I have a Dell vostro laptop. It's very slow these days even the internet speed is reduced drastically though I am using a broadband connection. Same connection works decent on my mobile.
I think it's infected. Pls. help !!
Regards,
Abhi
my computer is dead slow. I think it's infected. Pls. help
Started by
abhi6512
, Jan 26 2016 04:12 AM
malware infection
#2
Posted 26 January 2016 - 10:06 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
A separate Reply for each scan is usually the easiest.
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
The report will be saved in the C:\AdwCleaner folder.
Junkware-Removal-Tool
Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
- Pause your anti-virus. Close all browsers.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Get Process Explorer
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a full minute then:
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it.
Close all browsers and open progrms before running Speccy. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Save the file and close notepad Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
#3
Posted 27 January 2016 - 11:33 PM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
Hi Expert,
Thanks for your response.
PFB the ADware log, other logs to follow (as suggested seperate replies for each log):
# AdwCleaner v4.112 - Logfile created 28/01/2016 at 10:39:31
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : Abhishek - ABHISHEK-PC
# Running from : C:\Users\Abhishek\Desktop\lappy servicing\pass 4\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16737
-\\ Google Chrome v47.0.2526.111
-\\ Comodo Dragon v
-\\ Chrome Canary v
*************************
AdwCleaner[R2].txt - [1310 bytes] - [06/07/2015 08:01:53]
AdwCleaner[R3].txt - [1073 bytes] - [27/01/2016 20:16:12]
AdwCleaner[S1].txt - [1392 bytes] - [06/07/2015 09:31:16]
AdwCleaner[S2].txt - [1004 bytes] - [28/01/2016 10:39:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1063 bytes] ##########
-Abhi
#4
Posted 28 January 2016 - 12:53 AM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
JRT LOG:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows Vista ™ Home Basic x86
Ran by Abhishek (Administrator) on 28-01-2016 at 12:07:43.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 6
Successfully deleted: C:\Program Files\GUT80A5.tmp (File)
Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RM9L9I0 (Folder)
Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2V10XY6X (Folder)
Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\492CWGB6 (Folder)
Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG0HO8MM (Folder)
Successfully deleted: C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEPQFI7P (Folder)
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28-01-2016 at 12:10:26.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#5
Posted 02 February 2016 - 09:24 PM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by Abhishek (administrator) on ABHISHEK-PC (03-02-2016 08:31:53)
Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 4
Loaded Profiles: Abhishek & (Available Profiles: Abhishek)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Google, Inc) C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Update\Install\{6C740FC9-49AE-449E-A1F2-3D418C301722}\GoogleUpdateSetup.exe
(Google Inc.) C:\Users\Abhishek\AppData\Local\Google\Update\Install\{451786C7-7855-41C1-8943-EF83DC400E07}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files\GUM9678.tmp\GoogleUpdate.exe
(Google Inc.) C:\Users\Abhishek\AppData\Local\Temp\GUM9ADB.tmp\GoogleUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Google Photos Backup] => C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-26] (Ruiware)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Photos Backup] => C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-26] (Ruiware)
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A83287A-D71F-4237-AB40-4034D9B190F6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7D4E8676-CA67-4363-B1F6-AF936D8E1A19}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{C1FE5EAB-C0E5-4346-A19F-D330AF073C78}: [DhcpNameServer] 125.99.61.254 116.72.253.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-09] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc;version=0.8.6f -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-05-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-04-01] [not signed]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-05-01] [not signed]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> erailir
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll => No File
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (PNR Status Watchlist) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\almdggoleggeecgelbjekpmefpohdjck [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (eRail.in) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2016-01-05]
CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (MySmartPrice) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda [2016-01-11]
CHR Extension: (Google Search) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (PriceRaja - Online Shopping at Best Prices) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda [2016-02-03]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-24] (Gteko Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-19] (SingleClick Systems)
S3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-06] (Gteko Ltd.) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-03 08:22 - 2016-02-03 08:22 - 06871040 _____ C:\Program Files\GUT97EF.tmp
2016-02-03 08:22 - 2016-02-03 08:22 - 00000000 ____D C:\Program Files\GUM9678.tmp
2016-01-28 12:10 - 2016-01-28 12:10 - 00001374 _____ C:\Users\Abhishek\Desktop\JRT.txt
2016-01-27 19:04 - 2016-01-27 19:04 - 00091648 _____ C:\Users\Abhishek\Downloads\DISTRIBUTION SCHEDULE FEBRUARY 2016.xls
2016-01-22 23:02 - 2016-01-22 23:02 - 00021843 _____ C:\Users\Abhishek\Downloads\Essential CheckList.pdf
2016-01-13 22:24 - 2015-12-05 22:32 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 22:24 - 2015-12-05 22:32 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 22:24 - 2015-12-05 22:32 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 22:23 - 2015-12-05 22:33 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 22:23 - 2015-12-05 22:33 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 22:23 - 2015-12-05 22:33 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 22:23 - 2015-12-05 22:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 22:23 - 2015-12-05 22:33 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 22:23 - 2015-12-05 22:32 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 22:23 - 2015-12-05 22:32 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 22:23 - 2015-12-05 22:32 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 22:23 - 2015-12-05 22:32 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 22:23 - 2015-12-05 22:32 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 22:23 - 2015-12-05 22:32 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 22:23 - 2015-12-05 22:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 22:23 - 2015-12-05 22:14 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 20:34 - 2015-12-16 03:15 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 20:34 - 2015-12-16 03:14 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 20:34 - 2015-12-16 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 20:34 - 2015-12-16 03:14 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 20:34 - 2015-12-16 03:14 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 20:34 - 2015-12-16 03:14 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-13 20:34 - 2015-12-16 03:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 20:34 - 2015-12-16 03:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 20:34 - 2015-12-16 03:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 20:34 - 2015-12-16 03:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 20:34 - 2015-12-16 03:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-13 20:34 - 2015-12-16 03:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-13 20:34 - 2015-12-16 03:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-13 20:33 - 2015-12-16 03:20 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 20:33 - 2015-12-16 03:16 - 09753088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 20:33 - 2015-12-16 03:15 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 20:33 - 2015-12-16 03:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 20:32 - 2015-12-16 03:19 - 12388864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 20:32 - 2015-12-16 03:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 20:32 - 2015-12-16 03:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 20:32 - 2015-12-16 03:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 20:32 - 2015-12-16 03:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 16:08 - 2015-12-05 22:33 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 16:08 - 2015-12-05 22:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 16:08 - 2015-11-13 22:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 16:08 - 2015-11-13 22:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 16:08 - 2015-11-13 20:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 16:07 - 2015-12-08 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 16:07 - 2015-12-05 20:54 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 16:06 - 2015-12-05 22:32 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 16:05 - 2015-12-30 22:42 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 16:04 - 2015-12-30 22:42 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-03 08:31 - 2015-03-14 23:46 - 00000000 ____D C:\FRST
2016-02-03 08:30 - 2015-06-01 01:07 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job
2016-02-03 08:30 - 2014-05-09 11:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-03 08:26 - 2015-06-01 01:07 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job
2016-02-03 08:23 - 2014-08-17 16:13 - 00000400 _____ C:\Windows\Tasks\WpsUpdateTask_Abhishek.job
2016-02-03 08:10 - 2006-11-02 18:15 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-03 08:10 - 2006-11-02 18:15 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-03 08:09 - 2014-08-11 00:19 - 00000400 _____ C:\Windows\Tasks\WpsNotifyTask_Abhishek.job
2016-02-01 11:38 - 2014-05-09 11:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 09:46 - 2015-07-21 23:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-29 13:00 - 2015-03-22 02:48 - 00001945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 13:00 - 2015-03-22 02:48 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-29 12:06 - 2015-07-06 08:01 - 00000000 ____D C:\AdwCleaner
2016-01-29 12:04 - 2012-04-23 23:12 - 00000000 ____D C:\Users\Abhishek\AppData\Roaming\vlc
2016-01-29 11:41 - 2008-09-17 23:12 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-01-29 11:41 - 2006-11-02 18:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-28 12:35 - 2007-12-28 13:46 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-01-28 12:35 - 2006-11-02 18:28 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-27 20:13 - 2015-03-15 16:36 - 00000000 ____D C:\Users\Abhishek\Desktop\lappy servicing
2016-01-25 17:08 - 2015-07-21 23:55 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-25 17:08 - 2015-07-21 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-25 17:08 - 2015-07-21 23:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-18 12:05 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\inf
2016-01-18 12:05 - 2006-11-02 16:03 - 00744780 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-17 18:51 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\rescache
2016-01-15 07:42 - 2011-01-30 19:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 22:48 - 2011-01-30 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 22:22 - 2013-07-22 22:24 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 21:52 - 2006-11-02 15:54 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-01-13 19:30 - 2006-11-02 18:14 - 00352288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-11 21:34 - 2008-01-04 09:26 - 00138240 _____ C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-10 13:00 - 2014-07-30 15:20 - 00000000 ____D C:\persabhi
==================== Files in the root of some directories =======
2016-02-03 08:22 - 2016-02-03 08:22 - 6871040 _____ () C:\Program Files\GUT97EF.tmp
2008-08-09 15:15 - 2012-08-13 00:44 - 0000568 _____ () C:\Users\Abhishek\AppData\Roaming\wklnhst.dat
2008-04-09 10:45 - 2015-05-14 20:16 - 0006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat
2008-01-04 09:26 - 2016-01-11 21:34 - 0138240 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-11 22:33 - 2008-08-11 22:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-29 11:53
==================== End of FRST.txt ============================
#6
Posted 02 February 2016 - 09:25 PM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Abhishek (2016-02-03 08:38:27)
Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 4
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2007-12-28 08:17:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Abhishek (S-1-5-21-4265441916-1708264049-1492465063-1000 - Administrator - Enabled) => C:\Users\Abhishek
Administrator (S-1-5-21-4265441916-1708264049-1492465063-500 - Administrator - Disabled)
Guest (S-1-5-21-4265441916-1708264049-1492465063-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FileZilla Client 3.1.1.1 (HKLM\...\FileZilla Client) (Version: 3.1.1.1 - )
Free Download Manager 2.5 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Laptop Integrated Webcam Driver (1.03.02.0719) (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.13 - Dell Inc.)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.06.13151 - Sony Corporation)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.1 - Ruiware)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Internet Mail) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {001B59FC-7DCC-4D33-A2ED-15182A2F5686} - System32\Tasks\{2CD37C56-66DD-4BDE-B7B9-492866C3E6C4} => pcalua.exe -a C:\Users\Abhishek\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe -d "C:\Program Files\OpenOffice.org 3\program"
Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsPlugin
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1A71FFAB-753E-4EC7-B1A6-98857FAAB5CB} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1AB3785F-41B9-45D2-9979-9BB9785E9602} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {239F1C0C-DBFE-4EA8-861A-B7E44453A2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {23AD59E5-7B45-4DAE-97D1-96FDD0308AD7} - System32\Tasks\WpsUpdateTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
Task: {2F787575-6B95-45F1-A686-EFF30B304331} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {6E5EEEDF-8DC8-4BE0-A09F-409C3A05A8F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7F1AEE47-DCA4-4917-AD9B-C28AC1A85C90} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads
Task: {B5E80C9A-78B6-4B1D-B89E-B6B2B8EF0956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {C22D95F8-BEAC-4087-93D5-B9137B7160C3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4265441916-1708264049-1492465063-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E1575974-A5DD-496D-8DAC-F91AE17A5AF6} - System32\Tasks\WpsNotifyTask_Abhishek => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: {EF98DFEF-37BA-4345-B88B-AC78C08D03D4} - System32\Tasks\{70D6C1BD-CE5A-4232-85BB-A37964871491} => pcalua.exe -a "C:\Users\Abhishek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MVG1Q4W\RealPlayer11GOLD[2].exe" -d C:\Users\Abhishek
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsNotifyTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Abhishek.job => C:\Users\Abhishek\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Abhishek\Desktop\validate bin\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=in&.redir=ymmapi9
ShortcutWithArgument: C:\Users\Abhishek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=in&.redir=ymmapi10
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.intl=in&.redir=ymmapi11
==================== Loaded Modules (Whitelisted) ==============
2015-03-17 23:02 - 2009-01-20 15:36 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-03-17 23:02 - 2009-01-20 15:36 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2008-08-11 20:18 - 2008-08-11 20:18 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-12-28 21:40 - 2007-06-29 14:52 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2015-12-11 17:00 - 2015-12-11 17:00 - 03473408 _____ () C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2016-01-29 13:00 - 2016-01-27 23:09 - 16799048 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
There are 4731 more sites.
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\2every.net -> www.2every.net
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\3abetterinternet.com -> www.3abetterinternet.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\3ebay.it -> www.3ebay.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\4repubblica.it -> www.4repubblica.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\4softget.com -> www.4softget.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5iscali.it -> www.5iscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5repubblica.it -> www.5repubblica.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5starvideos.com -> www.5starvideos.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\5tiscali.it -> www.5tiscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\6iscali.it -> www.6iscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\6njaga.com -> www.6njaga.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\6tiscali.it -> www.6tiscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\7search.com -> www.7search.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\abyssmedia.com -> www.abyssmedia.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\agava.com -> agava.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\agava.ru -> agava.ru
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\casalemedia.com -> b.casalemedia.com
There are 15 more sites.
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2every.net -> www.2every.net
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\3abetterinternet.com -> www.3abetterinternet.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\3ebay.it -> www.3ebay.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4repubblica.it -> www.4repubblica.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4softget.com -> www.4softget.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5iscali.it -> www.5iscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5repubblica.it -> www.5repubblica.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5starvideos.com -> www.5starvideos.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5tiscali.it -> www.5tiscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\6iscali.it -> www.6iscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\6njaga.com -> www.6njaga.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\6tiscali.it -> www.6tiscali.it
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\7search.com -> www.7search.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\abyssmedia.com -> www.abyssmedia.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\agava.com -> agava.com
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\agava.ru -> agava.ru
IE restricted site: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\casalemedia.com -> b.casalemedia.com
There are 15 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 15:53 - 2015-03-16 22:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Vostro_NB_1280x864_02.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk => C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk => C:\Windows\pss\Dell Network Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk => C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zoozoo widget.lnk => C:\Windows\pss\Zoozoo widget.lnk.Startup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{67E42A96-1CEC-47BC-B0CD-2D0FCED9F4FB}] => (Allow) C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
FirewallRules: [{A9816FE2-89DF-4281-BD52-40BEE818D830}] => (Allow) C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
FirewallRules: [{9AE4B7A1-048C-4445-B6F9-4C048FE54C6B}] => (Allow) LPort=10421
FirewallRules: [{AE7B8817-CAB5-4FD3-B4EA-C9BA972795CC}] => (Allow) LPort=139
FirewallRules: [{17C4C8F4-A5AC-4CFE-9119-32CE9A7F79AD}] => (Allow) LPort=10426
FirewallRules: [{7C43A852-3520-4AF0-A80B-F259416F9C63}] => (Allow) LPort=445
FirewallRules: [{AEDE79C1-11B2-4784-8846-2D922D0F54B5}] => (Allow) LPort=138
FirewallRules: [{A915FF80-929E-425F-97D5-282F7F01258E}] => (Allow) LPort=137
FirewallRules: [{0CD9C7F8-12C5-4FF2-AB04-7BBD43DB8184}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{20EFC583-C6CE-4C2F-AB56-C8B2C96E16E3}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{83A2C59C-B61C-4714-945C-83E04BDD6C54}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{5D5B44F3-6CED-492B-805E-6FFEEFB4D89F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{A954FFCB-1DCD-4165-AE31-8368E28E4BB5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BFBF6E2D-D6E6-4820-B087-377AB4C5EA33}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{F1C7A4D0-77BE-4968-81C4-0FBF0C92999D}] => (Allow) C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{8761158F-39F7-4E63-8E9F-5A71FEF5F1B0}] => (Allow) LPort=80
FirewallRules: [{C97BAB90-9EE8-4FA9-A31F-1828FF1649CB}] => (Allow) LPort=80
FirewallRules: [{4E98899C-955A-4FD9-8473-98F9B8302F45}] => (Allow) LPort=80
FirewallRules: [{FC3BCBA8-4CBC-4EA3-8D0E-7E6D8D4A9188}] => (Allow) C:\Users\Abhishek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{EFC58A2F-E239-4042-AB58-8768E39941C4}] => (Allow) C:\Users\Abhishek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{D07185C5-50EC-490B-BEA4-077301F81F16}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AA6FFABE-204E-4A07-95BE-8C63F60E7891}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{520EFF40-6F30-46FE-8DCD-FB9B7EC9D93F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{C5A3AE7F-F90C-42A2-B2DB-DBD8718C1A1A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0C782811-75FF-4D34-8035-87A589AA47FB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FFA63F1F-FEFB-4801-A2CE-9049CFD47937}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
19-01-2016 08:09:32 Scheduled Checkpoint
21-01-2016 13:48:59 Scheduled Checkpoint
21-01-2016 15:54:17 Windows Update
22-01-2016 09:20:32 Scheduled Checkpoint
23-01-2016 00:17:16 Scheduled Checkpoint
24-01-2016 00:00:07 Scheduled Checkpoint
25-01-2016 12:32:40 Windows Update
26-01-2016 20:32:34 Scheduled Checkpoint
27-01-2016 18:55:09 Scheduled Checkpoint
28-01-2016 12:07:43 JRT Pre-Junkware Removal
29-01-2016 12:27:27 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2016 07:47:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (01/26/2016 07:47:36 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (01/24/2016 01:30:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: bac
Start Time: 01d1567c150f1b3e
Termination Time: 0
Error: (01/24/2016 01:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e5c
Start Time: 01d1567b90227b1e
Termination Time: 0
Error: (01/24/2016 01:20:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 129c
Start Time: 01d1567ba52645ae
Termination Time: 5170
Error: (01/24/2016 01:14:05 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (01/13/2016 10:28:06 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Compatibility Pack for the 2007 Office system -- Error 1704. An installation for Microsoft .NET Framework 4.5.2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (01/13/2016 10:21:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (01/13/2016 10:21:48 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (01/13/2016 10:48:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16723 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 6b8
Start Time: 01d14dc1b6234955
Termination Time: 78
System errors:
=============
Error: (02/01/2016 08:46:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
Error: (01/29/2016 11:43:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000WerSvc
Error: (01/29/2016 11:43:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService
Error: (01/26/2016 07:46:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Microsoft Antimalware Service11003Run the configured recovery program
Error: (01/26/2016 07:46:14 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: %%860 engine has been terminated due to an unexpected error.
Failure Type: %%831
Exception code:
Resource: file:C:\Users\Abhishek\Desktop\validate bin\VeohWebPlayerSetup_eng.exe
Error: (01/22/2016 09:19:50 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.101 for the Network Card with network address 001E8C4FED57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (01/21/2016 12:51:47 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.100 for the Network Card with network address 001E8C4FED57 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (01/20/2016 06:03:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:01:42 on 20-01-2016 was unexpected.
Error: (01/20/2016 03:45:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.28.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (01/20/2016 03:10:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%1053
CodeIntegrity:
===================================
Date: 2016-02-03 08:34:01.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:33:59.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:33:58.780
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:33:57.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:29:12.561
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:29:11.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:29:10.015
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:29:08.799
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:29:07.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-03 08:29:06.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 87%
Total physical RAM: 2037.45 MB
Available physical RAM: 261 MB
Total Virtual: 4314.17 MB
Available Virtual: 1498.55 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:26.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#7
Posted 02 February 2016 - 09:37 PM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
Procexp.txt
********************************************************************************************************************************************************************************
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 84.07 0 K 24 K 0
procexp.exe 3.79 21,312 K 31,112 K 5388 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
mbamservice.exe 3.79 3,32,992 K 53,360 K 836 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
Interrupts 3.79 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 2.28 38,656 K 40,712 K 2976 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.76 9,46,128 K 8,50,696 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 0.76 5,352 K 2,688 K 1104
chrome.exe 0.76 77,704 K 67,824 K 6040 Google Chrome Google Inc. (Verified) Google Inc
mbam.exe < 0.01 2,24,064 K 97,096 K 2960
explorer.exe < 0.01 61,840 K 31,420 K 3000 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Google Photos Backup.exe < 0.01 6,784 K 1,280 K 800 Google Photos Backup Google, Inc (Verified) Google Inc
chrome.exe < 0.01 64,476 K 61,364 K 4664 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 1,25,492 K 1,11,676 K 5508 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 16,756 K 3,752 K 4636 Google Chrome Google Inc. (Verified) Google Inc
WLTRAY.EXE < 0.01 24,408 K 6,396 K 3972 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc. (No signature was present in the subject) Dell Inc.
unsecapp.exe < 0.01 2,368 K 1,136 K 2468 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe < 0.01 10,256 K 3,312 K 3696 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
WinPatrol.exe < 0.01 11,636 K 12,368 K 3532 WinPatrol Monitor Ruiware (Verified) Ruiware
XAudio.exe 764 K 124 K 2376 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
wmpnscfg.exe 1,788 K 724 K 2108 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 5,444 K 500 K 3952 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,540 K 3,000 K 3492
WLTRYSVC.EXE 692 K 80 K 1652 (No signature was present in the subject)
wlanext.exe 1,904 K 836 K 1692
winlogon.exe 2,168 K 276 K 736
wininit.exe 1,240 K 132 K 588
taskeng.exe 2,304 K 1,740 K 2696
System 0 K 1,200 K 4
svchost.exe 86,892 K 71,656 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,876 K 2,908 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 14,180 K 3,392 K 1828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,784 K 2,384 K 904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,472 K 4,332 K 1128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,156 K 1,004 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,272 K 3,492 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 23,240 K 5,944 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,160 K 232 K 364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,100 K 184 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,660 K 220 K 2248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 588 K 272 K 2280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,592 K 152 K 3736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,680 K 252 K 3884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray.exe 4,424 K 728 K 4080 Sigmatel Audio system tray application SigmaTel, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
stacsv.exe 8,260 K 1,136 K 2148 STacSV Module SigmaTel, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 6,052 K 1,200 K 1804 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 288 K 84 K 484
SLsvc.exe 5,672 K 164 K 1304 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
services.exe 2,500 K 2,876 K 632
SearchProtocolHost.exe 3,708 K 6,560 K 5512
SearchIndexer.exe 42,416 K 7,156 K 2328 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 3,520 K 5,864 K 4460
msseces.exe 6,028 K 760 K 4056 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MsMpEng.exe 98,204 K 2,292 K 956 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 2,720 K 148 K 4628
MpCmdRun.exe 3,156 K 248 K 4792
mbamscheduler.exe 5,540 K 3,376 K 1460 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe 1,900 K 1,028 K 652
lsass.exe 3,148 K 1,468 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
hnm_svc.exe 6,592 K 240 K 504 Advanced Networking Service Application SingleClick Systems (Verified) SingleClick Systems
GoogleUpdateSetup.exe 1,264 K 144 K 3200
GoogleUpdateSetup.exe 1,280 K 420 K 3560 Google Update Setup Google Inc. (Verified) Google Inc
GoogleUpdate.exe 5,424 K 3,488 K 4500 Google Installer Google Inc. (Verified) Google Inc
csrss.exe 2,468 K 3,424 K 600
csrss.exe 2,004 K 1,108 K 536
chrome.exe 33,752 K 10,304 K 2664 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,212 K 7,276 K 3992 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,792 K 1,900 K 5568 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,596 K 3,212 K 1724 Google Chrome Google Inc. (Verified) Google Inc
BCMWLTRY.EXE 27,012 K 6,444 K 1664
audiodg.exe 14,140 K 8,800 K 1260
armsvc.exe 2,100 K 96 K 304 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
#8
Posted 02 February 2016 - 10:35 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix. PC will reboot.
A fix log will be generated please post that.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:
Copy the next two lines:
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
In either case continue:
Run the Windows Readiness tool at:
You want the: x86-based (32-bit) versions of Windows Vista SP2 and Windows Vista SP1
Download and save it then run it.
Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it.
Close all browsers and open progrms before running Speccy. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Save the file and close notepad Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
(Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
Please create a new processor explorer log as before. Note the value of the Interrupts line. Currently it is 3.79. If it is still about the same (good would be if it dropped to less than 1.5) then go to Dell's support website http://www.dell.com/...ts/?app=drivers
and see if they have any drivers for you. Start with the chipset driver then the video then audio, networking and any others they may have. (You may already have the latest in which case it will tell you when you try to install them). Once done reboot and run a new processor explorer log and see if Interrupts has improved.
#9
Posted 03 February 2016 - 09:50 AM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
speccy log attached.
I will work on your reply and revert back ASAP
Thanks once again for all your help on this.
-Abhi
Attached Files
-
ABHISHEK-PC.txt 479.48KB
225 downloads
#10
Posted 10 February 2016 - 07:14 PM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
Hi Kinner,
Hope I'm calling your name right.
Sorry for the delay from my end. I will be working on your instructions and responding soonest, probably today itself.
Wishes,
Abhi
#11
Posted 13 February 2016 - 08:04 AM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
Hi Kinner,
PFB the fix log. Also to share with you after running this fix machine speed seems to be improved.
Just curious what was the issue and how did we resolved it. I will be watchful about these events in future to avoid recurrence of machine slowness.
Thanks for all your help once again.
Fix Log:
Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Abhishek (2016-02-13 19:08:57) Run:4
Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 4
Loaded Profiles: Abhishek (Available Profiles: Abhishek)
Boot Mode: Normal
==============================================
fixlist content:
*****************
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll => No File
CHR Extension: (MySmartPrice) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda [2016-01-11]
CHR Extension: (PriceRaja - Online Shopping at Best Prices) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda [2016-02-03]
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
Task: {108190D0-BA67-42D3-B0F8-744A7BF2568F} - System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsPlugin
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {4311A11B-A6F3-4CCD-97F6-38BA7FD87885} - System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {959C5621-FAB9-4A3A-9C23-922E309F6213} - System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => pcalua.exe -a C:\Users\Abhishek\Downloads\Cleanup.exe -d C:\Users\Abhishek\Downloads
EmptyTemp:
*****************
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files\Google\Chrome\Application\48.0.2564.97\pdf.dll => not found.
C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
C:\Windows\system32\npdeployJava1.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
c:\program files\real\realplayer\Netscape6\nppl3260.dll => not found.
c:\program files\real\realplayer\Netscape6\nprjplug.dll => not found.
c:\program files\real\realplayer\Netscape6\nprpplugin.dll => not found.
C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda => moved successfully
C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda => moved successfully
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found.
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found.
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found.
"HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-4265441916-1708264049-1492465063-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{108190D0-BA67-42D3-B0F8-744A7BF2568F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{108190D0-BA67-42D3-B0F8-744A7BF2568F}" => key removed successfully.
C:\Windows\System32\Tasks\{2E43836E-2378-4CC7-917D-D5F50B56556D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2E43836E-2378-4CC7-917D-D5F50B56556D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE}" => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\TMM => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4311A11B-A6F3-4CCD-97F6-38BA7FD87885}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4311A11B-A6F3-4CCD-97F6-38BA7FD87885}" => key removed successfully.
C:\Windows\System32\Tasks\{DB5D0A06-E067-4000-A5BE-B4416BAED45F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB5D0A06-E067-4000-A5BE-B4416BAED45F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{959C5621-FAB9-4A3A-9C23-922E309F6213}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{959C5621-FAB9-4A3A-9C23-922E309F6213}" => key removed successfully.
C:\Windows\System32\Tasks\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39C5E658-A847-4D3C-9BE1-8932FB0C83ED}" => key removed successfully.
EmptyTemp: => 314.5 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:10:34 ====
#12
Posted 13 February 2016 - 08:28 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
The fix mostly cleaned out deadwood and removed temp files. Not sure why it should have improved the speed. Would be best to continue with the instructions.
#14
Posted 13 February 2016 - 11:16 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
OK. Let's see VEW logs now.
#15
Posted 14 February 2016 - 09:13 PM
abhi6512
- Topic Starter
-
- Member
-
- 143 posts
Member
Hi Kinner,
PFA the speecy log.
Thanks for being with me.
-Abhi
Attached Files
-
ABHISHEK-PC1.txt 486.32KB
394 downloads
Similar Topics
Also tagged with one or more of these keywords: malware infection
 
|
Security →
Virus, Spyware, Malware Removal →
Computer not connecting to the Internet! Possible Malware InfectioStarted by orwellian1984 , 11 Aug 2015  Malware infection, Malware and 1 more...
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
