted Helper

Malware Removal
3,591 posts

Once you are done with Cleanwipe please download the following network driver and install.

http://downloads.del...ork/R154494.EXE

Thanks.

#47
abhi6512

Posted 21 March 2015 - 01:44 PM

Member

Topic Starter
Member
143 posts

Hey Brian,

This time it worked. Hip Hip Hurray. Whole issue was symantec, this utility wiped it out completely.

sincere thanks, for first time in last so many days em writing from my laptop thanks a ton.

I was just tired of that small screen, leaving my neck soar

My internet is working do u still want me to download & install those drivers. Pls. let me know & I shall proceed accordingly.

-Abhi

#48
BrianDrab

Posted 21 March 2015 - 01:46 PM

Trusted Helper

Malware Removal
3,591 posts

Great news! I knew it was Symantec but unfortunately the tool is not publically available (which is why I emailed it to you). I contacted Symantec support on your behalf to obtain it.

Yes we do still need to install that driver. Please let me know when it's done and we can continue cleaning your machine.

#49
abhi6512

Posted 21 March 2015 - 01:50 PM

Member

Topic Starter
Member
143 posts

Sincere thanks Brian,

Yeah I have already started the download. I shall install & let u know.

In the interim just to update you that my net connection is very slow not sure if it's from provider end or something locally. Just wanted to share with you.

-Abhi

#50
abhi6512

Posted 21 March 2015 - 02:03 PM

Member

Topic Starter
Member
143 posts

I'm done with the installation of the driver. Do you want me to reboot?

#51
BrianDrab

Posted 21 March 2015 - 02:04 PM

Trusted Helper

Malware Removal
3,591 posts

Do you want me to reboot?

Only if prompted.

net connection is very slow

No problem. We'll address all of your concerns but let's ensure we get you cleaned up first. Once you have installed that driver please continue with the following. These are the steps we didn't get to because of the Symantec issue. I will be stepping out for a little but will be back later.

Step#2 - Install Microsoft Security Essentials
I see you downloaded this so at this point let's see if this will install for you.

Step#3 - FRST Registry Search
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words Facebook video;Ask Toolbar;Symantec into the Search box and click the Search Registry button.

3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
saved on your desktop named Search.txt.

Step#4 - Re-install Chrome

Chrome has been compromised and needs to be uninstalled and re-installed. It has been converted into the dev build of the software which allows malware to install extensions at will amongst other things.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks If you don't have bookmarks that you need to save just do bullets 4 & 5 below.
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Items for your next post

1. FRST Registry Search log

#52
abhi6512

Posted 21 March 2015 - 02:34 PM

Member

Topic Starter
Member
143 posts

Hi Brian,

PFB the search log as asked for:

Just glanced thru the log & we can still see humpty no of symantec entries .. even after the cleanup ... strange.

Anyways pls. just let me know the next steps once you are back. I will try to be up as much as possible. it's already 2 am for me

Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Abhishek at 2015-03-22 01:59:19

Running from C:\Users\Abhishek\Desktop

Boot Mode: Normal

================== Search Registry: "Facebook video;Ask Toolbar;Symantec" ===========

===================== Search result for "Facebook video" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C\InstallProperties]

"DisplayName"="Facebook Video Calling 1.2.0.287"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{A789A075-219B-4817-8B9A-736D010F6EE7}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Abhishek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin]

"ProductName"="Facebook Video Calling 3.1.0.521"

[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin]

""="Facebook Video Calling Plugin"

[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]

""="Facebook Video Calling Plugin"

[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1]

""="Facebook Video Calling Plugin"

===================== Search result for "Symantec" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B}\InprocServer32]

""="C:\PROGRA~2\Symantec\SyKnAppS\SyKnAppS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A}\0.0\0\win32]

""="C:\PROGRA~2\Symantec\SyKnAppS\SyKnAppS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]

""="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Symantec\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754]

"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\ccInst.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6]

"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\rcAlert.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F815C3124010547971DF191BC1F2F6]

"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]

"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\ccL60.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6863B6A31DB198C4A9004B226A88E144]

"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905]

"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\rcSvcHst.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C402F663CCF7F747950A8CB1BC65DF0]

"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9564B09A01EE9544F8FAC969954CABBD]

"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\SPManifests\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1908545DC7015C4F9B24A3A22FDA1DE]

"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC4377FD9FC3734F9AD63CE4955FE71]

"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\rcLgView.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B89A123E3228AD04989794840B9B14A7]

"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C]

"00000000000000000000000000000000"="C:\Program Files\Common Files\Symantec Shared\ccScanW.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFF5FB428728B774CB0E9EDFA7291356]

"00000000000000000000000000000000"="C:\Program Files\Symantec\Symantec Endpoint Protection\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]

"List"="System Reserved

EMS

WdfLoadGroup

Boot Bus Extender

System Bus Extender

SCSI miniport

Port

Primary Disk

SCSI Class

SCSI CDROM Class

FSFilter Infrastructure

FSFilter System

FSFilter Bottom

FSFilter Copy Protection

FSFilter Security Enhancer

FSFilter Open File

FSFilter Physical Quota Management

FSFilter Virtualization

FSFilter Encryption

FSFilter Compression

FSFilter Imaging

FSFilter HSM

FSFilter Cluster File System

FSFilter System Recovery

FSFilter Quota Management

FSFilter Content Screener

FSFilter Continuous Backup

FSFilter Replication

FSFilter Anti-Virus

FSFilter Undelete

FSFilter Activity Monitor

FSFilter Top

Filter

Boot File System

Base

Pointer Port

Keyboard Port

Pointer Class

Keyboard Class

Video Init

Video

Video Save

File System

Streams Drivers

NDIS Wrapper

COM Infrastructure

Event Log

AudioGroup

ProfSvc_Group

UIGroup

MS_WindowsLocalValidation

PlugPlay

PNP_TDI

NDIS

TDI

wltrysvc

Symantec Core Services

Symantec Services

iSCSI

NetBIOSGroup

ShellSvcGroup

SchedulerGroup

SpoolerGroup

SmartCardGroup

NetworkProvider

MS_WindowsRemoteValidation

NetDDEGroup

Parallel arbitrator

Extended Base

PCI Configuration

MS Transactions"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder]

"List"="System Reserved

EMS

WdfLoadGroup

Boot Bus Extender

System Bus Extender

SCSI miniport

Port

Primary Disk

SCSI Class

SCSI CDROM Class

FSFilter Infrastructure

FSFilter System

FSFilter Bottom

FSFilter Copy Protection

FSFilter Security Enhancer

FSFilter Open File

FSFilter Physical Quota Management

FSFilter Virtualization

FSFilter Encryption

FSFilter Compression

FSFilter Imaging

FSFilter HSM

FSFilter Cluster File System

FSFilter System Recovery

FSFilter Quota Management

FSFilter Content Screener

FSFilter Continuous Backup

FSFilter Replication

FSFilter Anti-Virus

FSFilter Undelete

FSFilter Activity Monitor

FSFilter Top

Filter

Boot File System

Base

Pointer Port

Keyboard Port

Pointer Class

Keyboard Class

Video Init

Video

Video Save

File System

Streams Drivers

NDIS Wrapper

COM Infrastructure

Event Log

AudioGroup

ProfSvc_Group

UIGroup

MS_WindowsLocalValidation

PlugPlay

PNP_TDI

NDIS

TDI

wltrysvc

Symantec Core Services

Symantec Services

iSCSI

NetBIOSGroup

ShellSvcGroup

SchedulerGroup

SpoolerGroup

SmartCardGroup

NetworkProvider

MS_WindowsRemoteValidation

NetDDEGroup

Parallel arbitrator

Extended Base

PCI Configuration

MS Transactions"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]

"List"="System Reserved

EMS

WdfLoadGroup

Boot Bus Extender

System Bus Extender

SCSI miniport

Port

Primary Disk

SCSI Class

SCSI CDROM Class

FSFilter Infrastructure

FSFilter System

FSFilter Bottom

FSFilter Copy Protection

FSFilter Security Enhancer

FSFilter Open File

FSFilter Physical Quota Management

FSFilter Virtualization

FSFilter Encryption

FSFilter Compression

FSFilter Imaging

FSFilter HSM

FSFilter Cluster File System

FSFilter System Recovery

FSFilter Quota Management

FSFilter Content Screener

FSFilter Continuous Backup

FSFilter Replication

FSFilter Anti-Virus

FSFilter Undelete

FSFilter Activity Monitor

FSFilter Top

Filter

Boot File System

Base

Pointer Port

Keyboard Port

Pointer Class

Keyboard Class

Video Init

Video

Video Save

File System

Streams Drivers

NDIS Wrapper

COM Infrastructure

Event Log

AudioGroup

ProfSvc_Group

UIGroup

MS_WindowsLocalValidation

PlugPlay

PNP_TDI

NDIS

TDI

wltrysvc

Symantec Core Services

Symantec Services

iSCSI

NetBIOSGroup

ShellSvcGroup

SchedulerGroup

SpoolerGroup

SmartCardGroup

NetworkProvider

MS_WindowsRemoteValidation

NetDDEGroup

Parallel arbitrator

Extended Base

PCI Configuration

MS Transactions"

[HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url16"="C:\Program Files\Symantec\Symantec Endpoint Protection\Help"

====== End Of Search ======

#53
BrianDrab

Posted 21 March 2015 - 03:07 PM

Trusted Helper

Malware Removal
3,591 posts

Wow. It's late there. We can finish tomorrow. I wont be home for two hours.

#54
abhi6512

Posted 21 March 2015 - 05:01 PM

Member

Topic Starter
Member
143 posts

ohk .. I'm just completing the chrome re-installation. I will hit the sack in a while. You can leave

next steps for me though. Once again before calling it a day a BIG thanks to you for getting me my

internet back

-Abhi

#55
BrianDrab

Posted 21 March 2015 - 07:59 PM

Trusted Helper

Malware Removal
3,591 posts

No problem Abhi. Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt 4.43KB 195 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Step4 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

Items for your next post

1. FRST Fix log

2. Junkware Log

3. Rootkit Scan log
4. FRST and Addition logs

#56
abhi6512

Posted 22 March 2015 - 03:35 AM

Member

Topic Starter
Member
143 posts

1. FRST Fix log

***********************************************************************************************

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015

Ran by Abhishek at 2015-03-22 13:16:07 Run:3

Running from C:\Users\Abhishek\Desktop\lappy servicing

Loaded Profiles: Abhishek (Available profiles: Abhishek)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CreateRestorePoint:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C]

cmd: reg delete "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7}

cmd: reg delete "HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7}

cmd: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7}

[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin]

[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin]

[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]

[-HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe]

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\"

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\"

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\"

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F815C3124010547971DF191BC1F2F6]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6863B6A31DB198C4A9004B226A88E144]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C402F663CCF7F747950A8CB1BC65DF0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9564B09A01EE9544F8FAC969954CABBD]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1908545DC7015C4F9B24A3A22FDA1DE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC4377FD9FC3734F9AD63CE4955FE71]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B89A123E3228AD04989794840B9B14A7]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFF5FB428728B774CB0E9EDFA7291356]

cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Core Services"

cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Services"

cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Core Services"

cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Services"

cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Core Services"

cmd: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Services"

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

EmptyTemp:

*****************

Restore point was successfully created.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C => Failed to delete key at first attempt (Error: C0000121), see next line.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4265441916-1708264049-1492465063-1000\Products\9095C29B73D115C438792AB82BE8D53C => Key Deleted Successfully.

========= reg delete "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7} =========

Delete the registry value {A789A075-219B-4817-8B9A-736D010F6EE7} (Yes/No)? The operation completed successfully.

========= End of CMD: =========

========= reg delete "HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7} =========

Delete the registry value {A789A075-219B-4817-8B9A-736D010F6EE7} (Yes/No)? The operation completed successfully.

========= End of CMD: =========

========= reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {A789A075-219B-4817-8B9A-736D010F6EE7} =========

Delete the registry value {A789A075-219B-4817-8B9A-736D010F6EE7} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => Failed to delete key at first attempt (Error: C0000121), see next line.

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => Key Deleted Successfully.

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin => Failed to delete key at first attempt (Error: C0000121), see next line.

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Classes\SkypeLimited.SkypeWebPlugin => Key Deleted Successfully.

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} => Failed to delete key at first attempt (Error: C0000121), see next line.

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} => Key Deleted Successfully.

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1 => Failed to delete key at first attempt (Error: C0000121), see next line.

HKEY_USERS\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\SkypeLimited.SkypeWebPlugin.1 => Key Deleted Successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B} => Failed to delete key at first attempt (Error: C0000121), see next line.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDEE0F0-ECD7-423c-BD1C-525ECBAC7E1B} => Key Deleted Successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A} => Failed to delete key at first attempt (Error: C0000121), see next line.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE54081F-08ED-44AE-AE80-13DEAA19A44A} => Key Deleted Successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe => Key Deleted successfully.

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\" =========

Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\" =========

Delete the registry value C:\ProgramData\Symantec" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\" =========

Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\" =========

Delete the registry value C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine" (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45F815C3124010547971DF191BC1F2F6 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6863B6A31DB198C4A9004B226A88E144 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C402F663CCF7F747950A8CB1BC65DF0 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9564B09A01EE9544F8FAC969954CABBD => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1908545DC7015C4F9B24A3A22FDA1DE => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC4377FD9FC3734F9AD63CE4955FE71 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B89A123E3228AD04989794840B9B14A7 => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2707F7F2CF78E542BCED2E4F08F441C => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFF5FB428728B774CB0E9EDFA7291356 => Key Deleted successfully.

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Core Services" =========

Delete the registry value Symantec Core Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v "Symantec Services" =========

Delete the registry value Symantec Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Core Services" =========

Delete the registry value Symantec Core Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v "Symantec Services" =========

Delete the registry value Symantec Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Core Services" =========

Delete the registry value Symantec Core Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder" /v "Symantec Services" =========

Delete the registry value Symantec Services (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Reseting Echo Request, OK!

Reseting Global, OK!

Reseting Interface, OK!

Reseting Unicast Address, OK!

A reboot is required to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::1431:d9bf:255c:9b4f%13

Default Gateway . . . . . . . . . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::1431:d9bf:255c:9b4f%13

IPv4 Address. . . . . . . . . . . : 192.168.0.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

========= End of CMD: =========

EmptyTemp: => Removed 157.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:17:32 ====

2. Junkware Log

***********************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.5 (03.17.2015:1)

OS: Windows Vista ™ Home Basic x86

Ran by Abhishek on 22-03-2015 at 13:47:57.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Abhishek\Local Settings\Application Data\cre"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 22-03-2015 at 13:50:26.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. Rootkit Scan log

***********************************************************************************************

Run date: 2015-03-22 13:57:19

-----------------------------

13:57:19.058 OS Version: Windows 6.0.6002 Service Pack 2

13:57:19.058 Number of processors: 2 586 0xF0D

13:57:19.059 ComputerName: ABHISHEK-PC UserName: Abhishek

13:57:52.686 Initialize success

13:57:52.830 VM: initialized successfully

13:57:52.832 VM: Intel CPU BiosDisabled

14:41:02.635 AVAST engine defs: 15032101

14:58:39.950 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1

14:58:39.956 Disk 0 Vendor: WDC_WD1600BEVS-75RST0 04.01G04 Size: 152627MB BusType: 3

14:58:40.194 Disk 0 MBR read successfully

14:58:40.220 Disk 0 MBR scan

14:58:40.488 Disk 0 Windows VISTA default MBR code

14:58:40.496 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63

14:58:40.583 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792

14:58:40.645 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142307 MB offset 21133312

14:58:43.675 Disk 0 statistics 300/0/0 @ 0.59 MB/s

14:58:43.677 Scan stopped

14:58:49.892 Disk 0 MBR has been saved successfully to "C:\Users\Abhishek\Desktop\lappy servicing\MBR.dat"

14:58:49.908 The log file has been saved successfully to "C:\Users\Abhishek\Desktop\lappy servicing\aswMBR.txt"

4. FRST log

***********************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by Abhishek (administrator) on ABHISHEK-PC on 22-03-2015 15:00:01

Running from C:\Users\Abhishek\Desktop\lappy servicing

Loaded Profiles: Abhishek (Available profiles: Abhishek)

Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Windows\System32\WLTRYSVC.EXE

(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE

(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe

(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Dell Inc.) C:\Windows\System32\WLTRAY.EXE

(Gteko Ltd.) C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Users\Abhishek\Desktop\lappy servicing\aswMBR.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [296096 2012-08-14] (RealNetworks, Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)

HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2010-02-17] (Yahoo! Inc.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Facebook Update] => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-17] (Facebook Inc.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)

BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-04-26] (Adobe Systems, Inc.)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-08-14] (RealPlayer)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin: @videolan.org/vlc;version=0.8.6f -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]

FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-05-01]

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-14]

FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension

FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-05-01]

Chrome:

=======

CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]

CHR Extension: (Google Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]

CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]

CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]

CHR Extension: (Google Search) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]

CHR Extension: (Google Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-03-22]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]

CHR Extension: (Google Wallet) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]

CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()

R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)

R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)

R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-24] (Gteko Ltd.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)

R1 MpKsl10c6167a; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03FD2281-7815-48F3-9B63-3F34B48BC297}\MpKsl10c6167a.sys [39464 2015-03-22] (Microsoft Corporation)

R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-19] (SingleClick Systems)

R3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-06] (Gteko Ltd.) [File not signed]

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]

R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]

S3 zteusbser; system32\DRIVERS\ztemtusbser.sys [X]

U3 aswMBR; \??\C:\Users\Abhishek\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Abhishek\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:15 - 2015-03-22 13:15 - 00004540 _____ () C:\Users\Abhishek\Downloads\fixlist (1).txt

2015-03-22 02:48 - 2015-03-22 02:48 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-03-22 02:48 - 2015-03-22 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-03-22 01:02 - 2015-03-22 01:02 - 00000000 ____D () C:\ProgramData\Symantec

2015-03-22 00:27 - 2015-03-22 00:27 - 00000000 ____D () C:\Program Files\Cisco

2015-03-22 00:26 - 2015-03-22 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless

2015-03-19 08:30 - 2015-03-19 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2015-03-19 08:29 - 2015-03-19 08:30 - 00000000 ____D () C:\Program Files\Speccy

2015-03-17 23:03 - 2009-01-20 15:36 - 00018424 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys

2015-03-17 23:03 - 2009-01-20 15:36 - 00001591 _____ () C:\Windows\system32\Uninst_EAPModules.bat

2015-03-17 23:02 - 2015-03-17 23:02 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\InstallShield

2015-03-17 23:02 - 2009-01-20 15:36 - 06369280 _____ (Dell Inc.) C:\Windows\system32\BCMWLCPL.CPL

2015-03-17 23:02 - 2009-01-20 15:36 - 04145152 _____ (Dell Inc.) C:\Windows\system32\bcmttls.dll

2015-03-17 23:02 - 2009-01-20 15:36 - 03829760 _____ (Dell Inc.) C:\Windows\system32\bcmihvsrv.dll

2015-03-17 23:02 - 2009-01-20 15:36 - 03563520 _____ (Dell Inc.) C:\Windows\system32\WLTRAY.EXE

2015-03-17 23:02 - 2009-01-20 15:36 - 03489792 _____ (Dell Inc.) C:\Windows\system32\bcmihvui.dll

2015-03-17 23:02 - 2009-01-20 15:36 - 02654208 _____ (Dell Inc.) C:\Windows\system32\BCMWLTRY.EXE

2015-03-17 23:02 - 2009-01-20 15:36 - 01207288 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS

2015-03-17 23:02 - 2009-01-20 15:36 - 00286720 _____ (Dell Inc.) C:\Windows\system32\bcmwlu00.exe

2015-03-17 23:02 - 2009-01-20 15:36 - 00163840 _____ (Broadcom Corp.) C:\Windows\system32\bcmwlapi.dll

2015-03-17 23:02 - 2009-01-20 15:36 - 00087328 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll

2015-03-17 23:02 - 2009-01-20 15:36 - 00065536 _____ (Broadcom Corporation) C:\Windows\system32\wltrynt.dll

2015-03-17 23:02 - 2009-01-20 15:36 - 00055808 _____ () C:\Windows\system32\bcmwlrmt.dll

2015-03-17 23:02 - 2009-01-20 15:36 - 00024064 _____ () C:\Windows\system32\WLTRYSVC.EXE

2015-03-16 00:40 - 2015-03-16 00:40 - 00001788 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-03-16 00:33 - 2015-03-16 00:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-03-16 00:29 - 2010-04-06 01:30 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2015-03-15 16:14 - 2015-03-15 16:19 - 00000000 ____D () C:\AdwCleaner

2015-03-15 15:05 - 2015-03-15 15:06 - 02171392 _____ () C:\Users\Abhishek\Desktop\Unconfirmed 444166.crdownload

2015-03-15 13:05 - 2015-03-15 13:31 - 11530032 _____ (Microsoft Corporation) C:\Users\Abhishek\Desktop\mseinstall.exe

2015-03-15 11:28 - 2015-03-15 11:28 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\Facebook

2015-03-14 23:46 - 2015-03-22 15:00 - 00000000 ____D () C:\FRST

2015-03-12 08:25 - 2015-01-29 07:05 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-12 08:24 - 2015-02-26 05:48 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-12 08:24 - 2015-01-29 07:05 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-12 03:09 - 2015-02-20 07:33 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-12 03:09 - 2015-02-20 05:58 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-12 03:08 - 2015-02-26 07:31 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-03-12 03:08 - 2015-02-26 07:31 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-12 03:08 - 2015-01-09 07:34 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-12 03:08 - 2015-01-09 05:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-12 03:07 - 2015-01-21 07:32 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-12 03:06 - 2015-03-06 09:31 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-12 03:04 - 2014-10-13 06:42 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-03-12 03:03 - 2015-02-18 07:32 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 12:24 - 2015-02-21 23:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-03-11 12:24 - 2015-02-21 22:59 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 12:24 - 2015-02-21 22:58 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 12:24 - 2015-02-21 22:52 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 12:24 - 2015-02-21 22:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 12:24 - 2015-02-21 22:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 12:24 - 2015-02-21 22:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-03-11 12:24 - 2015-02-21 22:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 12:24 - 2015-02-21 22:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 12:24 - 2015-02-21 22:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 12:24 - 2015-02-21 22:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 12:24 - 2015-02-21 22:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 12:24 - 2015-02-21 22:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-03-11 12:24 - 2015-02-21 22:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-03-11 12:24 - 2015-02-21 22:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-03-11 12:24 - 2015-02-21 22:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 12:23 - 2015-02-21 23:07 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 12:23 - 2015-02-21 22:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-09 23:32 - 2015-03-09 23:32 - 00143720 _____ () C:\Windows\Minidump\Mini030915-01.dmp

2015-03-07 00:40 - 2015-03-07 00:40 - 00143720 _____ () C:\Windows\Minidump\Mini030715-01.dmp

2015-02-26 11:19 - 2015-02-26 11:19 - 00087040 _____ () C:\Users\Abhishek\Downloads\DISTRIBUTION SCHEDULE MAR15.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 15:01 - 2008-08-11 22:32 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Skype

2015-03-22 14:41 - 2014-05-09 11:25 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-22 14:38 - 2014-08-11 00:19 - 00000400 _____ () C:\Windows\Tasks\WpsNotifyTask_Abhishek.job

2015-03-22 14:23 - 2014-08-17 16:13 - 00000400 _____ () C:\Windows\Tasks\WpsUpdateTask_Abhishek.job

2015-03-22 14:15 - 2012-03-30 08:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-22 13:59 - 2006-11-02 16:03 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-22 13:57 - 2007-12-28 13:46 - 01507313 _____ () C:\Windows\WindowsUpdate.log

2015-03-22 13:56 - 2014-10-12 18:05 - 00000000 ____D () C:\Users\Abhishek\Desktop\validate bin

2015-03-22 13:52 - 2008-09-17 23:12 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2015-03-22 13:52 - 2006-11-02 18:28 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-22 13:52 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-22 13:52 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-22 13:51 - 2007-12-28 13:46 - 00000012 _____ () C:\Windows\bthservsdp.dat

2015-03-22 13:51 - 2006-11-02 18:28 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-22 13:20 - 2007-12-28 14:12 - 00189540 _____ () C:\Windows\PFRO.log

2015-03-22 10:32 - 2011-12-19 14:05 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job

2015-03-22 04:51 - 2012-09-10 00:08 - 00000000 ___RD () C:\Program Files\Skype

2015-03-22 04:51 - 2008-08-11 22:29 - 00000000 ____D () C:\ProgramData\Skype

2015-03-22 04:30 - 2008-08-13 00:28 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Free Download Manager

2015-03-22 02:47 - 2007-12-28 14:04 - 00000000 ____D () C:\Program Files\Google

2015-03-22 02:36 - 2014-05-09 11:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-22 02:18 - 2008-01-03 04:32 - 00000911 _____ () C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-03-22 01:26 - 2007-12-28 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom

2015-03-22 00:26 - 2008-01-03 04:31 - 00000000 ____D () C:\Users\Abhishek

2015-03-22 00:26 - 2007-12-28 13:59 - 00067998 _____ () C:\Windows\bcmwl.log

2015-03-22 00:25 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\Help

2015-03-22 00:23 - 2007-12-28 21:26 - 00000000 ____D () C:\DELL

2015-03-21 10:39 - 2011-12-19 14:05 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job

2015-03-19 09:04 - 2012-04-23 23:12 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\vlc

2015-03-15 16:14 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\tracing

2015-03-15 15:25 - 2008-04-09 10:45 - 00006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat

2015-03-15 15:22 - 2014-08-07 09:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2015-03-15 15:07 - 2006-11-02 16:48 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-03-15 13:13 - 2009-12-19 09:59 - 00149942 _____ () C:\Windows\DPINST.LOG

2015-03-15 13:03 - 2012-03-14 21:58 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\RockMelt

2015-03-15 13:03 - 2010-08-26 00:07 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\BitTorrent

2015-03-15 13:01 - 2013-08-05 23:19 - 00000000 ____D () C:\mvs

2015-03-15 13:01 - 2008-01-04 09:26 - 00137216 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-03-15 12:26 - 2012-03-21 09:46 - 00000000 ____D () C:\ProgramData\DatacardService

2015-03-15 12:13 - 2009-12-19 09:56 - 00000000 ____D () C:\Program Files\Nokia

2015-03-15 12:10 - 2011-02-01 20:14 - 00000000 ____D () C:\ProgramData\Nero

2015-03-15 12:09 - 2009-12-20 13:46 - 00000000 ____D () C:\Program Files\Common Files\Nokia

2015-03-15 12:06 - 2007-12-28 14:04 - 00000000 ____D () C:\ProgramData\Google

2015-03-15 12:05 - 2007-12-28 13:56 - 00000000 ____D () C:\Program Files\Java

2015-03-15 12:05 - 2007-12-28 13:56 - 00000000 ____D () C:\Program Files\Common Files\Java

2015-03-15 11:47 - 2008-08-22 00:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy

2015-03-13 22:19 - 2006-11-02 18:19 - 00137834 _____ () C:\Windows\setupact.log

2015-03-12 08:45 - 2006-11-02 18:14 - 00299240 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-12 08:24 - 2013-07-22 22:24 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-12 08:06 - 2006-11-02 15:54 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-03-09 23:32 - 2012-08-12 00:50 - 232144477 _____ () C:\Windows\MEMORY.DMP

2015-03-09 23:32 - 2008-07-19 12:11 - 00000000 ____D () C:\Windows\Minidump

2015-03-09 00:36 - 2015-01-24 22:53 - 00000561 _____ () C:\Users\Abhishek\Desktop\weekend getaways.txt

2015-03-05 23:33 - 2015-02-09 10:07 - 00000277 _____ () C:\Users\Abhishek\Desktop\cover letter.txt

2015-03-03 18:46 - 2014-03-10 01:21 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-03-02 13:59 - 2015-01-25 00:53 - 00000493 _____ () C:\Users\Abhishek\Desktop\onsite consultants.txt

==================== Files in the root of some directories =======

2014-09-28 14:06 - 2014-09-28 14:10 - 6010880 _____ () C:\Program Files\GUT80A5.tmp

2008-08-09 15:15 - 2012-08-13 00:44 - 0000568 _____ () C:\Users\Abhishek\AppData\Roaming\wklnhst.dat

2008-04-09 10:45 - 2015-03-15 15:25 - 0006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat

2008-01-04 09:26 - 2015-03-15 13:01 - 0137216 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-07 13:01 - 2014-08-07 13:01 - 0575544 _____ (ClickMeIn Limited) C:\Users\Abhishek\AppData\Local\nscB950.tmp

2014-08-07 12:49 - 2014-08-07 12:49 - 0591056 _____ (ClickMeIn Limited) C:\Users\Abhishek\AppData\Local\nsh752B.tmp

2008-08-11 22:33 - 2008-08-11 22:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-22 13:58

==================== End Of Log ============================

5. Addition logs

***********************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Abhishek at 2015-03-22 15:01:45

Running from C:\Users\Abhishek\Desktop\lappy servicing

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\{C7888C3F-0506-555F-7907-CDD3F81719A5}) (Version: 1.5 - Adobe Systems Incorporated)

Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )

Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )

Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)

Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )

Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)

Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )

Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )

Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)

FileZilla Client 3.1.1.1 (HKLM\...\FileZilla Client) (Version: 3.1.1.1 - )

Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)

Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

Laptop Integrated Webcam Driver (1.03.02.0719) (HKLM\...\Creative OEM002) (Version: - )

Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)

Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)

MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden

MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)

OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)

Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden

OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)

QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)

Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)

Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.06.13151 - Sony Corporation)

Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)

Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)

User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)

Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )

Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version: - )

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Restore Points =========================

15-03-2015 15:06:52 Restore Point Created by FRST

16-03-2015 00:28:42 Windows Update

16-03-2015 22:49:13 Restore Point Created by FRST

17-03-2015 23:03:11 Device Driver Package Install: Broadcom Network adapters

19-03-2015 09:34:04 Scheduled Checkpoint

20-03-2015 00:15:36 Scheduled Checkpoint

21-03-2015 17:40:11 Scheduled Checkpoint

22-03-2015 00:23:51 Removed Cisco PEAP Module

22-03-2015 00:24:15 Removed Cisco EAP-FAST Module

22-03-2015 00:24:54 Removed Cisco LEAP Module

22-03-2015 00:25:50 Device Driver Package Install: Broadcom Network adapters

22-03-2015 02:50:11 Windows Update

22-03-2015 13:16:13 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 15:53 - 2015-03-16 22:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001B59FC-7DCC-4D33-A2ED-15182A2F5686} - System32\Tasks\{2CD37C56-66DD-4BDE-B7B9-492866C3E6C4} => pcalua.exe -a C:\Users\Abhishek\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe -d "C:\Program Files\OpenOffice.org 3\program"

Task: {084AD666-F8B5-4090-9C38-CFFF8D6C4E67} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe http://ui.skype.com/...l?page=tsPlugin

Task: {15859CE5-7BDD-48CB-9612-007393573DFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {1AB3785F-41B9-45D2-9979-9BB9785E9602} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

Task: {239F1C0C-DBFE-4EA8-861A-B7E44453A2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)

Task: {23AD59E5-7B45-4DAE-97D1-96FDD0308AD7} - System32\Tasks\WpsUpdateTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)

Task: {33009D32-EEF0-44B4-8975-E7C369FD6136} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-17] (Facebook Inc.)

Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar

Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads

Task: {B5E80C9A-78B6-4B1D-B89E-B6B2B8EF0956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)

Task: {C22D95F8-BEAC-4087-93D5-B9137B7160C3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

Task: {E1575974-A5DD-496D-8DAC-F91AE17A5AF6} - System32\Tasks\WpsNotifyTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)

Task: {ED0D0DE3-CAAC-4954-B6A5-339256A524FE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-17] (Facebook Inc.)

Task: {EF98DFEF-37BA-4345-B88B-AC78C08D03D4} - System32\Tasks\{70D6C1BD-CE5A-4232-85BB-A37964871491} => pcalua.exe -a "C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MVG1Q4W\RealPlayer11GOLD[2].exe" -d C:\Users\Abhishek

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\WpsNotifyTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe

Task: C:\Windows\Tasks\WpsUpdateTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-17 23:02 - 2009-01-20 15:36 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE

2015-03-17 23:02 - 2009-01-20 15:36 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll

2007-12-28 21:40 - 2007-06-29 14:52 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll

2008-08-11 20:18 - 2008-08-11 20:18 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2008-08-09 22:59 - 2007-05-22 10:59 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll

2015-03-22 02:47 - 2015-03-14 15:42 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:62E2D794

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg

DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk => C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk => C:\Windows\pss\Dell Network Assistant.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zoozoo widget.lnk => C:\Windows\pss\Zoozoo widget.lnk.Startup

==================== Accounts: =============================

Abhishek (S-1-5-21-4265441916-1708264049-1492465063-1000 - Administrator - Enabled) => C:\Users\Abhishek

Administrator (S-1-5-21-4265441916-1708264049-1492465063-500 - Administrator - Disabled)

Guest (S-1-5-21-4265441916-1708264049-1492465063-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz

Percentage of memory in use: 67%

Total physical RAM: 2037.45 MB

Available physical RAM: 652.27 MB

Total Pagefile: 4318.18 MB

Available Pagefile: 2528.72 MB

Total Virtual: 2047.88 MB

Available Virtual: 1917.39 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:42.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)

Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by abhi6512, 22 March 2015 - 03:37 AM.

#57
BrianDrab

Posted 22 March 2015 - 07:23 AM

Trusted Helper

Malware Removal
3,591 posts

OK, things are looking much better now. The previous fix may have helped your internet speed issue as well. Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt 4.46KB 150 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Step#3 - Malwarebytes Scan

Download Malwarebytes to your desktop from here.
Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
Select the appropriate language and click OK.
Click Next.
Select "I accept the agreement" and click Next.
Click Next
Change the install path if desired. Normally you will keep this as is. Click Next.
Click Next again.
Click Next again.
Click Install.
Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
Click Finish
If an update is found you will be prompted to download and install. Go ahead.
Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
Click the Scan button at the top of the form and then click Start Scan button.
Once the scan completes click the Save Results link in the bottom right-corner of the form. Note: Do this before removing any malware that may have been found.
Then click the Copy to clipboard button and paste into your next post.
If malware was detected you can now click the Remove Selected Button.
Once the malware is removed you will get a prompt asking you to reboot. Note: Please ensure you have pasted the results of the scan into a reply on your post before answering yes.
Go ahead and reboot.

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

Please go here and click on
Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
Please accept the ESET Online Scanner EULA and click Start.
If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
Make sure Enable detection of potentially unwanted applications is selected.
Click the Advanced Settings link.
Make sure Remove found threats is NOT checked.
Make sure Scan archives IS checked.
Make sure Scan for potentially unsafe applications IS checked.
Make sure Enable Anti-Stealth technology IS checked
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed, if anything was detected please click the List of found threats link.
Then click the Copy to Clipboard link and paste this information into your next reply.
Then you may click the Back button.
Check Uninstall Application on Close before clicking finish.

Items for your next post

1. FRST Fix

2. Security Check log

3. Malwarebytes log
4. Contents of the ESET log file

#58
abhi6512

Posted 22 March 2015 - 11:47 AM

Member

Topic Starter
Member
143 posts

Hi Brian,

PFB all the data as asked for. ESET scan is taking time. I shall share that soon with you moment done.

1. FRST Fix

*****************************************************************************************************

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015

Ran by Abhishek at 2015-03-22 20:53:56 Run:4

Running from C:\Users\Abhishek\Desktop\lappy servicing

Loaded Profiles: Abhishek (Available profiles: Abhishek)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CreateRestorePoint:

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v

"C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs\\"

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v

"C:\ProgramData\Symantec\\"

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v

"C:\ProgramData\Symantec\Symantec Endpoint Protection\BadPatts\\"

cmd: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v

"C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine\\"

cmd: reg add "HKLM\SYSTEM\ControlSet001\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ /d

"EMS\0WdfLoadGroup\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI

Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy

Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota

Management\0FSFilter Virtualization\0FSFilter Encryption\0FSFilter Compression\0FSFilter

Imaging\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota

Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter

Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File

System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video

Save\0File System\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0Event

Log\0AudioGroup\0ProfSvc_Group\0UIGroup\0MS_WindowsLocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0wltr

ysvc\0iSCSI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0SmartCardGroup\0NetworkProvide

r\0MS_WindowsRemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS

Transactions"

cmd: reg add "HKLM\SYSTEM\ControlSet003\Control\ServiceGroupOrder" /v List /t REG_MULTI_SZ /d