Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my computer is dead slow. I think it's infected. Pls. help

malware infection

  • Please log in to reply

#1
abhi6512

abhi6512

    Member

  • Member
  • PipPipPip
  • 143 posts

I have a Dell vostro laptop. It's very slow these days even the internet speed is reduced drastically though I am using a broadband connection. Same connection works decent on my mobile.

 

I think it's infected. Pls. help !!

 

Regards,

Abhi


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
A separate Reply for each scan is usually the easiest.
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • click on the Addition.txt box. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
     
    Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
     

    • 0

    #3
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    Hi Expert,

    Thanks for your response.

    PFB the ADware log, other logs to follow (as suggested seperate replies for each log):

     

    # AdwCleaner v4.112 - Logfile created 28/01/2016 at 10:39:31
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Local]
    # Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
    # Username : Abhishek - ABHISHEK-PC
    # Running from : C:\Users\Abhishek\Desktop\lappy servicing\pass 4\AdwCleaner.exe
    # Option : Cleaning
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Web browsers ] *****
     
    -\\ Internet Explorer v9.0.8112.16737
     
     
    -\\ Google Chrome v47.0.2526.111
     
     
    -\\ Comodo Dragon v
     
     
    -\\ Chrome Canary v
     
     
    *************************
     
    AdwCleaner[R2].txt - [1310 bytes] - [06/07/2015 08:01:53]
    AdwCleaner[R3].txt - [1073 bytes] - [27/01/2016 20:16:12]
    AdwCleaner[S1].txt - [1392 bytes] - [06/07/2015 09:31:16]
    AdwCleaner[S2].txt - [1004 bytes] - [28/01/2016 10:39:31]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1063  bytes] ##########
     
     
    -Abhi

    • 0

    #4
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    JRT LOG:

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows Vista ™ Home Basic x86 
    Ran by Abhishek (Administrator) on 28-01-2016 at 12:07:43.68
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 6 
     
    Successfully deleted: C:\Program Files\GUT80A5.tmp (File) 
    Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RM9L9I0 (Folder) 
    Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2V10XY6X (Folder) 
    Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\492CWGB6 (Folder) 
    Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0HO8MM (Folder) 
    Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEPQFI7P (Folder) 
     
     
     
    Registry: 1 
     
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 28-01-2016 at 12:10:26.96
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #5
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016

    Ran by Abhishek (administrator) on ABHISHEK-PC (03-02-2016 08:31:53)
    Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 4
    Loaded Profiles: Abhishek &  (Available Profiles: Abhishek)
    Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    () C:\Windows\System32\WLTRYSVC.EXE
    (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Dell Inc.) C:\Windows\System32\WLTRAY.EXE
    (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    (Google, Inc) C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
    (Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Update\Install\{6C740FC9-49AE-449E-A1F2-3D418C301722}\GoogleUpdateSetup.exe
    (Google Inc.) C:\Users\Abhishek\AppData\Local\Google\Update\Install\{451786C7-7855-41C1-8943-EF83DC400E07}\GoogleUpdateSetup.exe
    (Google Inc.) C:\Program Files\GUM9678.tmp\GoogleUpdate.exe
    (Google Inc.) C:\Users\Abhishek\AppData\Local\Temp\GUM9ADB.tmp\GoogleUpdate.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
    HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Google Photos Backup] => C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-26] (Ruiware)
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Photos Backup] => C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-26] (Ruiware)
    BootExecute: 
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{0A83287A-D71F-4237-AB40-4034D9B190F6}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7D4E8676-CA67-4363-B1F6-AF936D8E1A19}: [DhcpNameServer] 192.168.44.1
    Tcpip\..\Interfaces\{C1FE5EAB-C0E5-4346-A19F-D330AF073C78}: [DhcpNameServer] 125.99.61.254 116.72.253.254
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-09] (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation)
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
     
    FireFox:
    ========
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-14] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc;version=0.8.6f -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-26] [not signed]
    FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
    FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-05-01] [not signed]
    FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-04-01] [not signed]
    FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
    FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-05-01] [not signed]
     
