Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer slow and possibly infected with malware [Solved]

Started by provost , Apr 29 2015 09:01 AM

  • This topic is locked This topic is locked

#1
provost
Posted 29 April 2015 - 09:01 AM

provost

    Member

  • Member
  • PipPip
  • 11 posts

Hello,

 

My computer has become very slow recently. I ran Malware Anti-Malwarebytes a few times and it showed malware like pup.optional among others. Could you help clean it? Thanks a lot in advance!

 

EDIT: HERE ARE OTHER ISSUES I REMEMBERED.

 

1. BROWSERS ARE VERY SLOW

2. SHOCKWAVE PLUGIN KEEPS CRASHING

3. ALL IMAGES/ONLINE PICS LOAD SLOWER THAN TEXT

 

Here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by Vamsi (administrator) on EXELUS-PC on 28-04-2015 14:10:37
Running from C:\Users\Vamsi\Desktop
Loaded Profiles: Vamsi (Available profiles: Vamsi & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Aspen Technology, Inc.) C:\AspenTech\BPE\AfwSecCliSvc.exe
(Aspen Technology Inc) C:\AspenTech\Aspen PIMS\PIMS Case Runner Service\PIMSCaseRunnerCoreService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Aspen Technology Inc) C:\AspenTech\Aspen PIMS\PIMSRemoteServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Aspen Technology Inc) C:\AspenTech\Aspen PIMS\PIMS Case Runner Service\PIMSCaseRunnerWebService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\AspenTechAdapterAgentService.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Kensington Technology Group) C:\Windows\System32\kmw_run.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [kmw_run.exe] => C:\windows\system32\kmw_run.exe [106496 2006-08-03] (Kensington Technology Group)
HKLM\...\Run: [MSWheel] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-12-21] (RealNetworks, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [602624 2009-03-12] ()
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [Virtual PDF Printer] => C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\RunOnce: [Import FF:0] => "C:\Users\Vamsi\AppData\Local\browser extensions\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Vamsi\AppData\Local\browser extensions\TrustedRoot.cer" -d "C:\U (the data entry has 69 more characters).
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [Google Update] => C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-18] (Google Inc.)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-21] (Google Inc.)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2014-01-07]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2010-10-01]
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
Startup: C:\Users\Vamsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-12-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Vamsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup_145643.lnk [2015-02-23]
ShortcutTarget: Setup_145643.lnk -> C:\ProgramData\{fc6828d5-36aa-9d16-fc68-828d536aa354}\Setup_145643.exe (No File)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co...=TSNA&bmod=TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-21] (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
BHO: IEHlprObjClass -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://uva-anywhere...ries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{96dfc2a9-6e0f-4dd5-9962-6c72340a8c67}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Vamsi\AppData\Roaming\Mozilla\Firefox\Profiles\j6p4somf.default-1429717124771
FF Homepage: hxxp://www.google.com/
FF Plugin: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @hola.org/vlc,version=1.6.732 -> C:\Users\Vamsi\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Vamsi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @talk.google.com/O1DPlugin -> C:\Users\Vamsi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npSfAppM.dll [2007-05-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-11-06] (NOS Microsystems Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\Vamsi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Vamsi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009-12-21]

Chrome:
=======
CHR Profile: C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-22]
CHR Extension: (YouTube) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-22]
CHR Extension: (Google Search) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (Google Sheets) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-22]
CHR Extension: (BetaFish Adblocker) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-22]
CHR Extension: (Google Wallet) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-22]
CHR Extension: (Gmail) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Vamsi\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-10]
CHR HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AfwSecCliSvc; C:\AspenTech\BPE\AfwSecCliSvc.exe [431104 2013-09-19] (Aspen Technology, Inc.) [File not signed]
R2 aspenpimscrcore; C:\AspenTech\Aspen PIMS\PIMS Case Runner Service\PIMSCaseRunnerCoreService.exe [38400 2013-10-11] (Aspen Technology Inc) [File not signed]
R2 aspenpimscrweb; C:\AspenTech\Aspen PIMS\PIMS Case Runner Service\PIMSCaseRunnerWebService.exe [26112 2013-10-11] (Aspen Technology Inc) [File not signed]
S2 AspenTech Enterprise Integration Framework; C:\AspenTech\AspenEIF\bin\AspenIntegrationFramework.exe [9728 2013-09-30] (Aspen Technology, Inc.) [File not signed]
U2 AspenTechAdapterAgentService; C:\AspenTech\aspenONE V8.4\ResourceAdaptor\AspenTechAdapterAgentService.exe [9216 2013-10-09] (Aspen Technology) [File not signed]
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
S3 ECPIMSAdapter; C:\AspenTech\AEP\EnterpriseConnect\IntegrationPacks\Pims\Adapter\bin\ECPimsAdapter.exe [20480 2013-10-11] (Aspen Technology, Inc.) [File not signed]
R2 HPSLPSVC; C:\Users\Vamsi\AppData\Local\Temp\7zS54B3\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 OpcEnum; C:\windows\system32\OpcEnum.exe [172832 2011-01-17] (OPC Foundation)
R2 PIMSRemoteService; C:\AspenTech\Aspen PIMS\PIMSRemoteServer.exe [20480 2013-10-11] (Aspen Technology Inc) [File not signed]
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.)
S3 CVirtA; C:\windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R3 KMW_KBD; C:\windows\System32\DRIVERS\KMW_KBD.sys [5376 2006-08-03] (Kensington Technology Group) [File not signed]
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 RTL8187B; C:\windows\System32\DRIVERS\RTL8187B.sys [374272 2009-07-01] (Realtek Semiconductor Corporation                           )
R0 SCMNdisP; C:\windows\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows ® Win 7 DDK provider)
S3 taphss; C:\windows\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 12:04 - 2015-04-28 18:58 - 00025966 _____ () C:\Users\Vamsi\Desktop\FRST.txt
2015-04-28 11:59 - 2015-04-28 14:17 - 00000000 ____D () C:\FRST
2015-04-28 11:27 - 2015-04-28 11:25 - 01140736 _____ (Farbar) C:\Users\Vamsi\Desktop\FRST.exe
2015-04-28 11:24 - 2015-04-28 11:25 - 01140736 _____ (Farbar) C:\Users\Vamsi\Downloads\FRST.exe
2015-04-27 13:47 - 2015-04-27 13:47 - 00000552 _____ () C:\Users\Vamsi\Downloads\CL (2).txt
2015-04-27 12:26 - 2015-04-27 14:47 - 00008620 _____ () C:\Users\Vamsi\Desktop\Companies.xlsx
2015-04-27 11:08 - 2015-04-27 11:08 - 00000552 _____ () C:\Users\Vamsi\Downloads\CL (1).txt
2015-04-27 11:07 - 2015-04-27 11:08 - 00000552 _____ () C:\Users\Vamsi\Downloads\CL.txt
2015-04-27 10:04 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-04-27 10:04 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-27 10:04 - 2015-03-17 01:01 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-27 10:04 - 2015-03-17 01:01 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-27 10:04 - 2015-03-17 00:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-27 10:04 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-27 10:04 - 2015-03-17 00:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-27 10:04 - 2015-03-17 00:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-27 10:03 - 2015-03-17 00:57 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-27 10:03 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-27 10:03 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-27 10:03 - 2015-03-17 00:57 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-27 10:03 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-27 10:03 - 2015-03-17 00:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-27 10:03 - 2015-03-17 00:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-27 10:03 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-27 10:03 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-27 10:03 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-27 10:03 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-27 10:03 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-24 09:27 - 2015-04-27 12:26 - 00000000 ____D () C:\Users\Vamsi\Desktop\Apr 15 Personal
2015-04-23 10:49 - 2015-03-04 00:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-23 10:49 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-22 16:09 - 2015-03-05 00:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-22 15:47 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-22 15:47 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-22 15:45 - 2015-03-22 23:06 - 00860160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-22 15:45 - 2015-03-22 23:06 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-22 15:45 - 2015-03-22 23:06 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-22 15:45 - 2015-03-22 23:06 - 00331264 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-22 15:45 - 2015-03-22 23:06 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-22 15:45 - 2015-03-22 23:06 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-22 15:45 - 2015-03-22 23:06 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-22 15:45 - 2015-03-22 22:59 - 00896000 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-22 13:36 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-22 13:36 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-22 13:36 - 2015-03-24 23:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-22 11:09 - 2015-02-24 23:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-15 16:16 - 2015-04-15 16:16 - 02217984 _____ () C:\Users\Vamsi\Downloads\adwcleaner_4.201.exe
2015-04-14 09:24 - 2015-04-28 10:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-13 10:23 - 2015-04-13 10:23 - 00000000 ____D () C:\Users\Vamsi\Desktop\2015-04-13
2015-04-06 16:59 - 2015-04-06 17:00 - 00000000 ___SD () C:\windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 09:23 - 2010-01-30 14:13 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 09:20 - 2012-12-07 14:27 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1076756418-2801547457-1009607644-1000UA.job
2015-04-28 17:59 - 2009-09-13 07:19 - 01711382 _____ () C:\windows\WindowsUpdate.log
2015-04-28 17:08 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-04-28 16:21 - 2012-12-07 14:27 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1076756418-2801547457-1009607644-1000Core.job
2015-04-28 13:57 - 2013-05-10 14:32 - 00000000 ___RD () C:\Users\Vamsi\Google Drive
2015-04-28 13:48 - 2009-07-14 00:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 13:48 - 2009-07-14 00:34 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 13:46 - 2010-01-30 14:13 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 13:27 - 2015-02-24 11:16 - 00003876 _____ () C:\windows\setupact.log
2015-04-28 13:27 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-28 09:17 - 2015-01-07 10:14 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-28 09:17 - 2014-05-06 17:15 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-27 22:15 - 2013-08-14 17:11 - 00000000 ____D () C:\windows\system32\MRT
2015-04-27 20:01 - 2009-12-11 11:27 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-27 19:42 - 2009-09-13 07:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-27 11:46 - 2009-11-23 14:50 - 00000000 ____D () C:\Users\Vamsi\AppData\Roaming\Mozilla
2015-04-23 15:48 - 2009-08-21 22:45 - 00816214 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-23 15:43 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\inetsrv
2015-04-22 11:39 - 2015-02-19 14:59 - 00000000 ____D () C:\Users\Vamsi\Desktop\Old Firefox Data
2015-04-17 09:51 - 2015-03-09 17:20 - 00003202 _____ () C:\windows\PFRO.log
2015-04-16 12:35 - 2009-11-23 12:31 - 00000000 ____D () C:\Users\Vamsi\AppData\Local\Adobe
2015-04-15 18:11 - 2015-02-23 16:12 - 00000000 ____D () C:\AdwCleaner
2015-04-15 16:47 - 2012-07-01 21:14 - 00000000 ____D () C:\Program Files\Everything
2015-04-15 11:57 - 2014-04-07 14:18 - 00000000 ____D () C:\Users\Vamsi\Desktop\Gen April 14
2015-04-15 09:18 - 2015-02-19 15:11 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 09:04 - 2012-05-07 11:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-08 10:22 - 2015-02-13 11:33 - 00195072 _____ () C:\Users\Vamsi\Desktop\Monthly Summary_2015_VMV.ppt
2015-04-08 10:03 - 2015-02-13 11:26 - 00107520 _____ () C:\Users\Vamsi\Desktop\Vadhri - 2015 Time Sheet.xls
2015-04-03 13:54 - 2013-04-30 14:46 - 00000000 ____D () C:\Users\Vamsi\Desktop\GC

==================== Files in the root of some directories =======

2015-02-19 14:44 - 2015-02-19 14:44 - 0000000 _____ () C:\Users\Vamsi\AppData\Roaming\1.txt
2013-08-28 11:26 - 2013-08-28 11:26 - 0000000 _____ () C:\Users\Vamsi\AppData\Roaming\wklnhst.dat
2011-12-02 10:17 - 2011-12-02 12:17 - 0008572 ___SH () C:\Users\Vamsi\AppData\Local\3j32yw3y18d132
2015-02-19 17:29 - 2015-02-19 17:29 - 0000064 _____ () C:\Users\Vamsi\AppData\Local\d28f789dd9041123b8d37f5a68247b0c
2011-12-02 10:17 - 2011-12-02 12:17 - 0008572 ___SH () C:\ProgramData\3j32yw3y18d132
2011-12-01 17:12 - 2011-12-01 17:16 - 0000112 _____ () C:\ProgramData\BMl483.dat
2015-03-10 13:33 - 2015-03-10 14:02 - 0000070 _____ () C:\ProgramData\hxnet.ini
2011-12-01 17:14 - 2011-12-01 17:14 - 0000000 _____ () C:\ProgramData\U165nY46.exe.b

Files to move or delete:
====================
C:\ProgramData\BMl483.dat


Some content of TEMP:
====================
C:\Users\Vamsi\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Vamsi\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Vamsi\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Vamsi\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Vamsi\AppData\Local\Temp\DVDBrowserWizardDLL.dll
C:\Users\Vamsi\AppData\Local\Temp\optprosetup.exe
C:\Users\Vamsi\AppData\Local\Temp\Quarantine.exe
C:\Users\Vamsi\AppData\Local\Temp\sqlite3.dll
C:\Users\Vamsi\AppData\Local\Temp\{E1B5B140-2091-449D-9F85-6D87605A76EF}-42.0.2311.90_41.0.2272.118_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 09:50

==================== End Of Log ============================

 

Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2015 01
Ran by Vamsi at 2015-04-29 09:40:51
Running from C:\Users\Vamsi\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1076756418-2801547457-1009607644-500 - Administrator - Disabled)
Guest (S-1-5-21-1076756418-2801547457-1009607644-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1076756418-2801547457-1009607644-1002 - Limited - Enabled)
Vamsi (S-1-5-21-1076756418-2801547457-1009607644-1000 - Administrator - Enabled) => C:\Users\Vamsi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACD/Labs Software in C:\Program Files\ACDFREE11\ (HKLM\...\ACDLabs in C__Program_Files_ACDFREE11_) (Version: v11.00, FREE - ACD/Labs)
Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aspen Basic Engineering V8.4 (HKLM\...\{A407433F-9773-41A1-8E2D-7285C5F35290}) (Version: 18.1.2 - AspenTech)
Aspen Batch Process Developer V8.4 (HKLM\...\{C0BD5191-F17D-4CA3-9C20-030758C0828D}) (Version: 30.0.0 - AspenTech)
Aspen Energy Analyzer V8.4 (HKLM\...\{BB45F53F-4F9D-489D-935B-DD59EBBD7787}) (Version: 30.0.0 - AspenTech)
Aspen Exchanger Design & Rating V8.4 (HKLM\...\{D32F3744-A7CD-46FE-8FF1-A11B3B32E488}) (Version: 30.0.0 - AspenTech)
Aspen Flare System Analyzer V8.4 (HKLM\...\{AA2EB947-5F9A-47D3-B1E5-6A5EC2744E49}) (Version: 30.0.0 - AspenTech)
Aspen OTS Framework V8.4 (HKLM\...\{CFBBECD6-6A08-40BE-BE0F-26EA2D98426D}) (Version: 30.0.0 - AspenTech)
Aspen PIMS (HKLM\...\{A63F817F-C299-48EC-849A-7FE806D0251E}) (Version: 19.4.21.0 - AspenTech)
Aspen Process Manuals V8.4 (HKLM\...\{E2A0C41D-4CA7-40DB-9B5C-545A3C799618}) (Version: 30.0.0 - AspenTech)
Aspen Process Tools V8.4 (HKLM\...\{27BAAE2B-550D-4CD3-9C65-39E831E867CB}) (Version: 30.0.0 - AspenTech)
Aspen Properties V8.4 (HKLM\...\{0B9418DC-CC21-4366-8B1D-A73899D92E84}) (Version: 30.0 - AspenTech)
Aspen Simulation Workbook V8.4 (HKLM\...\{F1E16B28-9BB8-4836-9C58-2FB970F63AB6}) (Version: 30.0.0 - AspenTech)
Aspen Utilities Planner V8.4 (HKLM\...\{DAFFE6DE-54AD-4234-8D36-31B0AB90A27D}) (Version: 30.0.0 - AspenTech)
Aspen Version Comparison Assistant V8.4 (HKLM\...\{91C9C31A-84F9-4110-A277-D9B758AC096F}) (Version: 30.0.0.10 - AspenTech)
aspenONESimulationService (HKLM\...\{630D5FE5-FBCD-4904-B8F7-80E85300C69B}) (Version: 8.4.0.0 - AspenTech)
CambridgeSoft Activation Client (HKLM\...\{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemDraw Ultra 12.0 (HKLM\...\{48DEAAF2-8276-4BBD-B7B6-91E454938476}) (Version: 12.0 - CambridgeSoft Corporation)
Cisco AnyConnect VPN Client (HKLM\...\{92083A9A-549D-4057-88E8-223EA08563FA}) (Version: 2.4.1012 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.04.0300 (ITC) (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc. (ITC))
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Economic Evaluation V8.4 (HKLM\...\{DFE5F4EE-263D-41C1-B785-D5E4402D0007}) (Version: 30.0.0 - AspenTech)
Everything 1.2.1.371 (HKLM\...\Everything) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Color LaserJet 3600 (02/27/2007 61.063.461.41) (HKLM\...\hpc3600e) (Version: 02/27/2007 61.063.461.41 - HP)
HP Support Solutions Framework (HKLM\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kensington MouseWorks (HKLM\...\{4C78937F-0C8E-11D9-A3EB-0001025FA304}) (Version: 6.11.4.1 - Kensington Technology Group)
Label@Once 1.0 (HKLM\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2012 (HKLM\...\{43CFAD10-0EAB-44FD-A1A3-5866A62065DB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{1EB9429A-A874-4BF0-961D-BDAAFB1641A6}) (Version: 8.05.2309 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 ADOMD.NET  (HKLM\...\{3C7C66FF-F85C-4303-A6D5-76588F4B2A7E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Analysis Management Objects  (HKLM\...\{171225ED-E0A4-4373-85F4-90E1010F2AC3}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Norton Internet Security (Version: 16.7.0.30 - Symantec Corporation) Hidden
OPC Core Components Redistributable (x86) 105.1 (HKLM\...\{40656A0A-4B04-43D7-8F68-32B55B2A156D}) (Version: 3.00.10501 - OPC Foundation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Process Modeling (Aspen Plus) V8.4 (HKLM\...\{0AAE17A5-EA77-4C93-8ABB-F0B7199D29D2}) (Version: 30.0 - AspenTech)
Process Modeling (HYSYS) V8.4 (HKLM\...\{D175363B-A17C-425D-8A9B-D8FF4D4C656F}) (Version: 30.0.0 - AspenTech)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30098 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
SciFinder Scholar 2007 (HKLM\...\{12377A05-0062-47F9-9CB9-AAAF8C22D645}) (Version:  - )
SciFinder Scholar Toolbar (HKLM\...\{455F9ACD-4967-446B-9174-8C87EA895F2A}) (Version:  - )
Simple Adblock (HKLM\...\{B4920103-09F6-4AD2-B150-CFC4474D2DDC}) (Version: 1.1.5 - Simple Adblock)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.0.50.26C - TOSHIBA) Hidden
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{0D623637-DBA2-11D1-B5DF-0060976089D0}\InprocServer32 -> C:\windows\system32\tdbg7.ocx (ComponentOne LLC)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{0D623645-DBA2-11D1-B5DF-0060976089D0}\InprocServer32 -> C:\windows\system32\tdbg7.ocx (ComponentOne LLC)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{0D62364C-DBA2-11D1-B5DF-0060976089D0}\InprocServer32 -> C:\windows\system32\tdbg7.ocx (ComponentOne LLC)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{0D623650-DBA2-11D1-B5DF-0060976089D0}\InprocServer32 -> C:\windows\system32\tdbg7.ocx (ComponentOne LLC)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{0D6236AB-DBA2-11D1-B5DF-0060976089D0}\InprocServer32 -> C:\windows\system32\xadb7.ocx (ComponentOne LLC)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{827E9F50-96A4-11CF-823E-000021570103}\InprocServer32 -> C:\windows\system32\graphs32.ocx (Bits Per Second Ltd)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{827E9F54-96A4-11CF-823E-000021570103}\InprocServer32 -> C:\windows\system32\graphs32.ocx (Bits Per Second Ltd)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DDE-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DDF-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DE0-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DE1-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DE2-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DE3-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DE4-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{AC5D0DE5-BD4C-11D1-B137-0000F8753F5D}\InprocServer32 -> C:\windows\system32\mschrt20.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{BD2F8D4B-3021-3B21-AE38-AE54FC0E2EE9}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{D0FC8A81-2CB2-101B-82B6-000000000014}\InprocServer32 -> C:\windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{E0DC8C80-3486-101B-82B6-000000000014}\InprocServer32 -> C:\windows\system32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\InprocServer32 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Common\DLLs\capicom.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

23-03-2015 09:07:50 Windows Update
25-03-2015 17:23:08 Windows Update
30-03-2015 09:18:12 Windows Update
03-04-2015 09:19:49 Windows Update
06-04-2015 09:26:00 Windows Update
06-04-2015 16:58:29 Windows Update
13-04-2015 09:11:31 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01E326BE-C414-4A37-9EA1-C09142DD1071} - System32\Tasks\OHFPZMMSIB => C:\ProgramData\a453d201fe4d47bb99d9c2f5e7b0086a\a453d201fe4d47bb99d9c2f5e7b0086a.exe
Task: {05696134-00B3-4EAD-ABFD-9DBFAF986CC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {088CF306-CB2C-49EB-925B-59C4DE183B2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {15A1AB50-0F65-4A7D-A3DF-EB545971AB08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2B078C30-C6CA-42F2-87B2-1C880155B42B} - \SMWPUpd No Task File <==== ATTENTION
Task: {3C089E8E-D648-4E81-A0B4-27EBB7786D02} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {6CFB148F-DE9C-44C0-8727-6EB4BC55F7A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1076756418-2801547457-1009607644-1000UA => C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {8ADABFB7-C207-4FB2-8D4C-3C15353026DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A3FB017D-584D-4D80-A3F5-C2352FF6D497} - System32\Tasks\{4FDA78A2-AF63-4686-8CCE-BF2B113D2912} => pcalua.exe -a C:\Users\Vamsi\Downloads\sfs2007(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {A4766556-E752-40A0-914A-78DEDFD3C660} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1076756418-2801547457-1009607644-1000Core => C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {B7276AA5-D5A7-4902-8012-32BEBE00977A} - \SMW_UpdateTask_Time_3730383935353532312d3737555a416c503257344a41 No Task File <==== ATTENTION
Task: {CEC99BDE-C78F-4926-9C1E-2ADB27A5769B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E0708BC5-5187-4DFA-8782-91D2ED1D4434} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {F0FBD190-3FEB-4798-A4C4-81994D5C1C1E} - System32\Tasks\{76964A97-2833-49E3-9598-D81DEF23A0C9} => pcalua.exe -a "C:\Hyprotech\HYSYS 3.2\hysys.exe" -d "C:\Hyprotech\HYSYS 3.2\"
Task: {F583F8BD-CE24-41A1-8D86-9F9A07CAB873} - System32\Tasks\{1BF2AA1B-7173-41B2-883E-5507485C8565} => pcalua.exe -a "C:\Users\Vamsi\Documents\Vuze Downloads\Hysys\HYSYS v3.2\Setup.exe" -d "C:\Users\Vamsi\Documents\Vuze Downloads\Hysys\HYSYS v3.2"
Task: {FFE28794-C885-4CAC-A184-F6568CB3222C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1076756418-2801547457-1009607644-1000Core.job => C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1076756418-2801547457-1009607644-1000UA.job => C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2008-08-29 13:58 - 2008-08-29 13:58 - 00197408 _____ () C:\windows\system32\vpnapi.dll
2014-01-07 14:36 - 2011-07-28 18:06 - 00297440 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2014-01-07 14:36 - 2011-07-27 12:53 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-08-21 22:39 - 2009-06-22 18:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 14:07 - 2009-07-25 14:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2014-01-07 14:36 - 2011-07-28 18:06 - 08247264 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
2014-01-07 14:36 - 2009-08-28 17:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
2009-08-03 21:17 - 2009-08-03 21:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-04-20 10:05 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vamsi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{9A170A79-D729-42A0-BDDF-19DF13CCA287}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{02044094-BF7A-4767-9C19-722E3B2C9DBC}] => (Allow) svchost.exe
FirewallRules: [{35B4567D-46AE-4C97-B573-DF7EA9FDB87A}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3229C5EE-8ABB-417A-9D93-326215EF4F0B}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{A6CE7226-607B-4879-AA75-99C22CEE8B7F}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{1C8A1825-DD7A-43D5-A910-C30EE134948C}] => (Allow) C:\Program Files\Microsoft Office\Office12\outlook.exe
FirewallRules: [{8ABD60C1-6018-4D87-830D-9E52ED44CC54}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{28E2D287-BEAD-49C5-B5FB-9117EAD28F54}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{72E24A03-439A-496F-A5F1-3B091D8B9532}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{D79D1782-BACE-45B8-BC53-721C572B985B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{5BD7A0A8-77E5-42CA-99CD-6E5F00F54ABA}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{F237977F-B55D-4352-A948-171D3DF9B157}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{62186888-B0F0-4661-BA94-FA91A406B8B2}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{02DD8FF0-1C9D-49D1-BD70-4DA8EFA02E9A}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [TCP Query User{52D3C1E2-B974-4C77-93E8-D4F389C4538A}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{9636B2FB-70E4-4B76-AE88-BE34F9FDCB38}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{F3D9E85D-C65B-4A41-BF3F-D8838099CE9C}] => (Allow) C:\Users\Vamsi\AppData\Local\Temp\hpdiu2\HPDIU\HPDIUNetwork.exe
FirewallRules: [{529ABC00-E5E1-4C37-B5F1-0D78DD32F76C}] => (Allow) C:\Users\Vamsi\AppData\Local\Temp\hpdiu2\HPDIU\HPDIUNetwork.exe
FirewallRules: [TCP Query User{DD26D4B1-9A5C-4997-9433-299D4B434A2A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{053AC972-781C-4F3D-92C2-7616FF72B29B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8EE58250-0E1B-4279-B733-B66DDCCF6B1C}] => (Allow) C:\SFSCHLR\sfschlr.exe
FirewallRules: [{86B41527-38DC-4048-9DA0-DFBD27DBF0C6}] => (Allow) C:\SFSCHLR\sfschlr.exe
FirewallRules: [{6EAB2E53-34B8-427D-9926-343FCBC1BCD8}] => (Allow) C:\SFSCHLR\sfschlr.exe
FirewallRules: [{948089C0-4A6B-4C90-B2FF-99192E0E01BF}] => (Allow) C:\SFSCHLR\sfschlr.exe
FirewallRules: [{37F09F6A-C95C-4D25-B943-728C559DF133}] => (Allow) LPort=210
FirewallRules: [{E4AAAC44-96E1-4BDB-BA0B-268FCFC9EBAE}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C67BCA2-8953-4AED-B7E1-6BC47981AEF1}] => (Allow) LPort=2869
FirewallRules: [{4E2D709E-128B-487A-9E0C-00658606F13E}] => (Allow) LPort=1900
FirewallRules: [{4CEB53FF-29D0-47C4-9142-62689CCB80C8}] => (Allow) C:\Users\Vamsi\Downloads\PDFReader_Setup.exe
FirewallRules: [{E798F164-B447-4E0E-A180-07210DDCF9C3}] => (Allow) C:\Users\Vamsi\Downloads\PDFReader_Setup.exe

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe FE Family Controller - Deterministic Network Enhancer Miniport
Description: Deterministic Network Enhancer Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Deterministic Networks
Service: DNE
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: HP LaserJet Professional P1102w
Description: HP LaserJet Professional P1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1102w
Description: HP LaserJet Professional P1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1102w
Description: HP LaserJet Professional P1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet 3600
Description: HP Color LaserJet 3600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2015 09:21:05 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (04/28/2015 01:54:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 5.1.15.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x000184fe
Faulting process id: 0xa10
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (04/28/2015 01:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 5.1.15.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x000184fe
Faulting process id: 0x17c
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (04/28/2015 01:35:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll_unloaded, version: 0.0.0.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x020284fe
Faulting process id: 0x604
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (04/28/2015 10:15:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 5.1.15.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x000184fe
Faulting process id: 0xaf8
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (04/28/2015 10:11:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 5.1.15.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x000184fe
Faulting process id: 0xe8c
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (04/28/2015 10:07:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (04/28/2015 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll_unloaded, version: 0.0.0.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x01eb84fe
Faulting process id: 0x6c0
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (04/28/2015 09:46:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 5.1.15.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x000184fe
Faulting process id: 0x135c
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (04/28/2015 09:37:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 5.1.15.0, time stamp: 0x45a81f84
Exception code: 0xc0000005
Fault offset: 0x000184fe
Faulting process id: 0x11b4
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3


System errors:
=============
Error: (04/29/2015 09:21:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (04/29/2015 09:12:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (04/29/2015 09:11:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (04/29/2015 09:11:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (04/29/2015 09:11:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

Error: (04/29/2015 09:10:45 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/29/2015 09:10:45 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/29/2015 09:10:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/29/2015 09:10:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/29/2015 09:10:43 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (11/13/2014 00:10:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 260 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (05/29/2014 10:57:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 600 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/02/2014 00:37:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 626 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (03/24/2014 09:24:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/24/2014 09:23:33 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 749 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (03/24/2014 09:10:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 165 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/19/2014 02:31:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 8365 seconds with 3480 seconds of active time.  This session ended with a crash.

Error: (03/12/2014 05:09:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1851 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/28/2013 05:02:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 8308 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/25/2013 05:25:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24808 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 1912.89 MB
Available physical RAM: 838.11 MB
Total Pagefile: 3825.77 MB
Available Pagefile: 2286.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.77 MB

==================== Drives ================================

Drive c: (TI102605W0E) (Fixed) (Total:223.27 GB) (Free:151.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: DC64DC64)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=223.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.1 GB) - (Type=17)

==================== End Of Log ============================


Edited by provost, 29 April 2015 - 11:32 AM.

  • 0

Advertisements

#2
Essexboy
Posted 02 May 2015 - 08:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, sorry for the delay.. After these fixes could you run a fresh FRST scan please and let me know what problems you are experiencing

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\RunOnce: [Import FF:0] => "C:\Users\Vamsi\AppData\Local\browser extensions\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Vamsi\AppData\Local\browser extensions\TrustedRoot.cer" -d "C:\U (the data entry has 69 more characters).
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
Startup: C:\Users\Vamsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup_145643.lnk [2015-02-23]
ShortcutTarget: Setup_145643.lnk -> C:\ProgramData\{fc6828d5-36aa-9d16-fc68-828d536aa354}\Setup_145643.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://uva-anywhere...ries/vpnweb.cab
Winsock: Catalog5 01 mswsock.dll File Not found ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2011-12-02 10:17 - 2011-12-02 12:17 - 0008572 ___SH () C:\Users\Vamsi\AppData\Local\3j32yw3y18d132
2015-02-19 17:29 - 2015-02-19 17:29 - 0000064 _____ () C:\Users\Vamsi\AppData\Local\d28f789dd9041123b8d37f5a68247b0c
2011-12-02 10:17 - 2011-12-02 12:17 - 0008572 ___SH () C:\ProgramData\3j32yw3y18d132
2011-12-01 17:12 - 2011-12-01 17:16 - 0000112 _____ () C:\ProgramData\BMl483.dat
2015-03-10 13:33 - 2015-03-10 14:02 - 0000070 _____ () C:\ProgramData\hxnet.ini
2011-12-01 17:14 - 2011-12-01 17:14 - 0000000 _____ () C:\ProgramData\U165nY46.exe.b
Task: {2B078C30-C6CA-42F2-87B2-1C880155B42B} - \SMWPUpd No Task File <==== ATTENTION
Task: {B7276AA5-D5A7-4902-8012-32BEBE00977A} - \SMW_UpdateTask_Time_3730383935353532312d3737555a416c503257344a41 No Task File <==== ATTENTION
C:\Program Files\Itibiti Soft Phone
C:\ProgramData\{fc6828d5-36aa-9d16-fc68-828d536aa354}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
provost
Posted 02 May 2015 - 09:31 PM

provost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

Thanks a lot for helping me out. The infected machine is my office laptop, so I will run this on Monday and follow your instructions.


  • 0

#4
Essexboy
Posted 03 May 2015 - 03:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK :)
  • 0

#5
provost
Posted 05 May 2015 - 07:22 AM

provost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

So I have been running the fixlist.txt for over a day. It is still running. Is someting wrong? Should I stop it? It has a Fixlog.txt.


  • 0

#6
Essexboy
Posted 05 May 2015 - 08:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes as it should take no longer than a minute or so

Post the log that you have and let me know how the computer is
  • 0

#7
provost
Posted 05 May 2015 - 10:44 AM

provost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hello,

 

I ran the fixlist.txt and AdwCleaner. I am posting the logs and am currently running FRST.exe again as you said. (for some reason it takes a long time on my comp).

 

Some observations -

 

1. The computer has sped up considerably. It is still not very fast but it is much better.

 

2. I am still having issues with loading of images and videos. Especially with Shockwave plugin.(dont know if it is related to malware?

 

3. At any given time, if I start my Task Manager there are too many processes listed.

 

Thank you!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2015 01
Ran by Vamsi at 2015-05-04 09:00:44 Run:1
Running from C:\Users\Vamsi\Desktop
Loaded Profiles: Vamsi (Available profiles: Vamsi & DefaultAppPool)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\RunOnce: [Import FF:0] => "C:\Users\Vamsi\AppData\Local\browser extensions\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Vamsi\AppData\Local\browser extensions\TrustedRoot.cer" -d "C:\U (the data entry has 69 more characters).
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
Startup: C:\Users\Vamsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup_145643.lnk [2015-02-23]
ShortcutTarget: Setup_145643.lnk -> C:\ProgramData\{fc6828d5-36aa-9d16-fc68-828d536aa354}\Setup_145643.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://uva-anywhere...ries/vpnweb.cab
Winsock: Catalog5 01 mswsock.dll File Not found ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2011-12-02 10:17 - 2011-12-02 12:17 - 0008572 ___SH () C:\Users\Vamsi\AppData\Local\3j32yw3y18d132
2015-02-19 17:29 - 2015-02-19 17:29 - 0000064 _____ () C:\Users\Vamsi\AppData\Local\d28f789dd9041123b8d37f5a68247b0c
2011-12-02 10:17 - 2011-12-02 12:17 - 0008572 ___SH () C:\ProgramData\3j32yw3y18d132
2011-12-01 17:12 - 2011-12-01 17:16 - 0000112 _____ () C:\ProgramData\BMl483.dat
2015-03-10 13:33 - 2015-03-10 14:02 - 0000070 _____ () C:\ProgramData\hxnet.ini
2011-12-01 17:14 - 2011-12-01 17:14 - 0000000 _____ () C:\ProgramData\U165nY46.exe.b
Task: {2B078C30-C6CA-42F2-87B2-1C880155B42B} - \SMWPUpd No Task File <==== ATTENTION
Task: {B7276AA5-D5A7-4902-8012-32BEBE00977A} - \SMW_UpdateTask_Time_3730383935353532312d3737555a416c503257344a41 No Task File <==== ATTENTION
C:\Program Files\Itibiti Soft Phone
C:\ProgramData\{fc6828d5-36aa-9d16-fc68-828d536aa354}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Error: (0) Failed to create a restore point.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Import FF:0 => value deleted successfully.
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully.
C:\Users\Vamsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup_145643.lnk => Moved successfully.
C:\ProgramData\{fc6828d5-36aa-9d16-fc68-828d536aa354}\Setup_145643.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{55963676-2F5E-4BAF-AC28-CF26AA587566}" => Key deleted successfully.
"HKCR\CLSID\{55963676-2F5E-4BAF-AC28-CF26AA587566}" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Users\Vamsi\AppData\Local\3j32yw3y18d132 => Moved successfully.
C:\Users\Vamsi\AppData\Local\d28f789dd9041123b8d37f5a68247b0c => Moved successfully.
C:\ProgramData\3j32yw3y18d132 => Moved successfully.
C:\ProgramData\BMl483.dat => Moved successfully.
C:\ProgramData\hxnet.ini => Moved successfully.
C:\ProgramData\U165nY46.exe.b => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B078C30-C6CA-42F2-87B2-1C880155B42B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B078C30-C6CA-42F2-87B2-1C880155B42B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7276AA5-D5A7-4902-8012-32BEBE00977A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7276AA5-D5A7-4902-8012-32BEBE00977A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3730383935353532312d3737555a416c503257344a41" => Key deleted successfully.
C:\Program Files\Itibiti Soft Phone => Moved successfully.
C:\ProgramData\{fc6828d5-36aa-9d16-fc68-828d536aa354} => Moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========


An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========


An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:c:4740:1c00::2f3d
   IPv6 Address. . . . . . . . . . . : 2601:c:4740:1c00:b0d7:4fb4:a349:3a25
   Temporary IPv6 Address. . . . . . : 2601:c:4740:1c00:353a:85f3:f201:878e
   Link-local IPv6 Address . . . . . : fe80::b0d7:4fb4:a349:3a25%11
   Default Gateway . . . . . . . . . : fe80::250:f1ff:fe80:0%11

Tunnel adapter isatap.{C69908FA-99E1-422D-9023-B4F19A790028}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{2C56D328-5C79-4303-B375-9978B65463BE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net
   IPv6 Address. . . . . . . . . . . : 2601:c:4740:1c00::2f3d
   IPv6 Address. . . . . . . . . . . : 2601:c:4740:1c00:b0d7:4fb4:a349:3a25
   Temporary IPv6 Address. . . . . . : 2601:c:4740:1c00:353a:85f3:f201:878e
   Link-local IPv6 Address . . . . . : fe80::b0d7:4fb4:a349:3a25%11
   IPv4 Address. . . . . . . . . . . : 10.1.10.104
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::250:f1ff:fe80:0%11
                                       10.1.10.1

Tunnel adapter isatap.{C69908FA-99E1-422D-9023-B4F19A790028}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{2C56D328-5C79-4303-B375-9978B65463BE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {5AC2221F-EFA6-4D03-B5CF-35CF2DC17609}.
Unable to cancel {4BA3632F-8E74-4391-B3A9-74EE8AE2B47E}.
Unable to cancel {245559E2-5917-4FCC-A9B7-2A2B7B0F378C}.
Unable to cancel {8BBC05E5-DD21-427E-881C-65A4325146DA}.
Unable to cancel {BE1C665B-D3D5-4486-A0D0-76D7ED23B0BC}.
Unable to cancel {F93B8D8B-AF7F-4D22-8465-DECD926AD013}.
{8586235C-ABF9-4C6E-8F26-F2DB62754BE1} canceled.
{16D0D7C8-B677-486D-906C-1B1EB151AD03} canceled.
{FED52BD3-00DB-4DAE-87DD-22A5FB42286D} canceled.
{BE8E9E8F-85D5-47CB-A2E0-23270713D193} canceled.
{FBFB8D8B-B35A-454C-BFA9-BF6363775CC7} canceled.
{1761E392-9BCF-4CAA-A03E-D8CCF4E36A7F} canceled.
{BBB7C48A-F019-4067-85DE-663F4104B479} canceled.
{F3CA2A76-B3D8-42C8-BA3A-EC565F067D8D} canceled.
{944528AF-7402-4452-8B45-AA17BDBF77BC} canceled.
{E64ADF8B-B4DA-4C45-9AD1-B307743FA510} canceled.
{2892B644-CF57-45E1-8BB8-2259C18F1EB8} canceled.
{7271EB6E-9589-401C-A384-310C44BBA8A2} canceled.
{FE015F2D-EEE0-407F-8255-C8A55AE9AFBC} canceled.
{439CE046-15C3-49F4-940A-E95401F8DB78} canceled.
{DEBF66F9-7826-4794-A344-F381B8896C47} canceled.
 

 

 

 

# AdwCleaner v4.202 - Logfile created 05/05/2015 at 12:19:30
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Vamsi - EXELUS-PC
# Running from : C:\Users\Vamsi\Downloads\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SearchModulePlus
Folder Deleted : C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default

\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Folder Deleted : C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default

\Extensions\gighmmpiobklfepjocnamgkkbiglidom
File Deleted : C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Local

Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
File Deleted : C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Local

Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
File Deleted : C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Local

Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\f3348755-7a83-3c8d-bfac-2e9f2a30af6c
Key Deleted : HKCU\Software\estdemin
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKLM\SOFTWARE\SearchModulePlus

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.90

[C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted

[Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted

[Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences]

- Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
[C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences]

- Deleted [Extension] : gighmmpiobklfepjocnamgkkbiglidom

*************************

AdwCleaner[R0].txt - [5677 bytes] - [23/02/2015 16:12:46]
AdwCleaner[R1].txt - [310 bytes] - [15/04/2015 16:24:59]
AdwCleaner[R2].txt - [1454 bytes] - [15/04/2015 16:47:20]
AdwCleaner[R3].txt - [2771 bytes] - [05/05/2015 10:50:36]
AdwCleaner[S0].txt - [6635 bytes] - [23/02/2015 16:16:07]
AdwCleaner[S1].txt - [2732 bytes] - [05/05/2015 12:19:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2791  bytes] ##########
 


Edited by provost, 05 May 2015 - 10:50 AM.

  • 0

#8
Essexboy
Posted 05 May 2015 - 12:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next task then once you have run a fresh FRST scan is to do a clean boot :)

Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

Cleanboot1.JPG

2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.

cleanboot2.JPG

4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

How is the computer this time ?
  • 0

#9
provost
Posted 07 May 2015 - 01:11 PM

provost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi

 

I had taken a day off from work yesterday. The new FRST scan which I started 2 days ago is still running. LOL. What should I do?


  • 0

#10
Essexboy
Posted 07 May 2015 - 01:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Stop it please and run a clean boot as described above, let me know if that has any affect once you have rebooted
  • 0

#11
provost
Posted 07 May 2015 - 03:03 PM

provost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hello,

 

The computer is definitely better. It is faster and less hang ups. I reduced the number of programs which start at the beginning by the msconfig tool you suggested.

 

I am still having issues whenever I load maps or videos or pics.

 

Here is the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by Vamsi (administrator) on EXELUS-PC on 05-05-2015 13:07:22
Running from C:\Users\Vamsi\Desktop
Loaded Profiles: Vamsi (Available profiles: Vamsi & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Aspen Technology, Inc.) C:\AspenTech\BPE\AfwSecCliSvc.exe
(Aspen Technology Inc) C:\AspenTech\Aspen PIMS\PIMS Case Runner Service\PIMSCaseRunnerCoreService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Aspen Technology Inc) C:\AspenTech\Aspen PIMS\PIMSRemoteServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Aspen Technology Inc) C:\AspenTech\Aspen PIMS\PIMS Case Runner Service\PIMSCaseRunnerWebService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Kensington Technology Group) C:\Windows\System32\kmw_run.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\AspenTechAdapterAgentService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(Aspen Technology) C:\AspenTech\aspenONE V8.4\ResourceAdaptor\ResourceAdapter.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Temp\2F36EA99-F5AE-461B-973B-9A54565B9F01\DismHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [kmw_run.exe] => C:\windows\system32\kmw_run.exe [106496 2006-08-03] (Kensington Technology Group)
HKLM\...\Run: [MSWheel] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-12-21] (RealNetworks, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [602624 2009-03-12] ()
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [Virtual PDF Printer] => C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [Google Update] => C:\Users\Vamsi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-18] (Google Inc.)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-21] (Google Inc.)
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2014-01-07]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2010-10-01]
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
Startup: C:\Users\Vamsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-12-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co...=TSNA&bmod=TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-21] (RealPlayer)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
BHO: IEHlprObjClass -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-1076756418-2801547457-1009607644-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{96dfc2a9-6e0f-4dd5-9962-6c72340a8c67}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Vamsi\AppData\Roaming\Mozilla\Firefox\Profiles\j6p4somf.default-1429717124771
FF Homepage: hxxp://www.google.com/
FF Plugin: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @hola.org/vlc,version=1.6.732 -> C:\Users\Vamsi\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Vamsi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @talk.google.com/O1DPlugin -> C:\Users\Vamsi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1076756418-2801547457-1009607644-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vamsi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-12-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npSfAppM.dll [2007-05-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-11-06] (NOS Microsystems Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\Vamsi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Vamsi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009-12-21]

Chrome:
=======
CHR Profile: C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-22]
CHR Extension: (YouTube) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-22]
CHR Extension: (Google Search) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (Google Sheets) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-22]
CHR Extension: (Gmail) - C:\Users\Vamsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Vamsi\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-10]
CHR HKU\S-1-5-21-1076756418-2801547457-1009607644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
 


  • 0

#12
Essexboy
Posted 07 May 2015 - 03:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You have less than 2Gb of RAM available which is really borderline for windows 7 especially if you are using graphic intensive elements like maps

Any chance of asking your IT department to lash out on another 2 Gb of RAM for you
  • 0

#13
provost
Posted 08 May 2015 - 01:43 PM

provost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I will def do that (upgrade my RAM). So if my comp is clean, I will take no more of your time. Thanks a lot for all your help!


  • 0

#14
Essexboy
Posted 08 May 2015 - 02:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#15
Essexboy
Posted 12 May 2015 - 08:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP