Virus/Malware removal

Hi,

My computer is slow and i am not sure what the exact problem is. I have run the Farbar recovery scan and here is the log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016

Ran by Girish (administrator) on GIRISHSANTHOSH (24-02-2016 21:28:47)

Running from C:\Users\Girish\Downloads

Loaded Profiles: Girish (Available Profiles: Girish & aruns_000)

Platform: Windows 10 Home (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\nsbu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\nsbu.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\System32\dfrgui.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-08-15] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-08-15] (Lenovo(beijing) Limited)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-08-29] (Synaptics Incorporated)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)

HKU\S-1-5-21-1624555513-1515054485-2787027769-1002\...\Run: [Google Update] => C:\Users\Girish\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-14] (Google Inc.)

HKU\S-1-5-21-1624555513-1515054485-2787027769-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1624555513-1515054485-2787027769-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-1624555513-1515054485-2787027769-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2013-08-15]

ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{492b6990-1a47-4f9b-9734-263f0ed9aad8}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{b02ff692-93d4-49e6-8379-419e810087cc}: [DhcpNameServer] 192.168.2.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1624555513-1515054485-2787027769-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com

HKU\S-1-5-21-1624555513-1515054485-2787027769-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2D&ocid=SK2DDHP&osmkt=en-us

HKU\S-1-5-21-1624555513-1515054485-2787027769-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage

SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =

SearchScopes: HKU\S-1-5-21-1624555513-1515054485-2787027769-1002 -> DefaultScope {DE612860-CE9C-42B0-9EF9-9AD77D3407C0} URL =

SearchScopes: HKU\S-1-5-21-1624555513-1515054485-2787027769-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2DDF&PC=SK2D&q={searchTerms}&src=IE-SearchBox

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-22] (Oracle Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-22] (Oracle Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

Toolbar: HKLM - FindWide Toolbar - {1FE968F8-FFDA-4B72-9599-F723CE8AB15E} - C:\Program Files (x86)\TNT2\Profiles\11161\passport64.dll No File

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default

FF DefaultSearchEngine.US: Google

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Bing

FF Homepage: hxxp://google.com/

FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11161_112114&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-25] ()

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-22] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-22] (Oracle Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-25] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1624555513-1515054485-2787027769-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Girish\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-13] (Google Inc.)

FF Plugin HKU\S-1-5-21-1624555513-1515054485-2787027769-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Girish\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-13] (Google Inc.)

FF SearchPlugin: C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default\searchplugins\bing-.xml [2015-09-06]

FF Extension: FirefoxAdKiller - C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2015-09-13]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default\extensions\[email protected] [2015-09-13]

FF Extension: Bing Search - C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default\Extensions\[email protected] [2016-02-25] [not signed]

FF Extension: Webmail Ad Blocker - C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default\Extensions\[email protected] [2015-09-19]

FF Extension: Digital More - C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default\Extensions\{a6472983-82c2-48e2-af83-11b7750b32b5}.xpi [2015-04-10] [not signed]

FF Extension: Adblock Plus - C:\Users\Girish\AppData\Roaming\Mozilla\Firefox\Profiles\sri8sjsi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-26]

FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.2.17\coFFAddon

FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.2.17\coFFAddon [2016-01-10] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.2.17\coFFAddon

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxps://www.google.com/"

CHR Profile: C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]

CHR Extension: (IDM Integration for Chrome) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdfnpjpbgiifhieojfpmpanhfhmdlpk [2015-02-15]

CHR Extension: (Google Docs) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]

CHR Extension: (Google Drive) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]

CHR Extension: (YouTube) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Google Cast) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-02-25]

CHR Extension: (Adblock for Youtube™) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-11-24]

CHR Extension: (Google Search) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]

CHR Extension: (My JDownloader) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2016-02-24]

CHR Extension: (Google Sheets) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]

CHR Extension: (Google Docs Offline) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]

CHR Extension: (AdBlock) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-25]

CHR Extension: (Norton Identity Safe) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-06]

CHR Extension: (IDM INTEGRATION FOR CHROME ) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\jodhmdfkaajjjceocchmoajjadmebilf [2015-02-15]

CHR Extension: (Audio EQ) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2015-09-13]

CHR Extension: (Skype) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR Extension: (Gmail) - C:\Users\Girish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ikifpllgjmnbnanggkjcdlbfghbhblkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)

S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [125168 2014-12-03] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-19] (Intel Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2012-09-19] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166688 2012-09-19] (Intel Corporation)

R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)

R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\NSBU.exe [282016 2015-11-20] (Symantec Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-08-29] (Synaptics Incorporated)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.2.17\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-21] (Symantec Corporation)

R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-21] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.2.17\Definitions\IPSDefs\20151218.001\IDSvia64.sys [767224 2015-11-20] (Symantec Corporation)

R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2016-02-25] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)

S3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.2.17\Definitions\VirusDefs\20151217.033\ENG64.SYS [138488 2015-11-21] (Symantec Corporation)

S3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.2.17\Definitions\VirusDefs\20151217.033\EX64.SYS [2148080 2015-11-21] (Symantec Corporation)

R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8225680 2012-06-30] (Realtek Semiconductor Corp.)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-29] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)

R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NSBUx64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-01] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)

S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 05:15 - 2016-02-25 05:15 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Girish\Downloads\mbar-1.09.3.1001.exe

2016-02-25 05:06 - 2016-02-25 05:06 - 01511936 _____ C:\Users\Girish\Downloads\AdwCleaner.exe

2016-02-25 05:02 - 2016-02-25 05:08 - 00037322 _____ C:\Users\Girish\Downloads\Addition.txt

2016-02-25 05:01 - 2016-02-25 05:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-02-25 05:01 - 2016-02-25 05:01 - 00002135 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2016-02-25 05:01 - 2016-02-25 05:01 - 00001469 _____ C:\Users\Girish\Desktop\JRT.txt

2016-02-25 05:01 - 2016-02-25 05:01 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-02-25 04:58 - 2016-02-25 04:58 - 01609216 _____ (Malwarebytes) C:\Users\Girish\Downloads\JRT (2).exe

2016-02-25 04:58 - 2016-02-24 21:28 - 00028861 _____ C:\Users\Girish\Downloads\FRST.txt

2016-02-25 04:58 - 2016-02-24 21:28 - 00000000 ____D C:\FRST

2016-02-25 04:56 - 2016-02-25 04:58 - 02371072 _____ (Farbar) C:\Users\Girish\Downloads\FRST64.exe

2016-02-25 04:55 - 2016-02-25 04:55 - 01609216 _____ (Malwarebytes) C:\Users\Girish\Downloads\JRT (1).exe

2016-02-25 04:54 - 2016-02-25 04:54 - 00003135 _____ C:\Users\Girish\Desktop\fixlist.txt

2016-02-25 04:38 - 2016-02-25 04:39 - 00000000 ____D C:\Program Files (x86)\GUMA261.tmp

2016-02-24 21:23 - 2016-02-24 21:24 - 00000000 ____D C:\Users\Girish\Desktop\mbar

2016-02-24 21:19 - 2016-02-24 21:19 - 00016148 _____ C:\WINDOWS\system32\GIRISHSANTHOSH_Girish_HistoryPrediction.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 05:06 - 2015-09-13 07:49 - 00000000 ____D C:\AdwCleaner

2016-02-25 05:04 - 2015-02-19 14:38 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-02-25 05:01 - 2015-02-19 13:18 - 00000000 ____D C:\ProgramData\Adobe

2016-02-25 04:52 - 2015-09-13 20:52 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-02-25 04:52 - 2015-02-14 01:38 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-02-25 04:52 - 2014-11-22 23:24 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{98B6D501-6274-4B06-9756-CC71F46D5CCC}

2016-02-25 04:48 - 2015-08-23 22:28 - 00002426 _____ C:\Users\Girish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-02-25 04:48 - 2014-11-22 22:52 - 00000000 ___RD C:\Users\Girish\OneDrive

2016-02-25 04:45 - 2015-08-23 21:50 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-02-25 04:45 - 2015-07-10 03:02 - 00000000 ____D C:\WINDOWS\INF

2016-02-25 04:43 - 2015-08-23 22:25 - 00000000 ___DC C:\WINDOWS\Panther

2016-02-25 04:42 - 2015-08-15 08:32 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-02-25 04:40 - 2015-11-22 01:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-02-25 04:40 - 2015-09-13 08:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-02-25 04:37 - 2015-08-15 08:32 - 00000000 ____D C:\Users\Girish\AppData\Roaming\Skype

2016-02-24 21:30 - 2015-02-14 01:37 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-02-24 21:28 - 2015-07-10 03:04 - 00000000 ___HD C:\Program Files\WindowsApps

2016-02-24 21:28 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-02-24 21:23 - 2016-01-10 08:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup

2016-02-24 21:21 - 2015-09-13 20:52 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-02-24 21:21 - 2015-05-16 22:10 - 00000000 ___RD C:\Users\Girish\iCloudDrive

2016-02-24 21:20 - 2014-11-22 22:49 - 00000000 __SHD C:\Users\Girish\IntelGraphicsProfiles

2016-02-24 21:18 - 2015-07-10 04:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-02-24 21:18 - 2015-07-10 01:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2016-02-24 21:18 - 2014-11-21 15:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-02-24 21:17 - 2015-07-10 01:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

==================== Files in the root of some directories =======

2014-11-21 14:51 - 2014-11-22 18:52 - 0002572 _____ () C:\Users\Girish\AppData\Roaming\AbsoluteReminder.xml

2014-12-06 08:42 - 2014-12-24 10:42 - 0000127 _____ () C:\Users\Girish\AppData\Roaming\WB.CFG

2014-12-23 19:42 - 2014-12-23 19:42 - 0000001 _____ () C:\Users\Girish\AppData\Local\DSI.DAT

2013-08-15 23:33 - 2013-08-15 23:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\Girish\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-13 01:04

==================== End of FRST.txt ============================

Can someone please help me out in cleaning up my laptop?

Thanks

Girish

#1
girish010789

Posted 25 February 2016 - 10:26 AM

Advertisements

#2
girish010789

Posted 25 February 2016 - 11:44 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Virus/Malware removal

#1 girish010789 Posted 25 February 2016 - 10:26 AM

Advertisements

#2 girish010789 Posted 25 February 2016 - 11:44 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
girish010789

Posted 25 February 2016 - 10:26 AM

#2
girish010789

Posted 25 February 2016 - 11:44 PM