    Chrome: 
    =======
    CHR DefaultSearchKeyword: Default -> erailir
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll => No File
    CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
    CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll => No File
    CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
    CHR Extension: (PNR Status Watchlist) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\almdggoleggeecgelbjekpmefpohdjck [2015-04-19]
    CHR Extension: (Google Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
    CHR Extension: (eRail.in) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2016-01-05]
    CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (MySmartPrice) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda [2016-01-11]
    CHR Extension: (Google Search) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
    CHR Extension: (Google Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
    CHR Extension: (Google Docs Offline) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
    CHR Extension: (PriceRaja - Online Shopping at Best Prices) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda [2016-02-03]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-03-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
    CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
    R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
    R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)
    S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
    R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
    R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-24] (Gteko Ltd.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-01] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
    R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-19] (SingleClick Systems)
    S3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-06] (Gteko Ltd.) [File not signed]
    R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
    R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-02-03 08:22 - 2016-02-03 08:22 - 06871040 _____ C:\Program Files\GUT97EF.tmp
    2016-02-03 08:22 - 2016-02-03 08:22 - 00000000 ____D C:\Program Files\GUM9678.tmp
    2016-01-28 12:10 - 2016-01-28 12:10 - 00001374 _____ C:\Users\Abhishek\Desktop\JRT.txt
    2016-01-27 19:04 - 2016-01-27 19:04 - 00091648 _____ C:\Users\Abhishek\Downloads\DISTRIBUTION SCHEDULE FEBRUARY 2016.xls
    2016-01-22 23:02 - 2016-01-22 23:02 - 00021843 _____ C:\Users\Abhishek\Downloads\Essential CheckList.pdf
    2016-01-13 22:24 - 2015-12-05 22:32 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-01-13 22:24 - 2015-12-05 22:32 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-01-13 22:24 - 2015-12-05 22:32 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-01-13 22:23 - 2015-12-05 22:33 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-01-13 22:23 - 2015-12-05 22:33 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2016-01-13 22:23 - 2015-12-05 22:33 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-01-13 22:23 - 2015-12-05 22:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-01-13 22:23 - 2015-12-05 22:33 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
    2016-01-13 22:23 - 2015-12-05 22:32 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-01-13 22:23 - 2015-12-05 22:32 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-01-13 22:23 - 2015-12-05 22:32 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-01-13 22:23 - 2015-12-05 22:32 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-01-13 22:23 - 2015-12-05 22:32 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-01-13 22:23 - 2015-12-05 22:32 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-01-13 22:23 - 2015-12-05 22:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-01-13 22:23 - 2015-12-05 22:14 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2016-01-13 20:34 - 2015-12-16 03:15 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-01-13 20:34 - 2015-12-16 03:14 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-01-13 20:34 - 2015-12-16 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-01-13 20:34 - 2015-12-16 03:14 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-01-13 20:34 - 2015-12-16 03:14 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-01-13 20:34 - 2015-12-16 03:14 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2016-01-13 20:34 - 2015-12-16 03:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-01-13 20:34 - 2015-12-16 03:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-01-13 20:34 - 2015-12-16 03:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-01-13 20:34 - 2015-12-16 03:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-01-13 20:34 - 2015-12-16 03:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2016-01-13 20:34 - 2015-12-16 03:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2016-01-13 20:34 - 2015-12-16 03:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2016-01-13 20:33 - 2015-12-16 03:20 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-01-13 20:33 - 2015-12-16 03:16 - 09753088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-01-13 20:33 - 2015-12-16 03:15 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-01-13 20:33 - 2015-12-16 03:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-01-13 20:32 - 2015-12-16 03:19 - 12388864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-01-13 20:32 - 2015-12-16 03:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-01-13 20:32 - 2015-12-16 03:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-01-13 20:32 - 2015-12-16 03:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-01-13 20:32 - 2015-12-16 03:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-01-13 16:08 - 2015-12-05 22:33 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-01-13 16:08 - 2015-12-05 22:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-01-13 16:08 - 2015-11-13 22:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
    2016-01-13 16:08 - 2015-11-13 22:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
    2016-01-13 16:08 - 2015-11-13 20:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
    2016-01-13 16:07 - 2015-12-08 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-01-13 16:07 - 2015-12-05 20:54 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-01-13 16:06 - 2015-12-05 22:32 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-01-13 16:05 - 2015-12-30 22:42 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2016-01-13 16:04 - 2015-12-30 22:42 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-02-03 08:31 - 2015-03-14 23:46 - 00000000 ____D C:\FRST
    2016-02-03 08:30 - 2015-06-01 01:07 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job
    2016-02-03 08:30 - 2014-05-09 11:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-03 08:26 - 2015-06-01 01:07 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job
    2016-02-03 08:23 - 2014-08-17 16:13 - 00000400 _____ C:\Windows\Tasks\WpsUpdateTask_Abhishek.job
    2016-02-03 08:10 - 2006-11-02 18:15 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2016-02-03 08:10 - 2006-11-02 18:15 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2016-02-03 08:09 - 2014-08-11 00:19 - 00000400 _____ C:\Windows\Tasks\WpsNotifyTask_Abhishek.job
    2016-02-01 11:38 - 2014-05-09 11:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-01 09:46 - 2015-07-21 23:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-29 13:00 - 2015-03-22 02:48 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-01-29 13:00 - 2015-03-22 02:48 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-01-29 12:06 - 2015-07-06 08:01 - 00000000 ____D C:\AdwCleaner
    2016-01-29 12:04 - 2012-04-23 23:12 - 00000000 ____D C:\Users\Abhishek\AppData\Roaming\vlc
    2016-01-29 11:41 - 2008-09-17 23:12 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2016-01-29 11:41 - 2006-11-02 18:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-01-28 12:35 - 2007-12-28 13:46 - 00000012 _____ C:\Windows\bthservsdp.dat
    2016-01-28 12:35 - 2006-11-02 18:28 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-01-27 20:13 - 2015-03-15 16:36 - 00000000 ____D C:\Users\Abhishek\Desktop\lappy servicing
    2016-01-25 17:08 - 2015-07-21 23:55 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-25 17:08 - 2015-07-21 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-25 17:08 - 2015-07-21 23:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-01-18 12:05 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\inf
    2016-01-18 12:05 - 2006-11-02 16:03 - 00744780 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-01-17 18:51 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\rescache
    2016-01-15 07:42 - 2011-01-30 19:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-01-13 22:48 - 2011-01-30 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-01-13 22:22 - 2013-07-22 22:24 - 00000000 ____D C:\Windows\system32\MRT
    2016-01-13 21:52 - 2006-11-02 15:54 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2016-01-13 19:30 - 2006-11-02 18:14 - 00352288 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-01-11 21:34 - 2008-01-04 09:26 - 00138240 _____ C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-01-10 13:00 - 2014-07-30 15:20 - 00000000 ____D C:\persabhi
     
    ==================== Files in the root of some directories =======
     
    2016-02-03 08:22 - 2016-02-03 08:22 - 6871040 _____ () C:\Program Files\GUT97EF.tmp
    2008-08-09 15:15 - 2012-08-13 00:44 - 0000568 _____ () C:\Users\Abhishek\AppData\Roaming\wklnhst.dat
    2008-04-09 10:45 - 2015-05-14 20:16 - 0006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat
    2008-01-04 09:26 - 2016-01-11 21:34 - 0138240 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-08-11 22:33 - 2008-08-11 22:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-01-29 11:53
     
    ==================== End of FRST.txt ============================

    • 0

    #6
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
    Ran by Abhishek (2016-02-03 08:38:27)
    Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 4
    Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) (2007-12-28 08:17:33)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Abhishek (S-1-5-21-4265441916-1708264049-1492465063-1000 - Administrator - Enabled) => C:\Users\Abhishek
    Administrator (S-1-5-21-4265441916-1708264049-1492465063-500 - Administrator - Disabled)
    Guest (S-1-5-21-4265441916-1708264049-1492465063-501 - Limited - Enabled)
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
    Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
    Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
    Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)
    Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
    Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
    Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
    Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
    Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
    FileZilla Client 3.1.1.1 (HKLM\...\FileZilla Client) (Version: 3.1.1.1 - )
    Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
    Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
    Google Photos Backup (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
    Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Laptop Integrated Webcam Driver (1.03.02.0719)   (HKLM\...\Creative OEM002) (Version:  - )
    Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
    MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
    MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
    Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden
    OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
    Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
    Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.06.13151 - Sony Corporation)
    Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
    User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
    Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.1 - Ruiware)
    WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
    WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
    Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
    Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version:  - )
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {001B59FC-7DCC-4D33-A2ED-15182A2F5686} - System32\Tasks\{2CD37C56-66DD-4BDE-B7B9-492866C3E6C4} => pcalua.exe -a C:\Users\Abhishek\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe -d "C:\Program Files\OpenOffice.org 3\program"
    Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsPlugin
    Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {1A71FFAB-753E-4EC7-B1A6-98857FAAB5CB} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {1AB3785F-41B9-45D2-9979-9BB9785E9602} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {239F1C0C-DBFE-4EA8-861A-B7E44453A2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
    Task: {23AD59E5-7B45-4DAE-97D1-96FDD0308AD7} - System32\Tasks\WpsUpdateTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
    Task: {2F787575-6B95-45F1-A686-EFF30B304331} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
    Task: {6E5EEEDF-8DC8-4BE0-A09F-409C3A05A8F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {7F1AEE47-DCA4-4917-AD9B-C28AC1A85C90} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads
    Task: {B5E80C9A-78B6-4B1D-B89E-B6B2B8EF0956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
    Task: {C22D95F8-BEAC-4087-93D5-B9137B7160C3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {E1575974-A5DD-496D-8DAC-F91AE17A5AF6} - System32\Tasks\WpsNotifyTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
    Task: {EF98DFEF-37BA-4345-B88B-AC78C08D03D4} - System32\Tasks\{70D6C1BD-CE5A-4232-85BB-A37964871491} => pcalua.exe -a "C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MVG1Q4W\RealPlayer11GOLD[2].exe" -d C:\Users\Abhishek
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\WpsNotifyTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
    Task: C:\Windows\Tasks\WpsUpdateTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ShortcutWithArgument: C:\Users\Abhishek\Desktop\validate bin\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=in&.redir=ymmapi9
    ShortcutWithArgument: C:\Users\Abhishek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=in&.redir=ymmapi10
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=in&.redir=ymmapi11
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2015-03-17 23:02 - 2009-01-20 15:36 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
    2015-03-17 23:02 - 2009-01-20 15:36 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
    2008-08-11 20:18 - 2008-08-11 20:18 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2007-12-28 21:40 - 2007-06-29 14:52 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
    2015-12-11 17:00 - 2015-12-11 17:00 - 03473408 _____ () C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
    2016-01-29 13:00 - 2016-01-27 23:09 - 16799048 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
     
     
    ==================== EXE Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
    IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
    IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
    IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
    IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
    IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
    IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
     
    There are 4731 more sites.
     
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\1-extreme.biz -> www.1-extreme.biz
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\1001-search.info -> www.1001-search.info
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\139mm.com -> www.139mm.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\2every.net -> www.2every.net
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\3abetterinternet.com -> www.3abetterinternet.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\3ebay.it -> www.3ebay.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\4repubblica.it -> www.4repubblica.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\4softget.com -> www.4softget.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5iscali.it -> www.5iscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5repubblica.it -> www.5repubblica.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5starvideos.com -> www.5starvideos.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5tiscali.it -> www.5tiscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\6iscali.it -> www.6iscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\6njaga.com -> www.6njaga.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\6tiscali.it -> www.6tiscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\7search.com -> www.7search.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\abyssmedia.com -> www.abyssmedia.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\agava.com -> agava.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\agava.ru -> agava.ru
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\casalemedia.com -> b.casalemedia.com
     
    There are 15 more sites.
     
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-extreme.biz -> www.1-extreme.biz
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001-search.info -> www.1001-search.info
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\139mm.com -> www.139mm.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2every.net -> www.2every.net
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\3abetterinternet.com -> www.3abetterinternet.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\3ebay.it -> www.3ebay.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4repubblica.it -> www.4repubblica.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4softget.com -> www.4softget.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5iscali.it -> www.5iscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5repubblica.it -> www.5repubblica.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5starvideos.com -> www.5starvideos.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5tiscali.it -> www.5tiscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\6iscali.it -> www.6iscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\6njaga.com -> www.6njaga.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\6tiscali.it -> www.6tiscali.it
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\7search.com -> www.7search.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\abyssmedia.com -> www.abyssmedia.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\agava.com -> agava.com
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\agava.ru -> agava.ru
    IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\casalemedia.com -> b.casalemedia.com
     
    There are 15 more sites.
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2006-11-02 15:53 - 2015-03-16 22:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
     
    127.0.0.1       localhost
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk => C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk => C:\Windows\pss\Dell Network Assistant.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zoozoo widget.lnk => C:\Windows\pss\Zoozoo widget.lnk.Startup
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{67E42A96-1CEC-47BC-B0CD-2D0FCED9F4FB}] => (Allow) C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    FirewallRules: [{A9816FE2-89DF-4281-BD52-40BEE818D830}] => (Allow) C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    FirewallRules: [{9AE4B7A1-048C-4445-B6F9-4C048FE54C6B}] => (Allow) LPort=10421
    FirewallRules: [{AE7B8817-CAB5-4FD3-B4EA-C9BA972795CC}] => (Allow) LPort=139
    FirewallRules: [{17C4C8F4-A5AC-4CFE-9119-32CE9A7F79AD}] => (Allow) LPort=10426
    FirewallRules: [{7C43A852-3520-4AF0-A80B-F259416F9C63}] => (Allow) LPort=445
    FirewallRules: [{AEDE79C1-11B2-4784-8846-2D922D0F54B5}] => (Allow) LPort=138
    FirewallRules: [{A915FF80-929E-425F-97D5-282F7F01258E}] => (Allow) LPort=137
    FirewallRules: [{0CD9C7F8-12C5-4FF2-AB04-7BBD43DB8184}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{20EFC583-C6CE-4C2F-AB56-C8B2C96E16E3}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{83A2C59C-B61C-4714-945C-83E04BDD6C54}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
    FirewallRules: [{5D5B44F3-6CED-492B-805E-6FFEEFB4D89F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
    FirewallRules: [{A954FFCB-1DCD-4165-AE31-8368E28E4BB5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{BFBF6E2D-D6E6-4820-B087-377AB4C5EA33}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    FirewallRules: [{F1C7A4D0-77BE-4968-81C4-0FBF0C92999D}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    FirewallRules: [{8761158F-39F7-4E63-8E9F-5A71FEF5F1B0}] => (Allow) LPort=80
    FirewallRules: [{C97BAB90-9EE8-4FA9-A31F-1828FF1649CB}] => (Allow) LPort=80
    FirewallRules: [{4E98899C-955A-4FD9-8473-98F9B8302F45}] => (Allow) LPort=80
    FirewallRules: [{FC3BCBA8-4CBC-4EA3-8D0E-7E6D8D4A9188}] => (Allow) C:\Users\Abhishek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{EFC58A2F-E239-4042-AB58-8768E39941C4}] => (Allow) C:\Users\Abhishek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{D07185C5-50EC-490B-BEA4-077301F81F16}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{AA6FFABE-204E-4A07-95BE-8C63F60E7891}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{520EFF40-6F30-46FE-8DCD-FB9B7EC9D93F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{C5A3AE7F-F90C-42A2-B2DB-DBD8718C1A1A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{0C782811-75FF-4D34-8035-87A589AA47FB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{FFA63F1F-FEFB-4801-A2CE-9049CFD47937}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    19-01-2016 08:09:32 Scheduled Checkpoint
    21-01-2016 13:48:59 Scheduled Checkpoint
    21-01-2016 15:54:17 Windows Update
    22-01-2016 09:20:32 Scheduled Checkpoint
    23-01-2016 00:17:16 Scheduled Checkpoint
    24-01-2016 00:00:07 Scheduled Checkpoint
    25-01-2016 12:32:40 Windows Update
    26-01-2016 20:32:34 Scheduled Checkpoint
    27-01-2016 18:55:09 Scheduled Checkpoint
    28-01-2016 12:07:43 JRT Pre-Junkware Removal
    29-01-2016 12:27:27 Windows Update
     
    ==================== Faulty Device Manager Devices =============
     
    Name: 
    Description: 
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/26/2016 07:47:43 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
     
    Error: (01/26/2016 07:47:36 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
     
    Error: (01/24/2016 01:30:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: bac
    Start Time: 01d1567c150f1b3e
    Termination Time: 0
     
    Error: (01/24/2016 01:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: e5c
    Start Time: 01d1567b90227b1e
    Termination Time: 0
     
    Error: (01/24/2016 01:20:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 129c
    Start Time: 01d1567ba52645ae
    Termination Time: 5170
     
    Error: (01/24/2016 01:14:05 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
     
    Error: (01/13/2016 10:28:06 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
    Description: Product: Compatibility Pack for the 2007 Office system -- Error 1704. An installation for Microsoft .NET Framework 4.5.2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
     
    Error: (01/13/2016 10:21:49 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
     
    Error: (01/13/2016 10:21:48 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
     
    Error: (01/13/2016 10:48:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16723 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 6b8
    Start Time: 01d14dc1b6234955
    Termination Time: 78
     
     
    System errors:
    =============
    Error: (02/01/2016 08:46:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman
     
    Error: (01/29/2016 11:43:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000WerSvc
     
    Error: (01/29/2016 11:43:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000MBAMService
     
    Error: (01/26/2016 07:46:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Microsoft Antimalware Service11003Run the configured recovery program
     
    Error: (01/26/2016 07:46:14 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
    Description: %%860 engine has been terminated due to an unexpected error.
     
    Failure Type: %%831
     
    Exception code: 
     
    Resource: file:C:\Users\Abhishek\Desktop\validate bin\VeohWebPlayerSetup_eng.exe
     
    Error: (01/22/2016 09:19:50 AM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.0.101 for the Network Card with network address 001E8C4FED57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
     
    Error: (01/21/2016 12:51:47 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.0.100 for the Network Card with network address 001E8C4FED57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
     
    Error: (01/20/2016 06:03:35 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 18:01:42 on 20-01-2016 was unexpected.
     
    Error: (01/20/2016 03:45:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
     
    New Signature Version: 
     
    Previous Signature Version: 115.28.0.0
     
    Update Source: %NT AUTHORITY51
     
    Update Stage: 4.8.0204.00
     
    Source Path: 4.8.0204.01
     
    Signature Type: %NT AUTHORITY602
     
    Update Type: %NT AUTHORITY604
     
    User: NT AUTHORITY\NETWORK SERVICE
     
    Current Engine Version: %NT AUTHORITY605
     
    Previous Engine Version: %NT AUTHORITY606
     
    Error code: %NT AUTHORITY607
     
    Error description: %NT AUTHORITY608
     
    Error: (01/20/2016 03:10:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Google Update Service (gupdate)%%1053
     
     
    CodeIntegrity:
    ===================================
      Date: 2016-02-03 08:34:01.129
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:33:59.974
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:33:58.780
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:33:57.594
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:29:12.561
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:29:11.406
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:29:10.015
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:29:08.799
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:29:07.331
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-02-03 08:29:06.161
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
    Percentage of memory in use: 87%
    Total physical RAM: 2037.45 MB
    Available physical RAM: 261 MB
    Total Virtual: 4314.17 MB
    Available Virtual: 1498.55 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:26.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.68 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)
    Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================

    • 0

    #7
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    Procexp.txt

    ********************************************************************************************************************************************************************************

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 84.07 0 K 24 K 0
    procexp.exe 3.79 21,312 K 31,112 K 5388 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    mbamservice.exe 3.79 3,32,992 K 53,360 K 836 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
    Interrupts 3.79 0 K 0 K n/a Hardware Interrupts and DPCs
    dwm.exe 2.28 38,656 K 40,712 K 2976 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.76 9,46,128 K 8,50,696 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    GoogleUpdate.exe 0.76 5,352 K 2,688 K 1104
    chrome.exe 0.76 77,704 K 67,824 K 6040 Google Chrome Google Inc. (Verified) Google Inc
    mbam.exe < 0.01 2,24,064 K 97,096 K 2960
    explorer.exe < 0.01 61,840 K 31,420 K 3000 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    Google Photos Backup.exe < 0.01 6,784 K 1,280 K 800 Google Photos Backup Google, Inc (Verified) Google Inc
    chrome.exe < 0.01 64,476 K 61,364 K 4664 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe < 0.01 1,25,492 K 1,11,676 K 5508 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe < 0.01 16,756 K 3,752 K 4636 Google Chrome Google Inc. (Verified) Google Inc
    WLTRAY.EXE < 0.01 24,408 K 6,396 K 3972 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc. (No signature was present in the subject) Dell Inc.
    unsecapp.exe < 0.01 2,368 K 1,136 K 2468 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe < 0.01 10,256 K 3,312 K 3696 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    WinPatrol.exe < 0.01 11,636 K 12,368 K 3532 WinPatrol Monitor Ruiware (Verified) Ruiware
    XAudio.exe 764 K 124 K 2376 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    wmpnscfg.exe 1,788 K 724 K 2108 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
    wmpnetwk.exe 5,444 K 500 K 3952 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 3,540 K 3,000 K 3492
    WLTRYSVC.EXE 692 K 80 K 1652 (No signature was present in the subject)
    wlanext.exe 1,904 K 836 K 1692
    winlogon.exe 2,168 K 276 K 736
    wininit.exe 1,240 K 132 K 588
    taskeng.exe 2,304 K 1,740 K 2696
    System 0 K 1,200 K 4
    svchost.exe 86,892 K 71,656 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 3,876 K 2,908 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 14,180 K 3,392 K 1828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 3,784 K 2,384 K 904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 16,472 K 4,332 K 1128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,156 K 1,004 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 8,272 K 3,492 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 23,240 K 5,944 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,160 K 232 K 364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,100 K 184 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4,660 K 220 K 2248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 588 K 272 K 2280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,592 K 152 K 3736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 3,680 K 252 K 3884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    sttray.exe 4,424 K 728 K 4080 Sigmatel Audio system tray application SigmaTel, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    stacsv.exe 8,260 K 1,136 K 2148 STacSV Module SigmaTel, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    spoolsv.exe 6,052 K 1,200 K 1804 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    smss.exe 288 K 84 K 484
    SLsvc.exe 5,672 K 164 K 1304 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
    services.exe 2,500 K 2,876 K 632
    SearchProtocolHost.exe 3,708 K 6,560 K 5512
    SearchIndexer.exe 42,416 K 7,156 K 2328 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    SearchFilterHost.exe 3,520 K 5,864 K 4460
    msseces.exe 6,028 K 760 K 4056 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
    MsMpEng.exe 98,204 K 2,292 K 956 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
    MpCmdRun.exe 2,720 K 148 K 4628
    MpCmdRun.exe 3,156 K 248 K 4792
    mbamscheduler.exe 5,540 K 3,376 K 1460 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
    lsm.exe 1,900 K 1,028 K 652
    lsass.exe 3,148 K 1,468 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    hnm_svc.exe 6,592 K 240 K 504 Advanced Networking Service Application SingleClick Systems (Verified) SingleClick Systems
    GoogleUpdateSetup.exe 1,264 K 144 K 3200
    GoogleUpdateSetup.exe 1,280 K 420 K 3560 Google Update Setup Google Inc. (Verified) Google Inc
    GoogleUpdate.exe 5,424 K 3,488 K 4500 Google Installer Google Inc. (Verified) Google Inc
    csrss.exe 2,468 K 3,424 K 600
    csrss.exe 2,004 K 1,108 K 536
    chrome.exe 33,752 K 10,304 K 2664 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 25,212 K 7,276 K 3992 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 24,792 K 1,900 K 5568 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 26,596 K 3,212 K 1724 Google Chrome Google Inc. (Verified) Google Inc
    BCMWLTRY.EXE 27,012 K 6,444 K 1664
    audiodg.exe 14,140 K 8,800 K 1260
    armsvc.exe 2,100 K 96 K 304 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
     

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
     
     
     
    Download the attached fixlist.txt to the same location as FRST
     
     
    Run FRST and press Fix.  PC will reboot.
     
    A fix log will be generated please post that.  
     
     
     
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
     
    In either case continue:
     
    Run the Windows Readiness tool at:
     
     
    You want the: x86-based (32-bit) versions of Windows Vista SP2 and Windows Vista SP1 
    Download and save it then run it.
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
     
    Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
     
     
    Please create a new processor explorer log as before.  Note the value of the Interrupts line.  Currently it is 3.79.  If it is still about the same (good would be if it dropped to less than 1.5)  then go to Dell's support website  http://www.dell.com/...ts/?app=drivers
    and see if they have any drivers for you.  Start with the chipset driver then the video then audio, networking and any others they may have.  (You may already have the latest in which case it will tell you when you try to install them).  Once done reboot and run a new processor explorer log and see if Interrupts has improved.
     
     
     
     

    • 0

    #9
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    speccy log attached.

     

    I will work on your reply and revert back ASAP

     

    Thanks once again for all your help on this.

     

    -Abhi

    Attached Files


    • 0

    #10
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    Hi Kinner,

     

    Hope I'm calling your name right.

    Sorry for the delay from my end. I will be working on your instructions and responding soonest, probably today itself.

     

    Wishes,

    Abhi


    • 0

    Advertisements


    #11
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    Hi Kinner,

    PFB the fix log. Also to share with you after running this fix machine speed seems to be improved.

    Just curious what was the issue and how did we resolved it. I will be watchful about these events in future to avoid recurrence of machine slowness.

    Thanks for all your help once again.

     

    Fix Log:

     

    Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
    Ran by Abhishek (2016-02-13 19:08:57) Run:4
    Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 4
    Loaded Profiles: Abhishek (Available Profiles: Abhishek)
    Boot Mode: Normal
     
    ==============================================
     
    fixlist content:
    *****************
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll => No File
    CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
    CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll => No File
    CHR Extension: (MySmartPrice) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda [2016-01-11]
    CHR Extension: (PriceRaja - Online Shopping at Best Prices) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda [2016-02-03]
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
    Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsPlugin
    Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
    Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads
    EmptyTemp:
     
    *****************
     
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
    C:\Program Files\Google\Chrome\Application\48.0.2564.97\pdf.dll => not found.
    C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
    C:\Windows\system32\npdeployJava1.dll => not found.
    c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
    c:\program files\real\realplayer\Netscape6\nppl3260.dll => not found.
    c:\program files\real\realplayer\Netscape6\nprjplug.dll => not found.
    c:\program files\real\realplayer\Netscape6\nprpplugin.dll => not found.
    C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda => moved successfully
    C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda => moved successfully
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found. 
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found. 
    HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found. 
    "HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
    "HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
    "HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{108190D0-BA67-42D3-B0F8-744A7BF2568F}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{108190D0-BA67-42D3-B0F8-744A7BF2568F}" => key removed successfully.
    C:\Windows\System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2E43836E-2378-4CC7-917D-D5F50B56556D}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE}" => key removed successfully.
    C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\TMM => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4311A11B-A6F3-4CCD-97F6-38BA7FD87885}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4311A11B-A6F3-4CCD-97F6-38BA7FD87885}" => key removed successfully.
    C:\Windows\System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB5D0A06-E067-4000-A5BE-B4416BAED45F}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{959C5621-FAB9-4A3A-9C23-922E309F6213}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{959C5621-FAB9-4A3A-9C23-922E309F6213}" => key removed successfully.
    C:\Windows\System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED}" => key removed successfully.
    EmptyTemp: => 314.5 MB temporary data Removed.
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 19:10:34 ====

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    The fix mostly cleaned out deadwood and removed temp files.  Not sure why it should have improved the speed.  Would be best to continue with the instructions.


    • 0

    #13
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    Hi Kinner,

    sfc scan says - no inteegrity violations found. I'm still attaching the log.

     

    -Abhi

    Attached Files

    • Attached File  junk.txt   89.7KB   75 downloads

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    OK.  Let's see VEW logs now.


    • 0

    #15
    abhi6512

    abhi6512

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 143 posts

    Hi Kinner,

    PFA the speecy log.

     

    Thanks for being with me.

     

    -Abhi

    Attached Files


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: malware infection

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP