Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My machine is slow again - Dell vostro 500

Started by abhi6512 , Apr 25 2015 02:59 AM

  • Please log in to reply

#1
abhi6512
Posted 25 April 2015 - 02:59 AM

abhi6512

    Member

  • Member
  • PipPipPip
  • 143 posts

I have my dell vostro fixed just few weeks ago with your (this forum) help but it seems to be slow again though it's not that slow as it was when I seeked the help from this forum. 

I guess it's the right time to check again so that I don't end up in the same situation (deadly slow machine infected with malwares) again.

 

Appreciate all your help in advance in this regard.

 

Thanks,

Abhishek 


  • 0

Advertisements

#2
zep516
Posted 25 April 2015 - 10:12 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
abhi6512
Posted 26 April 2015 - 12:07 PM

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi zep516,

Sincere thanks  for your response. As asked copied below are both the logs:

 

FIRST.txt

***********************************************************************************************************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2015
Ran by Abhishek (administrator) on ABHISHEK-PC on 26-04-2015 23:26:21
Running from C:\Users\Abhishek\Desktop\lappy servicing\[bleep] 2
Loaded Profiles: Abhishek (Available profiles: Abhishek)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Gteko Ltd.) C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [296096 2012-08-14] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5244216 2010-02-17] (Yahoo! Inc.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Facebook Update] => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-17] (Facebook Inc.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-26] (Oracle Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-26] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-08-14] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc;version=0.8.6f -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-05-01]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-14]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-05-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (PNR Status Watchlist) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\almdggoleggeecgelbjekpmefpohdjck [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (eRail.in) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]
CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Search) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]
CHR Extension: (Google Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Bookmark Manager) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-24] (Gteko Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKslf2e8b7a6; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD20BC29-AA24-4E0C-AAF5-F44855349B97}\MpKslf2e8b7a6.sys [39464 2015-04-26] (Microsoft Corporation)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-19] (SingleClick Systems)
R3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-06] (Gteko Ltd.) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
S3 zteusbser; system32\DRIVERS\ztemtusbser.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 19:43 - 2015-04-25 19:45 - 00000000 ____D () C:\Users\Abhishek\Downloads\CV healthcare
2015-04-25 19:42 - 2015-04-25 19:42 - 00000000 ____D () C:\Users\Abhishek\Downloads\CV airlines
2015-04-25 19:35 - 2015-04-25 19:38 - 00000000 ____D () C:\Users\Abhishek\Downloads\CV banking
2015-04-25 14:23 - 2015-04-25 14:23 - 00000000 ____D () C:\Program Files\MSECache
2015-04-25 14:22 - 2015-04-25 14:22 - 38808920 _____ (Microsoft Corporation) C:\Users\Abhishek\Downloads\FileFormatConverters.exe
2015-04-20 03:24 - 2015-03-09 06:31 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-20 03:10 - 2015-03-05 07:54 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-20 03:09 - 2015-03-14 07:51 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-20 03:09 - 2015-03-13 07:21 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-20 03:09 - 2015-03-13 07:21 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-20 03:09 - 2015-03-05 08:02 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-20 03:09 - 2015-03-05 07:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 17:49 - 2015-03-10 04:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 17:49 - 2015-03-10 04:32 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 17:49 - 2015-03-10 04:27 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 17:49 - 2015-03-10 04:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 17:49 - 2015-03-10 04:26 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 17:49 - 2015-03-10 04:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 17:49 - 2015-03-10 04:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-19 17:49 - 2015-03-10 04:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 17:49 - 2015-03-10 04:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-19 17:49 - 2015-03-10 04:26 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 17:49 - 2015-03-10 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 17:49 - 2015-03-10 04:25 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 17:49 - 2015-03-10 04:25 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 17:49 - 2015-03-10 04:25 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 17:49 - 2015-03-10 04:25 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 17:49 - 2015-03-10 04:25 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-19 17:49 - 2015-03-10 04:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 17:49 - 2015-03-10 04:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-19 17:49 - 2015-03-10 04:25 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-19 17:49 - 2015-03-10 04:25 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-19 17:48 - 2015-03-10 04:36 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 17:48 - 2015-03-10 04:30 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-18 13:24 - 2015-04-21 14:14 - 00000082 _____ () C:\Users\Abhishek\Desktop\you.txt
2015-04-18 13:05 - 2015-04-18 13:05 - 00000520 _____ () C:\Users\Abhishek\Desktop\Broadband Connection - Shortcut.lnk
2015-03-29 16:06 - 2015-03-29 21:59 - 00000000 ____D () C:\Users\Abhishek\Downloads\Attachments_2015329
2015-03-29 16:05 - 2015-03-29 16:05 - 00068653 _____ () C:\Users\Abhishek\Downloads\Attachments_2015329.zip
2015-03-28 21:40 - 2015-03-28 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-03-28 21:40 - 2015-03-28 21:40 - 00000000 ____D () C:\ProgramData\Foolish IT
2015-03-28 21:40 - 2015-03-28 21:40 - 00000000 ____D () C:\Program Files\Foolish IT
2015-03-28 21:38 - 2015-03-28 21:38 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\Secunia PSI
2015-03-28 21:34 - 2015-03-28 21:34 - 00000000 ____D () C:\Program Files\Secunia
2015-03-28 20:08 - 2015-03-28 20:08 - 00781312 _____ () C:\Users\Abhishek\Downloads\delfix_10.9.exe
2015-03-28 19:54 - 2015-03-28 20:10 - 00000526 _____ () C:\DelFix.txt
2015-03-28 19:54 - 2015-03-28 19:54 - 00000000 ____D () C:\Windows\ERUNT
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 23:26 - 2015-03-14 23:46 - 00000000 ____D () C:\FRST
2015-04-26 23:26 - 2008-08-11 22:32 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Skype
2015-04-26 23:23 - 2014-08-17 16:13 - 00000400 _____ () C:\Windows\Tasks\WpsUpdateTask_Abhishek.job
2015-04-26 23:17 - 2007-12-28 13:46 - 01120210 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 22:41 - 2014-05-09 11:25 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 22:38 - 2014-08-11 00:19 - 00000400 _____ () C:\Windows\Tasks\WpsNotifyTask_Abhishek.job
2015-04-26 22:19 - 2011-12-19 14:05 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job
2015-04-26 22:18 - 2011-12-19 14:05 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job
2015-04-26 21:38 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 21:38 - 2006-11-02 18:15 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 14:24 - 2007-12-28 14:09 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-04-25 14:24 - 2006-11-02 16:48 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-23 15:01 - 2006-11-02 16:03 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 14:54 - 2008-09-17 23:12 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-23 14:54 - 2006-11-02 18:28 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 22:33 - 2006-11-02 18:28 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-21 22:32 - 2007-12-28 13:46 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-04-20 03:24 - 2013-07-22 22:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 03:19 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-20 03:12 - 2006-11-02 15:54 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-19 12:55 - 2015-03-22 02:48 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-05 12:17 - 2015-01-24 22:53 - 00001063 _____ () C:\Users\Abhishek\Desktop\weekend getaways.txt
2015-04-01 11:15 - 2015-03-25 09:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-01 11:15 - 2009-11-20 11:27 - 00000000 ____D () C:\ProgramData\Real
2015-04-01 11:15 - 2008-01-03 04:31 - 00000000 ____D () C:\Users\Abhishek
2015-04-01 11:15 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 11:15 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 11:15 - 2006-11-02 16:48 - 00000000 ____D () C:\Windows\registration
2015-04-01 11:15 - 2006-11-02 15:52 - 47448064 _____ () C:\Windows\system32\config\software_previous
2015-04-01 11:15 - 2006-11-02 15:52 - 21757952 _____ () C:\Windows\system32\config\system_previous
2015-04-01 11:11 - 2006-11-02 15:52 - 41156608 _____ () C:\Windows\system32\config\components_previous
2015-04-01 11:11 - 2006-11-02 15:52 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-01 08:22 - 2015-03-25 09:53 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-04-01 08:21 - 2011-12-20 19:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-28 22:00 - 2006-11-02 15:52 - 01835008 _____ () C:\Windows\system32\config\default_previous
2015-03-28 22:00 - 2006-11-02 15:52 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-03-28 21:49 - 2007-12-28 14:12 - 00202544 _____ () C:\Windows\PFRO.log
2015-03-28 01:47 - 2006-11-02 15:53 - 00000342 _____ () C:\Windows\win.ini
2015-03-28 01:45 - 2015-03-25 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
 
==================== Files in the root of some directories =======
 
2014-09-28 14:06 - 2014-09-28 14:10 - 6010880 _____ () C:\Program Files\GUT80A5.tmp
2008-08-09 15:15 - 2012-08-13 00:44 - 0000568 _____ () C:\Users\Abhishek\AppData\Roaming\wklnhst.dat
2008-04-09 10:45 - 2015-03-15 15:25 - 0006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat
2008-01-04 09:26 - 2015-03-15 13:01 - 0137216 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-11 22:33 - 2008-08-11 22:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-23 15:19
 
==================== End Of Log ============================
 
********************************************************************************************************************************************************************************************************
 
Addition.txt
********************************************************************************************************************************************************************************************************
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2015
Ran by Abhishek at 2015-04-26 23:29:08
Running from C:\Users\Abhishek\Desktop\lappy servicing\[bleep] 2
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Abhishek (S-1-5-21-4265441916-1708264049-1492465063-1000 - Administrator - Enabled) => C:\Users\Abhishek
Administrator (S-1-5-21-4265441916-1708264049-1492465063-500 - Administrator - Disabled)
Guest (S-1-5-21-4265441916-1708264049-1492465063-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FileZilla Client 3.1.1.1 (HKLM\...\FileZilla Client) (Version: 3.1.1.1 - )
Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Laptop Integrated Webcam Driver (1.03.02.0719)   (HKLM\...\Creative OEM002) (Version:  - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.06.13151 - Sony Corporation)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Restore Points  =========================
 
07-04-2015 22:49:58 Scheduled Checkpoint
18-04-2015 13:54:43 Scheduled Checkpoint
19-04-2015 13:01:21 Windows Update
20-04-2015 03:00:21 Windows Update
21-04-2015 13:03:48 Scheduled Checkpoint
23-04-2015 15:22:10 Windows Update
25-04-2015 14:23:35 Installed Compatibility Pack for the 2007 Office system
26-04-2015 13:40:35 Scheduled Checkpoint
26-04-2015 16:46:02 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 15:53 - 2015-03-16 22:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {001B59FC-7DCC-4D33-A2ED-15182A2F5686} - System32\Tasks\{2CD37C56-66DD-4BDE-B7B9-492866C3E6C4} => pcalua.exe -a C:\Users\Abhishek\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe -d "C:\Program Files\OpenOffice.org 3\program"
Task: {084AD666-F8B5-4090-9C38-CFFF8D6C4E67} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe http://ui.skype.com/...l?page=tsPlugin
Task: {1AB3785F-41B9-45D2-9979-9BB9785E9602} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {239F1C0C-DBFE-4EA8-861A-B7E44453A2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {23AD59E5-7B45-4DAE-97D1-96FDD0308AD7} - System32\Tasks\WpsUpdateTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {33009D32-EEF0-44B4-8975-E7C369FD6136} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-17] (Facebook Inc.)
Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads
Task: {B5E80C9A-78B6-4B1D-B89E-B6B2B8EF0956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {C22D95F8-BEAC-4087-93D5-B9137B7160C3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E1575974-A5DD-496D-8DAC-F91AE17A5AF6} - System32\Tasks\WpsNotifyTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {ED0D0DE3-CAAC-4954-B6A5-339256A524FE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-17] (Facebook Inc.)
Task: {EF98DFEF-37BA-4345-B88B-AC78C08D03D4} - System32\Tasks\{70D6C1BD-CE5A-4232-85BB-A37964871491} => pcalua.exe -a "C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MVG1Q4W\RealPlayer11GOLD[2].exe" -d C:\Users\Abhishek
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job => C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsNotifyTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-17 23:02 - 2009-01-20 15:36 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-03-17 23:02 - 2009-01-20 15:36 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2007-12-28 21:40 - 2007-06-29 14:52 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2008-08-11 20:18 - 2008-08-11 20:18 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-03-22 02:57 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-22 02:57 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-04-19 12:55 - 2015-04-14 03:25 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
 
There are 4731 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk => C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk => C:\Windows\pss\Dell Network Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zoozoo widget.lnk => C:\Windows\pss\Zoozoo widget.lnk.Startup
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{67E42A96-1CEC-47BC-B0CD-2D0FCED9F4FB}] => (Allow) C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
FirewallRules: [{A9816FE2-89DF-4281-BD52-40BEE818D830}] => (Allow) C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
FirewallRules: [{0CD9C7F8-12C5-4FF2-AB04-7BBD43DB8184}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{20EFC583-C6CE-4C2F-AB56-C8B2C96E16E3}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{83A2C59C-B61C-4714-945C-83E04BDD6C54}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{5D5B44F3-6CED-492B-805E-6FFEEFB4D89F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{A954FFCB-1DCD-4165-AE31-8368E28E4BB5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BFBF6E2D-D6E6-4820-B087-377AB4C5EA33}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{F1C7A4D0-77BE-4968-81C4-0FBF0C92999D}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{FC3BCBA8-4CBC-4EA3-8D0E-7E6D8D4A9188}] => (Allow) C:\Users\Abhishek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{EFC58A2F-E239-4042-AB58-8768E39941C4}] => (Allow) C:\Users\Abhishek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{D07185C5-50EC-490B-BEA4-077301F81F16}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{67D6BDCA-5BDC-404C-988D-07A2C28BD163}] => (Allow) C:\Program Files\Deal Keeper\bin\DealKeeper.BRT.Helper.exe
FirewallRules: [{CDE49946-6EB1-437A-A131-7CC6CDFC9FC6}] => (Allow) C:\Program Files\Deal Keeper\bin\DealKeeper.BRT.Helper.exe
FirewallRules: [{FB582D3E-C857-4A17-9FC9-1421D7199431}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/20/2015 03:24:04 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (04/18/2015 01:23:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={F7A96C70-7802-4E32-AF83-251F877DC200}: The user Abhishek-PC\Abhishek dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
 
Error: (04/18/2015 01:05:25 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={707B6523-F184-49BA-989B-34B6BB6E38CD}: The user Abhishek-PC\Abhishek dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
 
Error: (04/18/2015 01:04:57 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A51D02A8-F3F7-4D34-8A74-5D09F5F817C3}: The user Abhishek-PC\Abhishek dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
 
Error: (04/18/2015 01:04:42 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E10AFEC7-FB41-470D-8FC3-2C8164FD9DE3}: The user Abhishek-PC\Abhishek dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
 
Error: (03/28/2015 10:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PSIA.exe, version 3.0.0.10004, time stamp 0x54784a82, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x828, application start time 0xPSIA.exe0.
 
Error: (03/28/2015 08:10:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c323c98b-d3d2-4a3f-b2e1-bce9b25a6c30}
 
Error: (03/28/2015 07:54:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c323c98b-d3d2-4a3f-b2e1-bce9b25a6c30}
 
Error: (03/26/2015 11:33:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (03/26/2015 08:45:39 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (04/23/2015 03:18:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5
 
Error: (04/23/2015 03:08:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (04/23/2015 03:05:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (04/21/2015 09:36:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
 
Error: (04/20/2015 03:58:44 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5
 
Error: (04/20/2015 03:58:38 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (04/20/2015 03:50:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (04/20/2015 03:50:00 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (04/20/2015 03:44:01 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update
 
Error: (04/19/2015 00:37:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 114.3.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (04/20/2015 03:24:04 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (04/18/2015 01:23:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {F7A96C70-7802-4E32-AF83-251F877DC200}Abhishek-PC\AbhishekBroadband Connection0
 
Error: (04/18/2015 01:05:25 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {707B6523-F184-49BA-989B-34B6BB6E38CD}Abhishek-PC\AbhishekBroadband Connection0
 
Error: (04/18/2015 01:04:57 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {A51D02A8-F3F7-4D34-8A74-5D09F5F817C3}Abhishek-PC\AbhishekBroadband Connection0
 
Error: (04/18/2015 01:04:42 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {E10AFEC7-FB41-470D-8FC3-2C8164FD9DE3}Abhishek-PC\AbhishekBroadband Connection0
 
Error: (03/28/2015 10:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000050000000082801d06973015c7fa0
 
Error: (03/28/2015 08:10:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c323c98b-d3d2-4a3f-b2e1-bce9b25a6c30}
 
Error: (03/28/2015 07:54:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c323c98b-d3d2-4a3f-b2e1-bce9b25a6c30}
 
Error: (03/26/2015 11:33:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (03/26/2015 08:45:39 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\ABHISHEK\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-26 23:27:59.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-26 23:27:59.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-26 23:27:58.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-26 23:27:58.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-22 22:02:18.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-22 22:02:17.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-22 22:02:17.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-22 22:02:16.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-22 22:02:16.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-22 22:02:16.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 2037.45 MB
Available physical RAM: 441.45 MB
Total Pagefile: 4316.18 MB
Available Pagefile: 1916.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.54 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:42.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
********************************************************************************************************************************************************************************************************

  • 0

#4
zep516
Posted 26 April 2015 - 12:22 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

I guess it's the right time to check again so that I don't end up in the same situation

Not seeing much in logs. We can do some checks. You already have Malwarebytes let see a log file from that. You may skip the download part.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#5
abhi6512
Posted 27 April 2015 - 11:33 AM

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hello,

PFB the MBAM scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 27-04-2015
Scan Time: 22:27:14
Logfile: mbamlog.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.27.03
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Abhishek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325833
Time Elapsed: 19 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
zep516
Posted 27 April 2015 - 02:10 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
S3 zteusbser; system32\DRIVERS\ztemtusbser.sys [X]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fixlog.txt in your next reply.
  • 0

#7
abhi6512
Posted 03 May 2015 - 12:02 PM

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hello,

PFB the fixlog.txt from my machine:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2015
Ran by Abhishek at 2015-05-03 13:34:22 Run:6
Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 2
Loaded Profiles: Abhishek (Available profiles: Abhishek)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
S3 zteusbser; system32\DRIVERS\ztemtusbser.sys [X]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetActiveDesktop => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
blbdrive => Service deleted successfully.
ewusbnet => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
hwdatacard => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
pccsmcfd => Service deleted successfully.
ztemtusbser => Service deleted successfully.
zteusbser => Service deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 323.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:35:28 ====
 
Regards,
Abhishek

  • 0

#8
zep516
Posted 03 May 2015 - 02:10 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Thanks
    Joe

  • 0

#9
zep516
Posted 08 May 2015 - 07:56 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
zep516
Posted 09 May 2015 - 03:02 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
This topic has been reopened by user request.
  • 0

Advertisements

#11
abhi6512
Posted 10 May 2015 - 09:55 PM

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi zep516 (still don't know ur name :)),

Sincere thanks for considering my request. 

Mentioned below are the logs as per your instructions in last post:

 

AdwCleaner[S0].txt

**************************************************************************************************************************************************************

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 14:48:02
# Updated 30/04/2015 by Xplode
# Database : 2015-04-30.2 [Local]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : Abhishek - ABHISHEK-PC
# Running from : C:\Users\Abhishek\Desktop\lappy servicing\pass 2\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\KingSoft
Folder Deleted : C:\ProgramData\5498887787495862858
Folder Deleted : C:\Users\Abhishek\AppData\Local\KingSoft
Folder Deleted : C:\Users\Abhishek\AppData\Roaming\KingSoft
 
***** [ Scheduled tasks ] *****
 
Task Deleted : RunAsStdUser Task for VeohWebPlayer
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKU\.DEFAULT\Software\CToolbar
Key Deleted : HKU\.DEFAULT\Software\PennyBee
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16636
 
 
-\\ Google Chrome v42.0.2311.135
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [1252 bytes] - [08/05/2015 09:47:57]
AdwCleaner[R1].txt - [1311 bytes] - [09/05/2015 14:35:23]
AdwCleaner[S0].txt - [1252 bytes] - [09/05/2015 14:48:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1311  bytes] ##########
 

**************************************************************************************************************************************************************

 

 

JRT].txt

**************************************************************************************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.9 (05.08.2015:1)
OS: Windows Vista ™ Home Basic x86
Ran by Abhishek on 09-05-2015 at 15:23:17.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Failed to stop: [Service] apnmcp
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\Program Files\askpartnernetwork
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\askpartnernetwork
Successfully deleted: [Folder] C:\Users\Abhishek\local settings\application data\askpartnernetwork
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09-05-2015 at 15:25:28.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

**************************************************************************************************************************************************************

 

PS: Just curious what were the infections found in  my machine & what was the remedy we applied.

 

Regards,

Abhishek


  • 0

#12
zep516
Posted 11 May 2015 - 04:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

My name is Joe.

Still not seeing much just a small amount of adware, that Adwcleaner and Junkware removal tool have taken care of.

Lets run an online scan and see what that shows for us.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Thanks
Joe :)
  • 0

#13
abhi6512
Posted 12 May 2015 - 11:16 AM

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Joe,

PFB the log for your reference:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=79f70f85893ceb48a6f50723f816fe35
# engine=23804
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-12 06:34:41
# local_time=2015-05-12 12:04:41 (+0530, India Standard Time)
# country="India"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4964042 54414475 0 0
# scanned=158381
# found=4
# cleaned=0
# scan_time=8929
sh=025F0F66ADE70B65CB27678089BB47F72CB10C95 ft=1 fh=170b9fdf4564c666 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe"
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Abhishek\Desktop\lappy servicing\spsetup128.exe"
sh=6D54E41DFEF9CB0715EF01E2ADA9150475960565 ft=1 fh=e63929314e2b46c3 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Users\Abhishek\Downloads\winzip160.exe"
sh=D9557B285C58CE7E5517D44EF82811A0F7511E29 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\1a0bb9.msi"
 
Thanks,
Abhishek

  • 0

#14
zep516
Posted 13 May 2015 - 05:17 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
There are some minor things in your online scan that should be removed.
delete files
  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Program Files\askpartnernetwork"
    rd /s /q "C:\Windows\Installer\1a0bb9.msi"
    rd /s /q "C:\Users\Abhishek\Downloads\winzip160.exe"
    rd /s /q "C:\Users\Abhishek\Desktop\lappy servicing\spsetup128.exe"
    rd /s /q "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: vista_bat_icon.png
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

    Next

    Download Security Check by screen317 from Here or Here
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

    Next
    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    In your next reply post;
    Checkup.txt
    Hijackthis log


  • 0

#15
abhi6512
Posted 16 May 2015 - 01:52 AM

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Joe,

PFB the logs:

 

Checkup.txt

******************************************************************************************************************

 Results of screen317's Security Check version 1.001  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Reader 10.1.14 Adobe Reader out of Date!  
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 
 

******************************************************************************************************************

Hijackthis log

******************************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:19:52, on 16-05-2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16644)
 
 
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Abhishek\Desktop\lappy servicing\pass 2\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 7310 bytes

******************************************************************************************************************


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP