Solved Random Audio ads & unknown process in TM

[venkatbollu]

Hello Techies,

Since yesterday I am facing an issue of Random audio ads play backs now and then in my laptop. I noticed the volume mixer has several applications named just "Ping". I tried to identify which is causing this by muting one by one. The system Sounds in the Volume Mixer image attached causes the ads to play and the remaining "ping" are doing the regular Click sounds. Even I traced out the process for this "Ping", There is process running in task manager called "Intravenous.exe" which is not terminating any time. This really requires to chose Force shutdown/restart while shutting down the laptop.

And then very often there comes a pop ups showing the message "Ping has stopped working" and asks me to either debug or close the program, I preferred Closing it than debug. Another popup that comes up is with the web browser script "stop running script?", Attached for your reference.

I thought of formatting the laptop but stepped back as I lost the activation key for MS office and couple of other softwares which I got them with laptop.

I used to have MCafee Antivirus plus licensed version installed till yesterday but when I contacted the support team, they uninstalled it and due to lack of time from my side (they actually took 2 hours for uninstallation itself and needed even more to install again) so my request is pending for installation. But I tried it from myside to install and it is done but don't see the AV running.

Please suggest me any steps to perform to come out of this situation.
My OS, Windows 7 Home Premium 64-bit SP1.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[venkatbollu]

Hello Roni,

Thanks for your response.

I had already gone through the link and installed MS Security Essentials. I did a quick scan too and now a full scan is in progress. Please let me know if a quick scan with no detections is good enough to pass on to the next step. If so I will interrupt the ongoing full scan and run the FRST.

 

[Broni]

You can finish MSE scan and then go ahead with FRST logs.

 

[venkatbollu]

FRST 1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by venkat (administrator) on APOORVA-PC (08-01-2017 22:29:49)
Running from C:\Users\venkat\Downloads
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Config.Msi\46881ff.rbf
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\wells\tuileries.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\venkat\AppData\Local\intravenous.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Mutilated\intravenous.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Raize Software, Inc.) C:\Program Files (x86)\Raize\CS3\Bin\CSDispatcher.exe
() C:\Program Files (x86)\Mutilated\intravenous.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\venkat\AppData\Local\intravenous.exe
() C:\Program Files (x86)\Cappuccinos\intravenous.exe
() C:\Program Files (x86)\Cappuccinos\intravenous.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxcymon.exe] => C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM\...\Run: [LXCYCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll,RunDLLEntry
HKLM\...\Run: [dennie] => C:\Program Files (x86)\Mutilated\intravenous.exe [10752 2017-01-05] ()
HKLM\...\Run: [denniedennie] => C:\Program Files (x86)\Cappuccinos\intravenous.exe [10752 2017-01-05] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [lxcymon.exe] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [scorning] => C:\Program Files (x86)\Mutilated\intravenous.exe [10752 2017-01-05] ()
HKLM-x32\...\Run: [scorningscorning] => C:\Program Files (x86)\Cappuccinos\intravenous.exe [10752 2017-01-05] ()
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [Chromium] => "c:\users\venkat\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [bobsled] => C:\Program Files (x86)\Mutilated\intravenous.exe [10752 2017-01-05] ()
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [bobsledbobsled] => C:\Program Files (x86)\Cappuccinos\intravenous.exe [10752 2017-01-05] ()
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [glioblastoma] => C:\Program Files (x86)\Mutilated\intravenous.exe [10752 2017-01-05] ()
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [glioblastomaglioblastoma] => C:\Program Files (x86)\Cappuccinos\intravenous.exe [10752 2017-01-05] ()
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [tuileries] => C:\Program Files (x86)\wells\tuileries.exe [68866 2017-01-05] ()
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Run: [transitioning] => C:\Program Files (x86)\Mutilated\intravenous.exe [10752 2017-01-05] ()
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\MountPoints2: {73c442d2-adc8-11de-9aab-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330288 2008-10-28] (VMware, Inc.)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330288 2008-10-28] (VMware, Inc.)
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320 2008-10-28] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320 2008-10-28] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2122AD89-0CB0-42C3-A5A6-4543E492E6B1}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C8E62E4B-A834-4FF3-AA3B-DBA2F07BC783}: [NameServer] 10.100.101.1,202.153.32.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_btlrd_16_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyE0F0FyE0D0CyBtByC0BtN0D0Tzu0StCyCyEyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtCyBtB0DzyyB0BtGtCyEyE0CtGyC0C0EyBtGyC0AyD0DtGyByCtD0FyBzytAyB0DtDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0AzyyDtCyBtAtGzz0B0BzztGyEyEtBzztGzyyDyCzytGzzyByDtD0B0FzyyByCzz0E0D2QtN0A0LzuyE%26cr%3D76462763%26a%3Dwnf_btlrd_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {44ABC3C2-5D64-4595-8525-AC74CF2FF4E0} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_btlrd_16_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyE0F0FyE0D0CyBtByC0BtN0D0Tzu0StCyCyEyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtCyBtB0DzyyB0BtGtCyEyE0CtGyC0C0EyBtGyC0AyD0DtGyByCtD0FyBzytAyB0DtDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0AzyyDtCyBtAtGzz0B0BzztGyEyEtBzztGzyyDyCzytGzzyByDtD0B0FzyyByCzz0E0D2QtN0A0LzuyE%26cr%3D76462763%26a%3Dwnf_btlrd_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_btlrd_16_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyE0F0FyE0D0CyBtByC0BtN0D0Tzu0StCyCyEyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtCyBtB0DzyyB0BtGtCyEyE0CtGyC0C0EyBtGyC0AyD0DtGyByCtD0FyBzytAyB0DtDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0AzyyDtCyBtAtGzz0B0BzztGyEyEtBzztGzyyDyCzytGzzyByDtD0B0FzyyByCzz0E0D2QtN0A0LzuyE%26cr%3D76462763%26a%3Dwnf_btlrd_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_btlrd_16_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyE0F0FyE0D0CyBtByC0BtN0D0Tzu0StCyCyEyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtCyBtB0DzyyB0BtGtCyEyE0CtGyC0C0EyBtGyC0AyD0DtGyByCtD0FyBzytAyB0DtDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0AzyyDtCyBtAtGzz0B0BzztGyEyEtBzztGzyyDyCzytGzzyByDtD0B0FzyyByCzz0E0D2QtN0A0LzuyE%26cr%3D76462763%26a%3Dwnf_btlrd_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3623452270-2088294941-995359613-1003 -> DefaultScope {DDCDB3CF-F1BE-4C58-8872-1D4E71DEA719} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=715483&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3623452270-2088294941-995359613-1003 -> {2FB4FDF9-6DB4-47BA-848C-69EEB6AED48D} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_btlrd_16_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyE0F0FyE0D0CyBtByC0BtN0D0Tzu0StCyCyEyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtCyBtB0DzyyB0BtGtCyEyE0CtGyC0C0EyBtGyC0AyD0DtGyByCtD0FyBzytAyB0DtDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0AzyyDtCyBtAtGzz0B0BzztGyEyEtBzztGzyyDyCzytGzzyByDtD0B0FzyyByCzz0E0D2QtN0A0LzuyE%26cr%3D76462763%26a%3Dwnf_btlrd_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3623452270-2088294941-995359613-1003 -> {DDCDB3CF-F1BE-4C58-8872-1D4E71DEA719} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=715483&p={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\venkat\AppData\Roaming\BrowserExtensions\Coupons64.dll No File
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-24] (HP)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\venkat\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-24] (HP)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-11-18] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\venkat\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011-02-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2011-12-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-28]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-28]
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-19]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-19]
CHR Extension: (Google Drive) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-19]
CHR Extension: (YouTube) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-19]
CHR Extension: (Ebates Cash Back) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-12-25]
CHR Extension: (FullTab) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcgefogogljdgjcegkpkdjocajhlpdko [2017-01-05]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-19]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-19]
CHR Extension: (AdBlock) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-17]
CHR Extension: (Search) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhlambmdchnamjafiahpoonaaoicoocn [2017-01-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-07-18]
CHR Extension: (Wikibuy) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2016-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-19]
CHR Extension: (Gmail) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-19]
CHR Extension: (Chrome Media Router) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-25] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
S2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537520 2006-11-29] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 postgresql-x64-9.6; C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe [94720 2016-10-25] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 TeamPostgreSQL Service; C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe [197120 2016-10-06] () [File not signed]
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WindowService; "C:\Users\venkat\AppData\Local\Temp\WS\realtek_amd64.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-08] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 22:32 - 2017-01-08 22:32 - 00003651 _____ C:\Users\venkat\Desktop\My Portfolio.csv
2017-01-08 22:29 - 2017-01-08 22:36 - 00038591 _____ C:\Users\venkat\Downloads\FRST.txt
2017-01-08 22:23 - 2017-01-08 22:31 - 00000000 ____D C:\FRST
2017-01-08 21:39 - 2017-01-08 21:40 - 02193920 _____ (Farbar) C:\Users\venkat\Downloads\FRST64.exe
2017-01-07 13:47 - 2017-01-07 13:47 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-07 13:46 - 2017-01-08 03:37 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-07 13:46 - 2017-01-07 13:46 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-07 13:46 - 2017-01-07 13:46 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-07 13:45 - 2017-01-07 13:45 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-07 13:43 - 2017-01-07 13:43 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-07 13:43 - 2017-01-07 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-07 13:43 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-07 13:27 - 2017-01-07 13:27 - 00003156 _____ C:\Windows\System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111}
2017-01-06 22:03 - 2017-01-07 07:44 - 00007601 _____ C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-06 16:25 - 2017-01-06 16:25 - 00001945 _____ C:\Windows\epplauncher.mif
2017-01-06 16:24 - 2017-01-06 16:24 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-01-06 16:23 - 2017-01-06 16:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-01-06 16:23 - 2017-01-06 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-01-05 23:14 - 2017-01-05 23:17 - 00012553 _____ C:\Users\venkat\Desktop\JRT.txt
2017-01-05 18:39 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2017-01-05 18:23 - 2017-01-05 18:23 - 00000000 ____D C:\Program Files\McAfee.com
2017-01-05 18:20 - 2017-01-05 18:46 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-05 17:38 - 2017-01-05 18:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-05 17:38 - 2016-09-08 15:15 - 00331280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-01-05 17:37 - 2017-01-05 18:40 - 00000000 ____D C:\ProgramData\McAfee
2017-01-05 17:00 - 2017-01-05 18:18 - 00000034 _____ C:\Users\venkat\Desktop\MCafee SR#.txt
2017-01-05 12:47 - 2017-01-05 12:47 - 00003810 _____ C:\Windows\System32\Tasks\3033876
2017-01-05 12:47 - 2017-01-05 12:47 - 00003802 _____ C:\Windows\System32\Tasks\28417410
2017-01-05 12:46 - 2017-01-05 12:47 - 00003810 _____ C:\Windows\System32\Tasks\65824291
2017-01-05 12:46 - 2017-01-05 12:47 - 00003798 _____ C:\Windows\System32\Tasks\k3033876
2017-01-05 12:46 - 2017-01-05 12:47 - 00003654 _____ C:\Windows\System32\Tasks\ba6582429165824291
2017-01-05 12:46 - 2017-01-05 12:47 - 00003654 _____ C:\Windows\System32\Tasks\ba30338763033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00003648 _____ C:\Windows\System32\Tasks\ba2841741028417410
2017-01-05 12:46 - 2017-01-05 12:46 - 00003642 _____ C:\Windows\System32\Tasks\bak3033876k3033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\wells
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\Mutilated
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\Cappuccinos
2017-01-05 12:45 - 2017-01-05 12:45 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-01-05 12:44 - 2017-01-06 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
2017-01-05 12:44 - 2017-01-05 13:10 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-01-05 12:44 - 2017-01-05 12:45 - 00000000 ____D C:\Users\venkat\AppData\Roaming\AGData
2017-01-05 12:44 - 2017-01-05 12:45 - 00000000 ____D C:\Program Files\5929c638fefa71105006b49814f2cf43
2017-01-05 12:44 - 2017-01-05 12:44 - 00000000 ____D C:\Users\venkat\AppData\Roaming\InterStat
2017-01-05 12:44 - 2017-01-05 12:44 - 00000000 ____D C:\Users\venkat\AppData\Local\CEF
2017-01-05 12:39 - 2017-01-05 12:39 - 00001435 ____N C:\Users\Public\Desktop\Download Driver Whiz Cr...lnk
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ C:\Windows\seventeen.exe
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ C:\Users\venkat\AppData\Local\intravenous.exe
2017-01-01 15:47 - 2017-01-01 23:50 - 00009080 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx
2016-12-31 15:21 - 2016-12-31 15:21 - 00001181 ____N C:\Users\Public\Desktop\TeamPostgreSQL Web Client.lnk
2016-12-31 15:21 - 2016-12-31 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamPostgreSQL
2016-12-31 15:12 - 2016-12-31 15:21 - 00000000 ____D C:\Program Files (x86)\TeamPostgreSQL
2016-12-30 21:40 - 2010-09-11 10:51 - 00439808 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-12-30 21:34 - 2016-12-30 21:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-12-30 21:25 - 2016-12-30 21:25 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\venkat\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\Documents\SafeNet Sentinel
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\.spss
2016-12-30 20:32 - 2016-12-30 20:32 - 00000000 ____D C:\Users\venkat\AppData\Roaming\HP TCS
2016-12-30 20:13 - 2016-12-30 20:13 - 00000000 ____D C:\Users\venkat\AppData\Roaming\CyberLink
2016-12-30 20:12 - 2016-12-30 20:12 - 00000000 ____D C:\Users\Public\CyberLink
2016-12-30 20:09 - 2016-12-30 20:12 - 00000000 ____D C:\Users\venkat\Documents\Youcam
2016-12-30 15:13 - 2016-12-31 13:26 - 00000000 ____D C:\Users\venkat\Desktop\Postgres
2016-12-30 12:45 - 2016-12-30 21:37 - 00000000 ____D C:\Users\venkat\AppData\Roaming\pgAdmin
2016-12-29 23:28 - 2016-12-29 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.6
2016-12-29 23:21 - 2016-12-29 23:21 - 00000000 ____D C:\Program Files\PostgreSQL
2016-12-28 17:54 - 2016-12-28 17:54 - 00014785 _____ C:\Users\venkat\Desktop\xe~1.sql
2016-12-28 17:54 - 2016-12-28 17:54 - 00001479 _____ C:\Users\venkat\xe.sql
2016-12-28 00:21 - 2017-01-05 12:41 - 00002379 ____R C:\Users\venkat\Desktop\Vеnkаt - Сhrоmе.lnk
2016-12-25 18:08 - 2016-12-25 19:40 - 00010925 _____ C:\Users\venkat\Desktop\Important Days & bills.xlsx
2016-12-21 13:34 - 2016-12-21 13:35 - 04700160 _____ C:\Users\venkat\Downloads\remote area.xls
2016-12-20 17:33 - 2016-12-20 19:28 - 00000000 ____D C:\Users\venkat\Desktop\New Technologies
2016-12-17 15:21 - 2016-12-17 16:02 - 00000000 ____D C:\Users\venkat\AppData\Roaming\SQL Developer
2016-12-17 15:21 - 2016-12-17 15:21 - 00001612 ____N C:\Users\venkat\Desktop\sqldeveloper.exe - Shortcut.lnk
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\Users\venkat\AppData\Roaming\sqldeveloper
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-12-17 15:19 - 2016-12-17 15:19 - 00000000 ____D C:\Users\venkat\Desktop\sqldeveloper-4.2.0.16.260.1303-x64
2016-12-17 14:59 - 2016-12-17 14:59 - 00000000 ____D C:\Users\venkat\Oracle
2016-12-17 14:58 - 2016-12-17 14:58 - 00000000 ____D C:\oraclexe
2016-12-17 14:33 - 2016-12-17 14:33 - 00003102 _____ C:\Windows\System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901}
2016-12-17 14:26 - 2016-12-17 14:26 - 00000624 _____ C:\Users\venkat\Desktop\tnsnames.ora
2016-12-17 14:10 - 2017-01-07 22:21 - 00000000 ____D C:\Program Files (x86)\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\Program Files (x86)\Raize
2016-12-17 14:10 - 2005-01-08 03:00 - 00024064 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\CS30Inspectors70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 01381376 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vcl70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 00778240 _____ (Borland Software Corporation) C:\Windows\SysWOW64\rtl70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 00227328 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vclie70.bpl
2016-12-17 13:55 - 2016-12-17 13:55 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Dell
2016-12-17 13:49 - 2016-12-17 13:49 - 00046441 _____ C:\Users\venkat\Downloads\dataDec-17-2016 (1).sql
2016-12-17 13:47 - 2016-12-17 16:01 - 00043163 _____ C:\Users\venkat\Downloads\dataDec-17-2016.sql
2016-12-16 21:01 - 2016-12-28 17:02 - 00000000 ____D C:\Users\venkat\Desktop\Freelancers
2016-12-16 19:47 - 2016-12-17 14:42 - 02852304 _____ C:\Windows\OracleDatabaseXEServerInstall.log
2016-12-16 10:18 - 2016-12-16 10:18 - 00095040 _____ (97V68D) C:\Windows\system32\Drivers\05e17ce5d17dfc5d636ea0e242bde32d.sys
2016-12-15 17:08 - 2016-12-15 17:08 - 00003434 _____ C:\Windows\System32\Tasks\MPLClient

 

[venkatbollu]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 22:36 - 2009-09-30 08:38 - 01654386 _____ C:\Windows\WindowsUpdate.log
2017-01-08 22:24 - 2016-07-16 10:26 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Skype
2017-01-08 22:11 - 2016-05-20 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-08 22:00 - 2010-12-22 22:28 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job
2017-01-08 21:05 - 2010-04-21 18:27 - 00000000 ____D C:\ProgramData\Recovery
2017-01-08 21:05 - 2009-09-30 08:55 - 00000290 _____ C:\ProgramData\hpqp.ini
2017-01-08 21:00 - 2010-01-13 17:15 - 00118592 _____ C:\Users\Apoorva\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 20:55 - 2010-12-22 22:29 - 00002285 _____ C:\Users\Apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 20:55 - 2010-12-22 22:29 - 00002255 _____ C:\Users\Apoorva\Desktop\Google Chrome.lnk
2017-01-08 13:51 - 2016-07-24 10:36 - 00000000 ____D C:\Users\venkat\AppData\Local\Downloaded Installations
2017-01-08 13:10 - 2010-09-12 17:57 - 00000000 ____D C:\Users\Apoorva\Documents\My Received Files
2017-01-08 01:00 - 2010-12-22 22:28 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job
2017-01-07 23:23 - 2016-07-23 04:53 - 00000000 ____D C:\Users\venkat\AppData\Roaming\VMware
2017-01-07 13:49 - 2016-07-24 11:52 - 00000000 ____D C:\ProgramData\Nero
2017-01-07 13:41 - 2016-07-24 11:54 - 00000188 _____ C:\Windows\SysWOW64\MsiExec.exe.log
2017-01-07 11:04 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat\AppData\Local\VirtualStore
2017-01-06 20:40 - 2011-09-30 10:21 - 00000000 ____D C:\Windows\Minidump
2017-01-06 17:07 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-06 17:07 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-06 17:01 - 2016-07-23 04:40 - 00000000 ____D C:\ProgramData\VMware
2017-01-06 17:00 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-06 17:00 - 2009-07-13 23:51 - 00204420 _____ C:\Windows\setupact.log
2017-01-05 22:13 - 2016-07-16 03:03 - 00000000 ____D C:\Users\venkat\Desktop\Movies
2017-01-05 18:45 - 2010-01-13 18:10 - 00495172 _____ C:\Windows\PFRO.log
2017-01-05 18:40 - 2016-10-28 22:09 - 00000000 ____D C:\Program Files\McAfee
2017-01-05 18:28 - 2016-10-28 22:14 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-05 18:27 - 2016-10-28 22:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-05 18:21 - 2016-10-28 22:08 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-05 17:09 - 2009-07-14 00:13 - 00786806 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 17:04 - 2016-10-28 21:47 - 00000000 ____D C:\Users\venkat\AppData\Local\LogMeIn Rescue Applet
2017-01-05 12:43 - 2010-01-13 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-05 12:42 - 2016-05-28 03:09 - 00002327 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-05 12:42 - 2016-05-20 07:24 - 00002157 ____R C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2017-01-05 12:41 - 2016-05-28 03:09 - 00002315 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2017-01-05 10:47 - 2016-10-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-03 19:37 - 2016-09-21 19:18 - 00000000 ____D C:\Users\venkat\Desktop\EAD
2016-12-31 15:26 - 2016-07-26 07:01 - 00000000 ____D C:\Users\venkat\AppData\Roaming\BITS
2016-12-31 10:13 - 2010-01-31 21:52 - 00000000 ____D C:\Program Files\Google
2016-12-30 23:25 - 2016-05-28 03:01 - 00000000 ____D C:\Users\venkat\AppData\Local\Google
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-30 23:25 - 2010-01-13 17:57 - 00000000 ____D C:\ProgramData\Google
2016-12-30 21:40 - 2011-04-16 17:15 - 00000000 ____D C:\Windows\system32\nn-NO
2016-12-30 21:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2016-12-30 21:29 - 2016-05-20 07:26 - 00000000 ____D C:\Users\venkat\AppData\Local\Hewlett-Packard
2016-12-30 21:07 - 2009-08-21 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-30 21:05 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat
2016-12-30 20:48 - 2011-04-22 22:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 20:17 - 2011-02-26 22:03 - 00000000 ____D C:\ProgramData\UAB
2016-12-30 20:10 - 2009-08-21 13:48 - 00000000 ____D C:\ProgramData\CyberLink
2016-12-29 23:19 - 2016-07-24 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 16:10 - 2016-09-15 21:04 - 00000087 _____ C:\Users\venkat\AppData\default.pls
2016-12-17 16:18 - 2016-08-01 04:54 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Notepad++
2016-12-17 14:37 - 2010-01-13 17:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-17 12:41 - 2016-07-05 06:45 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-16 17:54 - 2010-02-15 13:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 17:54 - 2010-02-15 13:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-14 10:11 - 2016-05-20 07:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 10:11 - 2016-05-20 07:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 10:11 - 2011-10-12 09:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 10:11 - 2011-10-12 09:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 10:11 - 2009-08-21 12:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-05 03:42 - 2017-01-05 03:42 - 0010752 _____ () C:\Users\venkat\AppData\Local\intravenous.exe
2016-08-10 00:17 - 2016-08-10 00:17 - 0004096 ____H () C:\Users\venkat\AppData\Local\keyfile3.drm
2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-06 22:03 - 2017-01-07 07:44 - 0007601 _____ () C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2009-09-30 08:55 - 2017-01-08 21:05 - 0000290 _____ () C:\ProgramData\hpqp.ini
2010-11-08 21:09 - 2014-05-02 22:40 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-01-13 17:48 - 2017-01-08 21:15 - 0001282 _____ () C:\ProgramData\HPWALog.txt
2011-01-08 18:46 - 2011-04-30 21:09 - 0001257 _____ () C:\ProgramData\hpzinstall.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-21 13:55 - 2009-08-21 13:55 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-30 08:56 - 2009-09-30 08:56 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-21 13:49 - 2009-08-21 13:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-30 08:56 - 2009-09-30 08:56 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-21 13:48 - 2009-08-21 13:49 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-21 13:51 - 2009-08-21 13:55 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Apoorva\jagex_runescape_preferences.dat


Some files in TEMP:
====================
C:\Users\Apoorva\AppData\Local\Temp\AMPing.exe
C:\Users\Apoorva\AppData\Local\Temp\Extract.exe
C:\Users\Apoorva\AppData\Local\Temp\GdiPlus.dll
C:\Users\Apoorva\AppData\Local\Temp\GUR45B4.exe
C:\Users\Apoorva\AppData\Local\Temp\GUR4DB1.exe
C:\Users\Apoorva\AppData\Local\Temp\GUR56B8.exe
C:\Users\Apoorva\AppData\Local\Temp\GUR8F15.exe
C:\Users\Apoorva\AppData\Local\Temp\GURA2D3.exe
C:\Users\Apoorva\AppData\Local\Temp\GURA5A3.exe
C:\Users\Apoorva\AppData\Local\Temp\GURAE3A.exe
C:\Users\Apoorva\AppData\Local\Temp\GURB194.exe
C:\Users\Apoorva\AppData\Local\Temp\GURB98C.exe
C:\Users\Apoorva\AppData\Local\Temp\GURDCB0.exe
C:\Users\Apoorva\AppData\Local\Temp\ICE_JNIRegistry.dll
C:\Users\Apoorva\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Apoorva\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Apoorva\AppData\Local\Temp\MSNE835.exe
C:\Users\Apoorva\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Apoorva\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Apoorva\AppData\Local\Temp\Resource.exe
C:\Users\Apoorva\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Apoorva\AppData\Local\Temp\SP47803.exe
C:\Users\Apoorva\AppData\Local\Temp\SP50498.exe
C:\Users\Apoorva\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Apoorva\AppData\Local\Temp\sp54373.exe
C:\Users\Apoorva\AppData\Local\Temp\sp54620.exe
C:\Users\Apoorva\AppData\Local\Temp\sp64126.exe
C:\Users\Apoorva\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Apoorva\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\venkat\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\venkat\AppData\Local\Temp\GLF4D73GLF4D73.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-07-08 21:25

==================== End of FRST.txt ============================

 

[venkatbollu]

Additional.txt 1
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by venkat (2017-01-08 22:38:35)
Running from C:\Users\venkat\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-13 22:08:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3623452270-2088294941-995359613-500 - Administrator - Disabled)
Apoorva (S-1-5-21-3623452270-2088294941-995359613-1001 - Administrator - Enabled) => C:\Users\Apoorva
Guest (S-1-5-21-3623452270-2088294941-995359613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3623452270-2088294941-995359613-1002 - Limited - Enabled)
venkat (S-1-5-21-3623452270-2088294941-995359613-1003 - Administrator - Enabled) => C:\Users\venkat
__vmware_user__ (S-1-5-21-3623452270-2088294941-995359613-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
BitTorrent (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CodeSite 3.0.1 Client Tools (HKLM-x32\...\CodeSite 3.0.1 Client Tools) (Version: 3.0 - Raize Software, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Driver Whiz (HKLM-x32\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.005) - Open Text Corporation.)
FlashGet 3.3 (HKLM-x32\...\FlashGet 3.3) (Version: 3.3.0.1092 - http://www.FlashGet.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.164 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
PostgreSQL 9.6 (HKLM\...\PostgreSQL 9.6) (Version: 9.6 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RPS CRT (x32 Version: 9.0.40 - Bell) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TeamPostgreSQL 1.07 (HKLM-x32\...\0115-9748-2388-7305) (Version: 1.07 - Webworks SA)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VEX Programming Driver 64-bit (HKLM-x32\...\{00B74926-F27A-4661-8827-6BFCAFD35AF0}) (Version: 1.0.0.2 - VEX Robotics, Inc.)
VEXnet Firmware Upgrade Utility (HKLM-x32\...\VEXnet Firmware Upgrade Utility_is1) (Version: - )
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.5.1.5078 - VMware, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
YTD Video Downloader 5.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.2 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-01-2017 13:31:11 Removed Nero 8 Essentials. Available with Windows Installer version 1.2 and later.
07-01-2017 14:06:24 Removed Toad for Oracle

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-05 16:17 - 2017-01-05 16:17 - 00000902 ____A C:\Windows\system32\Drivers\etc\hosts
























==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C79267-0EC4-4985-882D-E7E935DB911B} - System32\Tasks\{F2F30F23-07ED-45A3-849C-B55476ECCFAF} => C:\Program Files (x86)\FirstClass\fcc32.exe [2011-02-15] (Open Text Inc.)
Task: {0E1DB523-5AB8-4747-85EA-BEEB91AA4867} - System32\Tasks\{E7958005-452C-41D7-9DF8-14E78BEBCCB6} => Chrome.exe http://ui.skype.com/ui/0/5.3.0.116....google-chrome:notoffered;ienotdefaultbrowser2
Task: {13F33A43-6318-47FD-A3C7-16E5BE070570} - System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901} => pcalua.exe -a F:\venkat\DATA\OracleXEClient.exe -d F:\venkat\DATA
Task: {1AA42887-21B2-4795-BF03-B9A3BD780FAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-07] (HP Inc.)
Task: {21D3B24C-5B7C-460F-B519-25DA61FEF396} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-08] (Hewlett-Packard)
Task: {3AB3CA47-0F53-487F-9244-90E5D4042065} - System32\Tasks\{EA460A63-A1D1-4BFF-AD39-98B87763B670} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
Task: {400A1DFE-1699-46DC-AD0E-AB676CE8C7D3} - System32\Tasks\{FAF9B758-61CE-4ECD-BF20-E49B8D2241F6} => pcalua.exe -a C:\Users\Apoorva\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Apoorva\Downloads
Task: {4ACE4019-02FA-4113-AAC4-5A1139E418F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {4B95C303-C0C1-4521-936B-3EB156890FAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {4D45399D-586E-42BF-BCD2-573CAB8B6119} - System32\Tasks\{6823A56D-DDC6-4B70-B152-0D965D06C1A3} => F:\adobe-master-cs4-keygen.exe
Task: {5309CFE5-ED98-40BB-B579-0914BAE25204} - System32\Tasks\{A86CC31E-76A7-4341-89DD-75CE59D7457D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -c -runfromtemp -l0x0009 -uninst -removeonly
Task: {53DF5D7F-66C9-4DE1-AE88-D45C11632981} - System32\Tasks\{97AE6B8B-F48F-4D2B-8286-745C193C3C2C} => F:\adobe-master-cs4-keygen.exe
Task: {54F6A112-253D-457D-B30E-365284D9F4B5} - System32\Tasks\65824291 => C:\Program Files (x86)\Mutilated\intravenous.exe [2017-01-05] () <==== ATTENTION
Task: {65A3F676-92BC-4873-9F12-6B183064BC8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {761F6C41-F669-4B38-AB34-C0E89AB3028A} - System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111} => pcalua.exe -a "C:\Program Files (x86)\Windows Live Safety Center\wlschost.exe" -c -Uninstall
Task: {7A746220-D1E7-4DE8-B7C1-2A98F0C76856} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {7B23C974-6F2B-4C8D-9E6B-2F4593FB6682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {7B261AA9-7538-43ED-9927-C498780007AF} - System32\Tasks\ba30338763033876 => C:\Program Files (x86)\Cappuccinos\intravenous.exe [2017-01-05] ()
Task: {80BBF6EC-4102-4BBA-B843-3A55F21260AA} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {84F43933-098E-4187-BC12-ED32FB2D859B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {8AC9B359-2774-4C42-945D-96972DDDD3C2} - System32\Tasks\{A62FE67E-04F7-4FA7-ADAE-6AAE7C264E12} => F:\adobe-master-cs4-keygen.exe
Task: {9315B6A8-3E47-463E-9AEF-7CA62B1EEDC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {9C2C5066-0403-4B03-ACF9-51B6923D592A} - System32\Tasks\k3033876 => C:\Program Files (x86)\leander\leander.exe
Task: {A100F944-0708-46F3-B701-70A612F256F7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {A3A4FD77-1F9F-418D-9200-87A8169E97D0} - System32\Tasks\MPLClient => C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe
Task: {A8C5C8E1-A339-4625-9317-2950683F350F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {AFB199D3-3C64-4D57-A3A6-0C8C0D89EA15} - System32\Tasks\28417410 => C:\Users\venkat\AppData\Local\intravenous.exe [2017-01-05] () <==== ATTENTION
Task: {B27E59F2-D932-4BCA-8C10-182C91A2E73E} - System32\Tasks\ba6582429165824291 => C:\Program Files (x86)\Mutilated\intravenous.exe [2017-01-05] ()
Task: {CD2BC77A-F828-46CE-B162-E198F0D82387} - System32\Tasks\ba2841741028417410 => C:\Users\venkat\AppData\Local\intravenous.exe [2017-01-05] ()
Task: {D2D44C00-FD62-4039-AE4B-FA5E4BF9C508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D888B328-32B5-43BD-9926-387CFCC8E668} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {D92E1664-B5CB-4742-B020-DA5C814F91B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {DB481021-DDF9-4603-B123-946F004563B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCDC0242-F5FE-48C2-8944-D77046A0C242} - System32\Tasks\{B6493AA2-6DCF-4DB4-8540-1313591AD2B7} => F:\adobe-master-cs4-keygen.exe
Task: {E3E4A235-E952-40C3-85FC-2789F325AAE5} - System32\Tasks\bak3033876k3033876 => C:\Program Files (x86)\leander\leander.exe
Task: {EF3D6DEF-1AE9-4A8B-8A71-6114B5E4CBF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {F5ED44E4-7C17-4D17-AC67-BD0DA4B35077} - System32\Tasks\{420B1986-45F9-4D13-9576-68D05B728CDD} => F:\adobe-master-cs4-keygen.exe
Task: {FBD6E98F-D49E-43CC-9325-1CB10B620B4E} - System32\Tasks\3033876 => C:\Program Files (x86)\Cappuccinos\intravenous.exe [2017-01-05] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-08-30 21:08 - 2006-11-27 02:55 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll
2016-12-29 23:23 - 2016-10-25 05:08 - 00182784 _____ () C:\Program Files\PostgreSQL\9.6\bin\LIBPQ.dll
2009-08-21 13:55 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-12-29 23:28 - 2016-08-01 05:29 - 02264576 _____ () C:\Program Files\PostgreSQL\9.6\bin\libxml2.dll
2016-12-31 15:19 - 2016-10-06 23:26 - 00197120 _____ () C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
2016-07-23 04:23 - 2010-03-15 00:58 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-08-30 21:06 - 2009-05-01 12:54 - 00291496 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
2017-01-05 03:42 - 2017-01-05 03:42 - 00068866 _____ () C:\Program Files (x86)\wells\tuileries.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ () C:\Users\venkat\AppData\Local\intravenous.exe
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ () C:\Program Files (x86)\Mutilated\intravenous.exe
2017-01-07 13:43 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-07 13:43 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-07 13:43 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ () C:\Program Files (x86)\Cappuccinos\intravenous.exe
2016-12-14 15:57 - 2016-12-08 03:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 15:57 - 2016-12-08 03:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-14 09:18 - 2016-12-14 09:18 - 31164504 _____ () C:\Users\venkat\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
2008-10-28 12:38 - 2008-10-28 12:38 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2008-10-28 12:38 - 2008-10-28 12:38 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2012-08-30 21:06 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll
2012-08-30 21:06 - 2006-02-13 08:04 - 00143360 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll
2012-08-30 21:06 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 3400 Series\iptk.dll
2009-06-17 13:40 - 2009-06-17 13:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-06-17 13:40 - 2009-06-17 13:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-06-17 13:40 - 2009-06-17 13:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2017-01-06 17:01 - 2017-01-06 17:01 - 00004608 _____ () C:\Users\venkat\AppData\Local\Temp\nsq3B1D.tmp\ExecCmd.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\kuaiche.com -> hxxp://software.kuaiche.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEFE6630-389E-44DF-82F3-9485A7A6FD6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CD3BBA8F-D17B-418B-B56F-F8B2608FFAAB}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{3D774B82-31A0-4C83-881F-4A06ED7619BA}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{14C6C2AC-2EDB-4705-9A83-364F97376224}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{73288AF7-2806-4D81-A131-053D89D47F0C}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{47FC9419-5892-47CA-B917-915EA4362EA5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{9F022428-26EC-44CC-A40F-F6E7C0191156}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0C4814E0-119B-4F84-9444-7989C1985B37}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{F3DC371C-4528-494E-8DE9-5C35ED44EAD1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{46D10E6C-F4DC-4E78-9BCC-E9DAF8919A5F}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F48B909D-B583-42E0-AF37-3197053845FA}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{7393CE50-32F0-48CC-A376-EC1B9F59E385}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{ADF450EF-2A82-4C17-AC44-006380307EC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{01AD65CD-19EA-4FA8-A727-7F95AF4E8574}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DEE232A2-F0BE-4EB1-9E1C-0109C368E6EF}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C5D0C97C-7162-477A-902E-C069810DF6C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8662FEFB-4A27-4D64-A82D-73ABE4C1C88A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6BF1A9AF-9E34-477A-8CF1-7B41546E1E47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17ED5779-2164-46E0-8E9F-01A66A91DCF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C4ED4A68-B3ED-4552-AC94-894659188A51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BFCB4B69-A999-4840-8C2C-AE4A83A48F37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FF52AFEB-0A7E-4049-8FA6-745427DC305F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EBB4F998-53A1-4361-AEAB-1CF260C6C585}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{68B26E8D-C2AF-40B9-8390-7F701DC8A6CA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{16C4A618-F814-4845-8A60-0B4ECD8E8A32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C7B04456-7990-43AA-B8F4-BB700129395B}] => (Allow) svchost.exe
FirewallRules: [{433D8BC5-FC16-444C-AF78-7A9630EC5976}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9D896ACF-4069-49CF-850B-E29E594015F9}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{954892B4-46AF-43D2-8FC4-F2A27ED3F2FE}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{C8BC2726-ACC8-4AB4-A3B9-00762493D0F6}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4FDCF821-2B16-45C3-9EA6-AE259B4E6764}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4E82F33F-C870-44BA-8642-4D75868180E8}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{C1828FFF-05CF-488B-A7CE-EA3E54888C6E}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{B6B4FE57-8DE8-473E-89BE-BA346E80B818}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{EAFC6447-CCF0-4ACB-A4DB-6128764B0CB5}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{4DDB8838-4FB0-4C42-B881-A0B0BA19E0FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{197BDDFC-5E69-4551-ACB7-10CF33684645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F7C17022-D05C-4358-B584-6EAFC61F0590}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [UDP Query User{370E9F8A-6264-4DB5-BB55-E45F3E8C9FC2}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [{E3D44FAE-A6D8-4378-AA27-F55F0DAF83C4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A6CA6B5-C57A-4F0D-8D20-474FF804A814}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{D378E215-5A71-4506-80FF-6FA1BBFF9645}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{8609C6CF-FC48-4942-9D81-AA44483D2804}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{EDA7D9FD-3485-41A7-BAC7-7308CDC798F6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{7B6AE310-337D-4302-858F-EDFD2E2D8F24}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{2C0FE087-8539-4604-A7AD-492226CCA3A4}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{E4E5E4BE-AFB3-4BE3-B4DA-9F8A65AA78BB}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{CB34981A-B7C8-4CF5-B04D-DB2B898FCE79}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{94A7E039-4028-4F49-A11D-00E709D996C2}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{FF753986-7706-4B2C-A39C-9C96EB1FE880}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{8EA72A0D-BD79-4ED2-8BF5-4C2737B06E0E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{729F16B0-117F-493A-B125-AE2D36AA2B2C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{D5A1A7A3-074D-4010-8152-848D7772DA60}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{4B8026D1-DC47-4723-A2EB-5702476D268E}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{893F4CF6-6E71-4140-B976-65E37B87C634}] => (Allow) LPort=135
FirewallRules: [{4723771B-437C-4765-95FA-278C9E7E0455}] => (Allow) LPort=5000
FirewallRules: [{98FAB258-07BE-462B-BD2D-C99E621C7463}] => (Allow) LPort=5001
FirewallRules: [{337E4CE1-CD3D-414A-B956-5BCD0DDFA588}] => (Allow) LPort=5002
FirewallRules: [{D1B32D62-5643-44C2-8237-9ECEC69FA6F5}] => (Allow) LPort=5003
FirewallRules: [{AAB6F790-7E12-42B4-AA84-8B7D5DBBD127}] => (Allow) LPort=5004
FirewallRules: [{40505419-B36F-4ED9-99E1-333C30352BBE}] => (Allow) LPort=5005
FirewallRules: [{79F935B9-5F45-4749-B1E9-46B53833A916}] => (Allow) LPort=5006
FirewallRules: [{9B1C853D-5AF9-4398-8790-F33A30F41CC9}] => (Allow) LPort=5007
FirewallRules: [{7A7DD6BE-A3FD-466B-8AEF-B6EF42656EAA}] => (Allow) LPort=5008
FirewallRules: [{BF392420-ABB5-4021-A31B-11959EA4D6F4}] => (Allow) LPort=5009
FirewallRules: [{E4E85B71-49EE-4C9E-8386-FFA06766BB02}] => (Allow) LPort=5010
FirewallRules: [{79C52F32-7ABB-4A07-8B95-763A4AA511AD}] => (Allow) LPort=5011
FirewallRules: [{F746FA93-DB05-42A5-8AEC-F2ED445AB863}] => (Allow) LPort=5012
FirewallRules: [{98EC8327-FA6C-4DCC-AA5B-F2BBF58BCE12}] => (Allow) LPort=5013
FirewallRules: [{24D4CA68-6B12-417E-955A-8F05673BDD37}] => (Allow) LPort=5014
FirewallRules: [{E5D31E9E-DFFD-4A4B-A73B-E7D856740894}] => (Allow) LPort=5015
FirewallRules: [{39F739A5-8154-4D47-9F08-AF4D754ED623}] => (Allow) LPort=5016
FirewallRules: [{A4C08BDE-D1AA-48A8-A116-8662DD488E14}] => (Allow) LPort=5017
FirewallRules: [{D2A12F58-F605-4230-90FB-6856FDD8CA2C}] => (Allow) LPort=5018
FirewallRules: [{ACD18103-2A45-435F-BB0A-35DC7EB216BE}] => (Allow) LPort=5019
FirewallRules: [{D515A646-46D6-45B5-8D82-ABE09399B6A3}] => (Allow) LPort=5020
FirewallRules: [{90D50485-A642-4384-B7FA-98D91C227441}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{5790F44F-371D-45A6-89D7-52200AE8ED1F}] => (Allow) C:\Users\venkat\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{27E47AA8-1635-451E-9B12-6D3B39F0FB7C}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0E8E89E2-E554-4C77-8774-25C0619E5E1A}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8873BAFF-3CE1-4F6C-8D2F-D41F2A936F60}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A845098-E8BF-4FB5-879E-ABDC2EAA4C24}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{01222CD2-A8E5-47D6-8622-79FB6885A97B}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BE191360-1E8D-40FC-A910-673F07745296}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1267A1C0-8A4B-490B-8BF2-CDD32655589E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8AF4AB71-B2CC-46DE-8C86-4D9D2A8BD1B3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{3A2BE009-AD59-49F2-8788-61AE5F20B5DC}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{3CE1E5FE-7010-4290-96EE-2B1B9E36D19F}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{440517F2-B7C1-4770-878B-D163BBE82A9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6409F507-F069-48F1-8982-0846FE9C5906}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [UDP Query User{75C98348-52DF-4811-A14D-4D76A1CE13E7}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [TCP Query User{D5D0CA2B-67BE-46FB-9633-8327688037E0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{00EDC32E-363B-4443-87C3-29495E6499D4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{69ED8510-C0D7-4FE0-9B70-4C47219A27EB}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [UDP Query User{5223A622-1565-4093-89D5-AFD8738D2ED2}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [{D08B1B32-C4FB-4D27-B443-9CD2A71F6697}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮攮數
FirewallRules: [{2D129E07-FBFD-415B-AEFA-6D23C757F0D2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮⹟硥e
FirewallRules: [{D0BF5994-3AF8-417C-B83D-B0EF6E90D9DF}] => (Allow) C:\Program Files (x86)\Mutilated\intravenous.exe
FirewallRules: [{D7699F0F-66C1-4743-9E77-58E03F0CC99E}] => (Allow) C:\Program Files (x86)\Cappuccinos\intravenous.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

 

[venkatbollu]

Additional.txt 2

==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2017 10:33:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program intravenous.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e7c

Start Time: 01d269dc940ee8d8

Termination Time: 60000

Application Path: C:\Users\venkat\AppData\Local\intravenous.exe

Report Id: 0e7a0d4d-d61c-11e6-bb72-005056c00008

Error: (01/08/2017 07:07:22 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/08/2017 04:12:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000028389
Faulting process id: 0x2248
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/08/2017 04:06:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program intravenous.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 57c

Start Time: 01d269c7ac35936e

Termination Time: 1699

Application Path: C:\Program Files (x86)\Cappuccinos\intravenous.exe

Report Id: 1e2d0193-d5e6-11e6-bb72-005056c00008

Error: (01/08/2017 01:22:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x000000000033eabe
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/08/2017 10:52:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x0000000000032d5e
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/08/2017 05:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x0000000000032d5e
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/08/2017 04:04:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x000000000033e4c8
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/07/2017 02:25:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program intravenous.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 33f4

Start Time: 01d2690938f9fbc7

Termination Time: 20205

Application Path: C:\Users\venkat\AppData\Local\intravenous.exe

Report Id: f532730c-d50c-11e6-bb72-005056c00008

Error: (01/07/2017 01:20:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x0000000000032d5e
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3


System errors:
=============
Error: (01/08/2017 09:17:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (01/08/2017 09:16:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/08/2017 09:08:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error:
%%577

Error: (01/08/2017 09:08:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error: (01/08/2017 09:07:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error:
%%577

Error: (01/08/2017 09:07:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%577

Error: (01/08/2017 09:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%577

Error: (01/08/2017 09:07:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%577

Error: (01/08/2017 09:07:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%577

Error: (01/08/2017 09:07:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%577


CodeIntegrity:
===================================
Date: 2017-01-08 22:36:04.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:04.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:04.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:04.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:04.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:03.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:03.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:03.909
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:03.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 22:36:03.476
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 87%
Total physical RAM: 3999.19 MB
Available physical RAM: 516.81 MB
Total Virtual: 15983.95 MB
Available Virtual: 3347.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.41 GB) (Free:102 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.49 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 098B9E73)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[venkatbollu]

Hello Broni, The full scan by MSE took over 50 hours so posting the FRST scan results today. I suspect the process intravenous.exe as the culprit in my case. I am unable to delete it from my C drive or task manager. Today, I found my GV on Amazon is being used, immediately I called their support team and cancelled it on time. I stopped using this laptop for my personal use now.

 

[Broni]

No worries. We'll fix you up

Uninstall following unwanted program:

YTD Video Downloader

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[venkatbollu]

Here is the report of RK after Removing with the default ones, Please let me know if I can proceed with next steps.

RogueKiller V12.9.2.0 (x64) [Jan 9 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : venkat [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 01/09/2017 20:39:39 (Duration : 06:21:04)

¤¤¤ Processes : 2 ¤¤¤
[VT.Unknown] intravenous.exe(3976) -- C:\Program Files (x86)\Mutilated\intravenous.exe[-] -> Found
[VT.Unknown] tuileries.exe(3528) -- C:\Program Files (x86)\wells\tuileries.exe[-] -> Found

¤¤¤ Registry : 43 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (C:\Users\venkat\AppData\Roaming\BrowserExtensions\Coupons64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\csastats -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\IM -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\InterStat -> Not selected
[PUP.Hicosmea] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\magryful -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\ProductSetup -> Not selected
[Root.Wajam|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\WajIEnhance -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\csastats -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\IM -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\InterStat -> Not selected
[PUP.Hicosmea] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\magryful -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\ProductSetup -> Not selected
[Root.Wajam|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\WajIEnhance -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\AppDataLow\Software\Browser Extensions -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\AppDataLow\Software\Settings Manager -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\AppDataLow\Software\Browser Extensions -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\AppDataLow\Software\Settings Manager -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF} -> Not selected
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (C:\Users\venkat\AppData\Roaming\BrowserExtensions\Coupons64.dll) -> Not selected
[VT.a variant of MSIL/Adware.Dotdo.AP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | dennie : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | denniedennie : "C:\Program Files (x86)\Cappuccinos\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | scorning : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | scorningscorning : "C:\Program Files (x86)\Cappuccinos\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | bobsled : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | bobsledbobsled : "C:\Program Files (x86)\Cappuccinos\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | glioblastoma : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | glioblastomaglioblastoma : "C:\Program Files (x86)\Cappuccinos\intravenous.exe" [-] -> Deleted
[VT.Trojan.Win32.Generic!BT] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | tuileries : "C:\Program Files (x86)\wells\tuileries.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | transitioning : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> Deleted
[VT.a variant of MSIL/Adware.Dotdo.AP] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | bobsled : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> ERROR [2]
[VT.a variant of MSIL/Adware.Dotdo.AP] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | bobsledbobsled : "C:\Program Files (x86)\Cappuccinos\intravenous.exe" [-] -> ERROR [2]
[VT.a variant of MSIL/Adware.Dotdo.AP] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | glioblastoma : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> ERROR [2]
[VT.a variant of MSIL/Adware.Dotdo.AP] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | glioblastomaglioblastoma : "C:\Program Files (x86)\Cappuccinos\intravenous.exe" [-] -> ERROR [2]
[VT.Trojan.Win32.Generic!BT] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | tuileries : "C:\Program Files (x86)\wells\tuileries.exe" [-] -> ERROR [2]
[VT.a variant of MSIL/Adware.Dotdo.AP] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Run | transitioning : "C:\Program Files (x86)\Mutilated\intravenous.exe" [-] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowService ("C:\Users\venkat\AppData\Local\Temp\WS\realtek_amd64.exe") -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowService ("C:\Users\venkat\AppData\Local\Temp\WS\realtek_amd64.exe") -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C8E62E4B-A834-4FF3-AA3B-DBA2F07BC783} | NameServer : 10.100.101.1,202.153.32.2 ([][India]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C8E62E4B-A834-4FF3-AA3B-DBA2F07BC783} | NameServer : 10.100.101.1,202.153.32.2 ([][India]) -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[PUP.Gen1] \MPLClient -- C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe -> Not selected

¤¤¤ Files : 8 ¤¤¤
[PUP.Gen1][Folder] C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget -> Deleted
[PUP.Gen1][File] C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget\AnonymizerGadget.lnk -> Deleted
[Root.Wajam][File] C:\Windows\System32\drivers\05e17ce5d17dfc5d636ea0e242bde32d.sys -> Deleted
[PUP.Gen1][Folder] C:\Users\venkat\AppData\Roaming\AGData -> Deleted
[PUP.Gen1][File] C:\Users\venkat\AppData\Roaming\AGData\config.json -> Deleted
[PUP.Gen1][Folder] C:\Users\venkat\AppData\Roaming\InterStat -> Deleted
[PUP.Gen1][File] C:\Users\venkat\AppData\Roaming\InterStat\interstat.exe -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz\Driver Whiz.lnk -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz\Help.lnk -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz\Knowledgebase.lnk -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz\Uninstall Driver Whiz.lnk -> Deleted
[Root.Wajam][Folder] C:\Program Files\5929c638fefa71105006b49814f2cf43 -> Deleted
[Root.Wajam][File] C:\Program Files\5929c638fefa71105006b49814f2cf43\074d76efec6dff46548961c12890e9ec -> Deleted
[Root.Wajam][File] C:\Program Files\5929c638fefa71105006b49814f2cf43\1ce3109aacfecfb8582c64bbe6d37607\2bfeceabc7679e7e4815fe444c7782df.ico -> Deleted
[Root.Wajam][File] C:\Program Files\5929c638fefa71105006b49814f2cf43\1ce3109aacfecfb8582c64bbe6d37607\4959780bc8bcd59d90c5a4429866c299.ico -> Deleted
[Root.Wajam][File] C:\Program Files\5929c638fefa71105006b49814f2cf43\1ce3109aacfecfb8582c64bbe6d37607\580bf3a566a92fbee400f8e6dcc72d82.ico -> Deleted
[Root.Wajam][Folder] C:\Program Files\5929c638fefa71105006b49814f2cf43\1ce3109aacfecfb8582c64bbe6d37607 -> Deleted
[Root.Wajam][File] C:\Program Files\5929c638fefa71105006b49814f2cf43\2bfeceabc7679e7e4815fe444c7782df.ico -> Deleted
[Root.Wajam][File] C:\Program Files\5929c638fefa71105006b49814f2cf43\73b00286adbc8aa844b2cddec4a35a2c.exe -> Deleted
[Root.Wajam][File] C:\Program Files\5929c638fefa71105006b49814f2cf43\c0ff6eadad0f573a3518d117b02f7c97.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AnonymizerGadget -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AnonymizerGadget\AGUtils.dll -> Deleted
[PUP.Gen1][Folder] C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget -> ERROR [3]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://home.myplaycity.com/] -> Not selected
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://in.search.yahoo.com?type=407453&fr=spigot-yhp-ch] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60F3T1 ATA Device +++++
--- User ---
[MBR] 5b082a1f5ebf8c17b16cd18ce6fbe194
[BSP] 8897752b5ea6c545723591784672d3df : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 292259 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 598956032 | Size: 12785 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

[venkatbollu]

Log after Malwarebytes scan & deletion

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/10/17
Scan Time: 1:10 PM
Logfile: Malware fix.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.970
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Apoorva-PC\venkat

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424871
Time Elapsed: 10 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 39
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Delete-on-Reboot, [812], [161091],1.0.970
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Delete-on-Reboot, [812], [161091],1.0.970
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Delete-on-Reboot, [812], [161091],1.0.970
PUP.Optional.Spigot, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Delete-on-Reboot, [812], [161091],1.0.970
PUP.Optional.Spigot, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Delete-on-Reboot, [812], [161091],1.0.970
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Delete-on-Reboot, [812], [161091],1.0.970
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [1771], [-1],0.0.0
PUP.Optional.DriverWhiz, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverWhiz_RASAPI32, Delete-on-Reboot, [693], [336788],1.0.970
PUP.Optional.DriverWhiz, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverWhiz_RASMANCS, Delete-on-Reboot, [693], [336788],1.0.970
PUP.Optional.WinYahoo, HKU\S-1-5-21-3623452270-2088294941-995359613-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [116], [254683],1.0.970
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [116], [254683],1.0.970
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [116], [254683],1.0.970
PUP.Optional.Wajam, HKU\S-1-5-21-3623452270-2088294941-995359613-1001\SOFTWARE\WajIEnhance, Delete-on-Reboot, [130], [244670],1.0.970
PUP.Optional.SearchManager, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [647], [183362],1.0.970
PUP.Optional.Spigot, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DDCDB3CF-F1BE-4C58-8872-1D4E71DEA719}, Delete-on-Reboot, [812], [243431],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\3033876, Delete-on-Reboot, [1733], [255560],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\65824291, Delete-on-Reboot, [1733], [183038],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ba6582429165824291, Delete-on-Reboot, [1733], [183039],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\k3033876, Delete-on-Reboot, [1733], [183038],1.0.970
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSERVICE, Delete-on-Reboot, [1982], [357969],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54F6A112-253D-457D-B30E-365284D9F4B5}, Delete-on-Reboot, [1733], [183035],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9C2C5066-0403-4B03-ACF9-51B6923D592A}, Delete-on-Reboot, [1733], [183035],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B27E59F2-D932-4BCA-8C10-182C91A2E73E}, Delete-on-Reboot, [1733], [183036],1.0.970
PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe, Delete-on-Reboot, [9412], [262208],1.0.970
PUP.Optional.Social2Search, HKLM\SOFTWARE\WOW6432NODE\Socia2Sear Browser Enhancer, Delete-on-Reboot, [444], [345866],1.0.970
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f, Delete-on-Reboot, [580], [336950],1.0.970
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f, Delete-on-Reboot, [580], [336950],1.0.970
PUP.Optional.InstallCore, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\csastats, Delete-on-Reboot, [8], [260986],1.0.970
PUP.Optional.InstallCore, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\ICSW1.22, Delete-on-Reboot, [8], [239562],1.0.970
PUP.Optional.InterStat, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\InterStat, Delete-on-Reboot, [1694], [260518],1.0.970
PUP.Optional.Hicosmea, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\magryful, Delete-on-Reboot, [1283], [342228],1.0.970
PUP.Optional.ProductSetup, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [17019], [242047],1.0.970
PUP.Optional.Spigot, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\APPDATALOW\SOFTWARE\SETTINGS MANAGER, Delete-on-Reboot, [812], [256225],1.0.970
PUP.Optional.InterStat, HKU\S-1-5-21-3623452270-2088294941-995359613-1003_Classes\APPLICATIONS\interstat.exe, Delete-on-Reboot, [1694], [261503],1.0.970
PUP.Optional.Social2Search, HKLM\SOFTWARE\Socia2Sear Browser Enhancer, Delete-on-Reboot, [444], [345866],1.0.970
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [647], [260991],1.0.970
PUP.Optional.WinYahoo, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FB4FDF9-6DB4-47BA-848C-69EEB6AED48D}, Delete-on-Reboot, [116], [254682],1.0.970
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [647], [260991],1.0.970
PUP.Optional.383Media, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe, Delete-on-Reboot, [9412], [262208],1.0.970

Registry Value: 17
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1771], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-3623452270-2088294941-995359613-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1771], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1771], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1771], [-1],0.0.0
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Delete-on-Reboot, [116], [254683],1.0.970
PUP.Optional.Spigot, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DDCDB3CF-F1BE-4C58-8872-1D4E71DEA719}|URL, Delete-on-Reboot, [812], [243431],1.0.970
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Delete-on-Reboot, [116], [254683],1.0.970
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSERVICE|IMAGEPATH, Delete-on-Reboot, [1982], [357969],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54F6A112-253D-457D-B30E-365284D9F4B5}|PATH, Delete-on-Reboot, [1733], [183035],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9C2C5066-0403-4B03-ACF9-51B6923D592A}|PATH, Delete-on-Reboot, [1733], [183035],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B27E59F2-D932-4BCA-8C10-182C91A2E73E}|PATH, Delete-on-Reboot, [1733], [183036],1.0.970
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|DESCRIPTION, Delete-on-Reboot, [580], [336950],1.0.970
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|DESCRIPTION, Delete-on-Reboot, [580], [336950],1.0.970
PUP.Optional.ProductSetup, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [17019], [242047],1.0.970
PUP.Optional.Spigot, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\APPDATALOW\SOFTWARE\SETTINGS MANAGER|HP_IE, Delete-on-Reboot, [812], [256225],1.0.970
PUP.Optional.Spigot, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\APPDATALOW\SOFTWARE\SETTINGS MANAGER|HP_FF, Delete-on-Reboot, [812], [256225],1.0.970
PUP.Optional.WinYahoo, HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FB4FDF9-6DB4-47BA-848C-69EEB6AED48D}|URL, Delete-on-Reboot, [116], [254682],1.0.970

Data Stream: 0
(No malicious items detected)

Folder: 30
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\MyStuffComponents, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\radio\Skins, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\weather, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\radio, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\USERS\APOORVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\997BUUHO.DEFAULT\CT2653012, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\conduit\cachedIcons, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.ConduitTB.Gen, C:\USERS\APOORVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\997BUUHO.DEFAULT\conduit, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\external, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\_metadata, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\USERS\VENKAT\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Delete-on-Reboot, [647], [182368],1.0.970
Adware.Wajam, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SOCIA2SEAR BROWSER ENHANCER, Delete-on-Reboot, [1771], [348378],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\searchplugin, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\defaults, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\META-INF, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\chrome, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\lib, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\USERS\APOORVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\997BUUHO.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}, Delete-on-Reboot, [715], [302405],1.0.970

File: 133
PUP.Optional.Conduit, C:\USERS\APOORVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\997BUUHO.DEFAULT\PREFS.JS, Replaced, [715], [301522],1.0.970
PUP.Optional.Conduit, C:\USERS\APOORVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\997BUUHO.DEFAULT\PREFS.JS, Replaced, [715], [301525],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\MyStuffComponents\list.json, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Cornflower_display_xml.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\radio\IP_Media_List.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\radio\Predefined_Media_List.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\radio\Recent_Media_List.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\radio\User_Media_List.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\weather\forecast_en.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\weather\history.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\LanguagePack.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\LocalSettings.txt, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\searchInNewTabData.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\ThirdPartyComponents.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\CT2653012\UserAdditionalComponents.xml, Delete-on-Reboot, [13519], [181765],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Cornflower_equalizer_dead.gif, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Cornflower_minimize.gif, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Cornflower_play.gif, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Cornflower_stop.gif, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Cornflower_vol.gif, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.ConduitTB.Gen, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\conduit\alertDB.sqlite, Delete-on-Reboot, [13519], [182257],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\common.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\lifecycle.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\settings.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\setup.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\utils.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\abtest.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\conf-sys.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\conf.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\nt_ptr.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\prefs-sys.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\prefs.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\settings-dev.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\udata.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\jquery-2.1.1.min.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\md5.min.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\string.min.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\underscore-min.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\AutoSuggest.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\contentscript.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\newtab-base.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\search-engines.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\search-form.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\search-redirect.js, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\background.html, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\favicon.ico, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\newtab.html, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\newtab.css, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\search.css, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\search2.css, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\styles.css, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\white_bg.css, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\external\normalize.css, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts\HelveticaNeue-Thin.otf, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts\neue-bold.woff, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts\neue.woff, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\01d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\01n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\02d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\02n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\03d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\03n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\04d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\04n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\09d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\09n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\10d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\10n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\11d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\11n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\13d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\13n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\50d.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\50n.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\128.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\16.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\48.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\close.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\bg.jpg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\bing.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\bluesky-bg.jpg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\brush.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\clock.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\cloud.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\cupcake-bg.jpg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\desk-bg.jpg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\doodle.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\down.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\google.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\mountain-bg.jpg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\sea-bg.jpg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\yahoo.png, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\yahoo.svg, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\_metadata\verified_contents.json, Delete-on-Reboot, [647], [182368],1.0.970
PUP.Optional.SearchManager, C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\manifest.json, Delete-on-Reboot, [647], [182368],1.0.970
Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\Settings.lnk, Delete-on-Reboot, [1771], [348378],1.0.970
Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\SignIn with Twitter.lnk, Delete-on-Reboot, [1771], [348378],1.0.970
Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\Social2Search Website.lnk, Delete-on-Reboot, [1771], [348378],1.0.970
PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.BAT, Replaced, [18380], [303357],1.0.970
PUP.Optional.Conduit, C:\USERS\APOORVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\997BUUHO.DEFAULT\SEARCHPLUGINS\conduit.xml, Delete-on-Reboot, [715], [236690],1.0.970
PUP.Optional.SearchManager, C:\USERS\VENKAT\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Delete-on-Reboot, [647], [260989],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, C:\PROGRAMDATA\NTUSER.POL, Delete-on-Reboot, [1733], [-1],0.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Delete-on-Reboot, [1733], [-1],0.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\65824291, Delete-on-Reboot, [1733], [183029],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\k3033876, Delete-on-Reboot, [1733], [183029],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\3033876, Delete-on-Reboot, [1733], [255550],1.0.970
PUP.Optional.Conduit, C:\USERS\APOORVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\997BUUHO.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}\INSTALL.RDF, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\chrome\veoh_web_player.jar, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\ConduitAutoCompleteSearch.js, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\ConduitAutoCompleteSearch.xpt, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\ConduitToolbar.idl, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\ConduitToolbar.js, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\ConduitToolbar.xpt, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dll, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.xpt, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dll, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.xpt, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\defaults\default_radio_skin.xml, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\defaults\fbAlert.js, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\lib\xpcom.js, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\META-INF\manifest.mf, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\META-INF\zigbert.rsa, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\META-INF\zigbert.sf, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\searchplugin\conduit.gif, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\searchplugin\conduit.ico, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\searchplugin\conduit.PNG, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\searchplugin\conduit.src, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\searchplugin\conduit.xml, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\chrome.manifest, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.Conduit, C:\Users\Apoorva\AppData\Roaming\Mozilla\Firefox\Profiles\997buuho.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\version.txt, Delete-on-Reboot, [715], [302405],1.0.970
PUP.Optional.SearchManager, C:\USERS\VENKAT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Delete-on-Reboot, [647], [260990],1.0.970
PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.BAT, Replaced, [18380], [303355],1.0.970
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\ba6582429165824291, Delete-on-Reboot, [1733], [183030],1.0.970

Physical Sector: 0
(No malicious items detected)


(end)

 

[venkatbollu]

FYI, I had to run the Malwarebytes and AdwCleaner from Safemode. The normal mode didn't open their instances at all. After the AdwCleaner cleaning the lappy I still see the process intravenous in the task manager but this it is only one instance compare to 7to 8 earlier.

# AdwCleaner v6.042 - Logfile created 10/01/2017 at 15:07:24
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-10.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : venkat - APOORVA-PC
# Running from : C:\Users\venkat\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Apoorva\AppData\LocalLow\HPAppData


***** [ Files ] *****

[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_onclickads.net_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_onclickads.net_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_gostudyhq.dl.tb.ask.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_gostudyhq.dl.tb.ask.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_onclickads.net_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_onclickads.net_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_search.fulltabsearch.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_search.fulltabsearch.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_ttdetect.staticimgfarm.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_ttdetect.staticimgfarm.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_vmware-workstation.en.softonic.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_vmware-workstation.en.softonic.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.isanalyze.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.isanalyze.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.terraclicks.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.terraclicks.com_0.localstorage-journal
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.webcrawler.com_0.localstorage
[-] File deleted: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.webcrawler.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKU\S-1-5-21-3623452270-2088294941-995359613-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3623452270-2088294941-995359613-1001\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\AppDataLow\Software\Browser Extensions
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Browser Extensions
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Browser Extensions
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Key deleted: HKU\S-1-5-21-3623452270-2088294941-995359613-1001\Software\Microsoft\Internet Explorer\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44ABC3C2-5D64-4595-8525-AC74CF2FF4E0}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key deleted: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f


***** [ Web browsers ] *****

[-] [C:\Users\venkat\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\venkat\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_btlrd_16_27&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyE0F0FyE0D0CyBtByC0BtN0D0Tzu0StCyCyEyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtCyBtB0DzyyB0BtGtCyEyE0CtGyC0C0EyBtGyC0AyD0DtGyByCtD0FyBzytAyB0DtDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0AzyyDtCyBtAtGzz0B0BzztGyEyEtBzztGzyyDyCzytGzzyByDtD0B0FzyyByCzz0E0D2QtN0A0LzuyE%26cr%3D76462763%26a%3Dwnf_btlrd_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm
[-] [C:\Users\venkat\AppData\Local\Chromium\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\venkat\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_btlrd_16_27&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutD0CyCtDyByCyE0F0FyE0D0CyBtByC0BtN0D0Tzu0StCyCyEyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtCyBtB0DzyyB0BtGtCyEyE0CtGyC0C0EyBtGyC0AyD0DtGyByCtD0FyBzytAyB0DtDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0AzyyDtCyBtAtGzz0B0BzztGyEyEtBzztGzyyDyCzytGzzyByDtD0B0FzyyByCzz0E0D2QtN0A0LzuyE%26cr%3D76462763%26a%3Dwnf_btlrd_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm
[-] [C:\Users\Apoorva\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com_
[-] [C:\Users\Apoorva\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mpc
[-] [C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://in.search.yahoo.com?type=407453&fr=spigot-yhp-ch
[-] [C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://home.myplaycity.com/
[-] [C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9273 Bytes] - [10/01/2017 15:07:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [8400 Bytes] - [10/01/2017 14:49:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [8472 Bytes] - [10/01/2017 15:00:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9492 Bytes] ##########

 

[venkatbollu]

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by venkat (Administrator) on 10/01/2017 at 15:56:31.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 66

Successfully deleted: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08D3IHN0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F7FRCKE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17DNJPIG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2316NULY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J5U2THL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XJ7XRZW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LCZPGKB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YTXQZK4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9394K6MS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97JX0KPF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARDFT2MM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYLNHIUB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDKZ5Q41 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E17TPBMU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK4KQX22 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXKQKTUX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GD623814 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNCT221X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6AZ9MFI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUTEMPK2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQNVYANW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORJHMK7M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8NSRCUS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8UWP984 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4EYBB27 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOIT1SNK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2AKZH5M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6OVSK4G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X92RXI1S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJWPR9R3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGQVC4E5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\venkat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM51ZSKB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08D3IHN0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F7FRCKE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17DNJPIG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2316NULY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J5U2THL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XJ7XRZW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LCZPGKB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YTXQZK4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9394K6MS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97JX0KPF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARDFT2MM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYLNHIUB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDKZ5Q41 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E17TPBMU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK4KQX22 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXKQKTUX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GD623814 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNCT221X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6AZ9MFI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUTEMPK2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQNVYANW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORJHMK7M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8NSRCUS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8UWP984 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4EYBB27 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOIT1SNK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2AKZH5M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6OVSK4G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X92RXI1S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJWPR9R3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGQVC4E5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM51ZSKB (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/01/2017 at 16:14:54.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[venkatbollu]

ComboFix 17-01-04.01 - venkat 10/01/2017 20:45:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.367 [GMT -5:00]
Running from: c:\users\venkat\Desktop\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Desktop\Download Driver Whiz Cr...lnk
c:\users\venkat\AppData\Local\intravenous.exe
c:\windows\OracleDatabaseXEServerInstall.log
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2016-12-11 to 2017-01-11 )))))))))))))))))))))))))))))))
.
.
2017-01-11 02:11 . 2017-01-11 02:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-11 02:11 . 2017-01-11 02:11 -------- d-----w- c:\users\Apoorva\AppData\Local\temp
2017-01-10 20:50 . 2017-01-10 20:50 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FEB60D5-110C-4B93-897B-D987C426ACC7}\offreg.920.dll
2017-01-10 19:43 . 2017-01-10 20:07 -------- d-----w- C:\AdwCleaner
2017-01-10 19:43 . 2017-01-10 19:43 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FEB60D5-110C-4B93-897B-D987C426ACC7}\offreg.776.dll
2017-01-10 18:07 . 2017-01-10 18:07 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-01-10 18:07 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FEB60D5-110C-4B93-897B-D987C426ACC7}\mpengine.dll
2017-01-10 18:07 . 2017-01-11 00:33 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-01-10 18:07 . 2017-01-11 00:33 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-10 18:07 . 2017-01-11 01:37 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-10 18:07 . 2017-01-11 01:37 250816 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-10 18:06 . 2016-12-14 17:55 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-01-10 18:06 . 2017-01-10 18:06 -------- d-----w- c:\users\venkat\AppData\Local\CrashDumps
2017-01-10 01:39 . 2017-01-10 10:09 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-10 01:34 . 2017-01-10 01:34 -------- d-----w- c:\program files\RogueKiller
2017-01-10 01:33 . 2017-01-10 10:04 -------- d-----w- c:\programdata\RogueKiller
2017-01-09 03:23 . 2017-01-09 18:24 -------- d-----w- C:\FRST
2017-01-07 18:42 . 2017-01-07 18:42 -------- d-----w- c:\programdata\Malwarebytes
2017-01-07 18:42 . 2017-01-07 18:42 -------- d-----w- c:\program files\Malwarebytes
2017-01-06 22:17 . 2016-07-06 22:19 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2017-01-06 22:17 . 2016-07-06 22:19 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25D40805-F95F-4081-90F0-B4EAF9BD027D}\gapaengine.dll
2017-01-06 22:12 . 2016-11-17 18:56 11781064 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-01-06 21:23 . 2017-01-06 21:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2017-01-06 21:23 . 2017-01-06 21:25 -------- d-----w- c:\program files\Microsoft Security Client
2017-01-05 22:38 . 2017-01-11 01:36 -------- d-----w- c:\program files\Common Files\McAfee
2017-01-05 21:39 . 2017-01-05 21:39 -------- d-s---w- c:\windows\SysWow64\Microsoft
2017-01-05 17:46 . 2017-01-05 17:46 -------- d--h--w- c:\program files (x86)\wells
2017-01-05 17:46 . 2017-01-05 17:46 -------- d--h--w- c:\program files (x86)\Cappuccinos
2017-01-05 17:46 . 2017-01-05 17:46 -------- d--h--w- c:\program files (x86)\Mutilated
2017-01-05 17:44 . 2017-01-05 17:44 -------- d-----w- c:\users\venkat\AppData\Local\CEF
2017-01-05 17:42 . 2014-06-02 04:43 812248 ---h--w-.exe c:\progra~2\INTERN~1\IPLRBT~1.EXE
2017-01-05 08:42 . 2017-01-05 08:42 10752 ----a-w- c:\windows\seventeen.exe
2016-12-31 20:46 . 2016-12-31 20:46 -------- d-----w- c:\windows\SysWow64\config\systemprofile\teampostgresql_rev_20150325
2016-12-31 20:12 . 2016-12-31 20:21 -------- d-----w- c:\program files (x86)\TeamPostgreSQL
2016-12-31 04:25 . 2016-12-31 04:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-12-31 02:40 . 2010-09-11 15:51 439808 ----a-w- c:\windows\system32\athihvs.dll
2016-12-31 02:34 . 2016-12-31 02:34 -------- d-----w- c:\program files (x86)\Cisco
2016-12-31 02:05 . 2016-12-31 02:05 -------- d-----w- c:\users\venkat\.spss
2016-12-31 01:32 . 2016-12-31 01:32 -------- d-----w- c:\users\venkat\AppData\Roaming\HP TCS
2016-12-31 01:13 . 2016-12-31 01:13 -------- d-----w- c:\users\venkat\AppData\Roaming\CyberLink
2016-12-31 01:12 . 2016-12-31 01:12 -------- d-----w- c:\users\Public\CyberLink
2016-12-30 17:45 . 2016-12-31 02:37 -------- d-----w- c:\users\venkat\AppData\Roaming\pgAdmin
2016-12-30 04:21 . 2016-12-30 04:21 -------- d-----w- c:\program files\PostgreSQL
2016-12-17 20:32 . 2016-12-17 20:32 -------- d-----w- c:\windows\system32\config\systemprofile\Oracle
2016-12-17 20:21 . 2016-12-17 21:02 -------- d-----w- c:\users\venkat\AppData\Roaming\SQL Developer
2016-12-17 20:21 . 2016-12-17 20:21 -------- d-----w- c:\programdata\Oracle
2016-12-17 20:21 . 2016-12-17 20:21 -------- d-----w- c:\users\venkat\AppData\Roaming\sqldeveloper
2016-12-17 19:59 . 2016-12-17 19:59 -------- d-----w- c:\users\venkat\Oracle
2016-12-17 19:58 . 2016-12-17 19:58 -------- d-----w- C:\oraclexe
2016-12-17 19:10 . 2016-12-17 19:10 -------- d-----w- c:\programdata\Quest Software
2016-12-17 19:10 . 2002-08-09 13:00 227328 ----a-w- c:\windows\SysWow64\vclie70.bpl
2016-12-17 19:10 . 2005-01-08 08:00 24064 ----a-w- c:\windows\SysWow64\CS30Inspectors70.bpl
2016-12-17 19:10 . 2002-08-09 13:00 778240 ----a-w- c:\windows\SysWow64\rtl70.bpl
2016-12-17 19:10 . 2002-08-09 13:00 1381376 ----a-w- c:\windows\SysWow64\vcl70.bpl
2016-12-17 19:10 . 2016-12-17 19:10 -------- d-----w- c:\program files (x86)\Raize
2016-12-17 19:10 . 2017-01-08 03:21 -------- d-----w- c:\program files (x86)\Quest Software
2016-12-17 18:55 . 2016-12-17 18:55 -------- d-----w- c:\users\venkat\AppData\Roaming\Dell
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-11 02:11 . 2016-05-20 12:54 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-11 02:11 . 2011-10-12 14:30 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-29 00:41 . 2016-10-29 00:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F25A51C8-0D0E-4FA1-BBAB-D058B227F1A2}\offreg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"lxcymon.exe"="c:\program files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 3400 Series\ezprint.exe" [2009-05-01 82600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [x]
R2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
R2 ModuleCoreService;McAfee Module Core Service;c:\program files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe;c:\program files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamPostgreSQL Service;TeamPostgreSQL Service;c:\program files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe;c:\program files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 mfeplk;McAfee Inc. mfeplk;c:\windows\system32\drivers\mfeplk.sys;c:\windows\SYSNATIVE\drivers\mfeplk.sys [x]
R3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe;c:\windows\SYSNATIVE\lxcycoms.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 PEFService;Intel Security PEF Service;c:\program files\Common Files\Intel Security\PEF\CORE\PEFService.exe;c:\program files\Common Files\Intel Security\PEF\CORE\PEFService.exe [x]
S2 postgresql-x64-9.6;postgresql-x64-9.6 - PostgreSQL Server 9.6;c:\program files\PostgreSQL\9.6\bin\pg_ctl.exe;c:\program files\PostgreSQL\9.6\bin\pg_ctl.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20 02:11]
.
2017-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job
- c:\users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 04:55]
.
2017-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job
- c:\users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 04:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"lxcymon.exe"="c:\program files (x86)\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86)\Lexmark 3400 Series\ezprint.exe" [2009-05-01 82600]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll" [2006-11-21 31744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-15 1353680]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2016-12-14 2776528]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all by FlashGet3 - c:\users\venkat\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\venkat\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0411
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0412
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C}\Lang0804
IE: {{48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\progra~2\mcafee\SITEAD~1\mcieplg.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C8E62E4B-A834-4FF3-AA3B-DBA2F07BC783}: NameServer = 10.100.101.1,202.153.32.2
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Chromium - c:\users\venkat\appdata\local\chromium\application\chrome.exe
Wow6432Node-HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-MBAMChameleon
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}\WeatherBugSetup.exe
AddRemove-{78E2C850-ADA6-420D-BA35-2F4A9BE733CC} - c:\program files (x86)\InstallShield Installation Information\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-10 21:19:02
ComboFix-quarantined-files.txt 2017-01-11 02:19
.
Pre-Run: 121,755,856,896 bytes free
Post-Run: 124,118,835,200 bytes free
.
- - End Of File - - B61BB4BA927333B2494377B2E305937D
35EA64985AEEE03BA30EE782A6A3542E

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[venkatbollu]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by venkat (administrator) on APOORVA-PC (12-01-2017 09:40:02)
Running from C:\Users\venkat\Desktop\New folder
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
() C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
(Lexmark International Inc.) C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Cappuccinos\intravenous.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [lxcymon.exe] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2122AD89-0CB0-42C3-A5A6-4543E492E6B1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-24] (HP)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\venkat\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-24] (HP)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\venkat\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011-02-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2011-12-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-28]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-28]
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-19]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-19]
CHR Extension: (Google Drive) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-19]
CHR Extension: (YouTube) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-19]
CHR Extension: (Ebates Cash Back) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-12-25]
CHR Extension: (FullTab) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcgefogogljdgjcegkpkdjocajhlpdko [2017-01-05]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-19]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-19]
CHR Extension: (AdBlock) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-17]
CHR Extension: (Search) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhlambmdchnamjafiahpoonaaoicoocn [2017-01-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-07-18]
CHR Extension: (Wikibuy) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2016-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-19]
CHR Extension: (Gmail) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-19]
CHR Extension: (Chrome Media Router) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-25] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 postgresql-x64-9.6; C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe [94720 2016-10-25] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 TeamPostgreSQL Service; C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe [197120 2016-10-06] () [File not signed]
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 lxcy_device; C:\Windows\system32\lxcycoms.exe -service [X]
S2 McBootDelayStartSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 ModuleCoreService; "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-12] (Malwarebytes)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 09:34 - 2017-01-12 09:40 - 00000000 ____D C:\Users\venkat\Desktop\New folder
2017-01-11 13:13 - 2017-01-11 13:13 - 00000178 _____ C:\lxcy.log
2017-01-11 11:41 - 2017-01-11 11:41 - 00013825 _____ C:\Users\venkat\Desktop\iexplore - Shortcut.lnk
2017-01-10 21:19 - 2017-01-10 21:19 - 00025133 _____ C:\ComboFix.txt
2017-01-10 20:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-10 20:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-10 20:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-10 20:41 - 2017-01-10 21:19 - 00000000 ____D C:\Qoobox
2017-01-10 20:41 - 2017-01-10 21:16 - 00000000 ____D C:\Windows\erdnt
2017-01-10 20:33 - 2017-01-10 20:34 - 05659315 ____R (Swearware) C:\Users\venkat\Desktop\ComboFix.exe
2017-01-10 19:39 - 2017-01-10 19:39 - 00014081 _____ C:\Users\venkat\Desktop\chrome - Shortcut.lnk
2017-01-10 15:57 - 2017-01-10 15:58 - 00425069 _____ C:\Users\venkat\Downloads\EAd.zip
2017-01-10 15:47 - 2017-01-10 15:48 - 01663040 _____ (Malwarebytes) C:\Users\venkat\Downloads\JRT.exe
2017-01-10 14:43 - 2017-01-10 15:07 - 00000000 ____D C:\AdwCleaner
2017-01-10 14:42 - 2017-01-10 14:43 - 03988944 _____ C:\Users\venkat\Downloads\AdwCleaner.exe
2017-01-10 13:34 - 2017-01-10 13:34 - 00042552 _____ C:\Users\venkat\Desktop\Malwarebytes fix.txt
2017-01-10 13:07 - 2017-01-12 09:16 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-10 13:07 - 2017-01-12 09:16 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-10 13:07 - 2017-01-12 09:16 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-10 13:07 - 2017-01-11 15:39 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-10 13:07 - 2017-01-10 13:07 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-10 13:06 - 2017-01-12 09:42 - 00000000 ____D C:\Users\venkat\AppData\Local\CrashDumps
2017-01-10 13:06 - 2017-01-11 17:44 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-10 13:06 - 2017-01-10 13:45 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 13:06 - 2017-01-10 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 05:18 - 2017-01-10 05:19 - 54199488 _____ (Malwarebytes ) C:\Users\venkat\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-09 20:39 - 2017-01-10 21:48 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-09 20:33 - 2017-01-10 05:04 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-09 20:28 - 2017-01-09 20:30 - 34710200 _____ (Adlice Software ) C:\Users\venkat\Downloads\RogueKiller setup.exe
2017-01-09 12:42 - 2017-01-09 13:24 - 00054237 _____ C:\Users\venkat\Downloads\Addition.txt
2017-01-09 11:16 - 2017-01-09 13:24 - 00057684 _____ C:\Users\venkat\Downloads\FRST.txt
2017-01-08 23:06 - 2017-01-08 23:06 - 00006628 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx.txt
2017-01-08 22:38 - 2017-01-08 22:42 - 00054677 _____ C:\Users\venkat\Downloads\Addition_bkp.txt
2017-01-08 22:32 - 2017-01-08 22:39 - 00003313 _____ C:\Users\venkat\Desktop\My Portfolio.csv
2017-01-08 22:29 - 2017-01-08 22:42 - 00059147 _____ C:\Users\venkat\Downloads\FRST_bkp.txt
2017-01-08 22:23 - 2017-01-12 09:40 - 00000000 ____D C:\FRST
2017-01-08 21:39 - 2017-01-08 21:40 - 02193920 _____ (Farbar) C:\Users\venkat\Downloads\FRST64.exe
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-07 13:27 - 2017-01-07 13:27 - 00003156 _____ C:\Windows\System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111}
2017-01-06 22:03 - 2017-01-07 07:44 - 00007601 _____ C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-06 16:25 - 2017-01-06 16:25 - 00001945 _____ C:\Windows\epplauncher.mif
2017-01-06 16:24 - 2017-01-06 16:24 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-01-06 16:23 - 2017-01-06 16:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-01-06 16:23 - 2017-01-06 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-01-05 23:14 - 2017-01-10 16:14 - 00011260 _____ C:\Users\venkat\Desktop\JRT.txt
2017-01-05 17:38 - 2017-01-10 20:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-05 17:00 - 2017-01-05 18:18 - 00000034 _____ C:\Users\venkat\Desktop\MCafee SR#.txt
2017-01-05 12:46 - 2017-01-05 12:47 - 00003654 _____ C:\Windows\System32\Tasks\ba30338763033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00003642 _____ C:\Windows\System32\Tasks\bak3033876k3033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\wells
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\Mutilated
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\Cappuccinos
2017-01-05 12:44 - 2017-01-05 12:44 - 00000000 ____D C:\Users\venkat\AppData\Local\CEF
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ C:\Windows\seventeen.exe
2017-01-01 15:47 - 2017-01-01 23:50 - 00009080 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx
2016-12-31 15:21 - 2016-12-31 15:21 - 00001181 ____N C:\Users\Public\Desktop\TeamPostgreSQL Web Client.lnk
2016-12-31 15:21 - 2016-12-31 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamPostgreSQL
2016-12-31 15:12 - 2016-12-31 15:21 - 00000000 ____D C:\Program Files (x86)\TeamPostgreSQL
2016-12-30 21:40 - 2010-09-11 10:51 - 00439808 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-12-30 21:34 - 2016-12-30 21:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-12-30 21:25 - 2016-12-30 21:25 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\venkat\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\Documents\SafeNet Sentinel
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\.spss
2016-12-30 20:32 - 2016-12-30 20:32 - 00000000 ____D C:\Users\venkat\AppData\Roaming\HP TCS
2016-12-30 20:13 - 2016-12-30 20:13 - 00000000 ____D C:\Users\venkat\AppData\Roaming\CyberLink
2016-12-30 20:12 - 2016-12-30 20:12 - 00000000 ____D C:\Users\Public\CyberLink
2016-12-30 20:09 - 2016-12-30 20:12 - 00000000 ____D C:\Users\venkat\Documents\Youcam
2016-12-30 15:13 - 2016-12-31 13:26 - 00000000 ____D C:\Users\venkat\Desktop\Postgres
2016-12-30 12:45 - 2016-12-30 21:37 - 00000000 ____D C:\Users\venkat\AppData\Roaming\pgAdmin
2016-12-29 23:28 - 2016-12-29 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.6
2016-12-29 23:21 - 2016-12-29 23:21 - 00000000 ____D C:\Program Files\PostgreSQL
2016-12-28 17:54 - 2016-12-28 17:54 - 00014785 _____ C:\Users\venkat\Desktop\xe~1.sql
2016-12-28 17:54 - 2016-12-28 17:54 - 00001479 _____ C:\Users\venkat\xe.sql
2016-12-25 18:08 - 2017-01-10 11:13 - 00010932 _____ C:\Users\venkat\Desktop\Important Days & bills.xlsx
2016-12-21 13:34 - 2016-12-21 13:35 - 04700160 _____ C:\Users\venkat\Downloads\remote area.xls
2016-12-20 17:33 - 2016-12-20 19:28 - 00000000 ____D C:\Users\venkat\Desktop\New Technologies
2016-12-17 15:21 - 2016-12-17 16:02 - 00000000 ____D C:\Users\venkat\AppData\Roaming\SQL Developer
2016-12-17 15:21 - 2016-12-17 15:21 - 00001612 ____N C:\Users\venkat\Desktop\sqldeveloper.exe - Shortcut.lnk
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\Users\venkat\AppData\Roaming\sqldeveloper
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-12-17 15:19 - 2016-12-17 15:19 - 00000000 ____D C:\Users\venkat\Desktop\sqldeveloper-4.2.0.16.260.1303-x64
2016-12-17 14:59 - 2016-12-17 14:59 - 00000000 ____D C:\Users\venkat\Oracle
2016-12-17 14:58 - 2016-12-17 14:58 - 00000000 ____D C:\oraclexe
2016-12-17 14:33 - 2016-12-17 14:33 - 00003102 _____ C:\Windows\System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901}
2016-12-17 14:26 - 2016-12-17 14:26 - 00000624 _____ C:\Users\venkat\Desktop\tnsnames.ora
2016-12-17 14:10 - 2017-01-07 22:21 - 00000000 ____D C:\Program Files (x86)\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\Program Files (x86)\Raize
2016-12-17 14:10 - 2005-01-08 03:00 - 00024064 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\CS30Inspectors70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 01381376 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vcl70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 00778240 _____ (Borland Software Corporation) C:\Windows\SysWOW64\rtl70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 00227328 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vclie70.bpl
2016-12-17 13:55 - 2016-12-17 13:55 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Dell
2016-12-17 13:49 - 2016-12-17 13:49 - 00046441 _____ C:\Users\venkat\Downloads\dataDec-17-2016 (1).sql
2016-12-17 13:47 - 2016-12-17 16:01 - 00043163 _____ C:\Users\venkat\Downloads\dataDec-17-2016.sql
2016-12-16 21:01 - 2016-12-28 17:02 - 00000000 ____D C:\Users\venkat\Desktop\Freelancers

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 09:41 - 2009-09-30 08:38 - 01294883 _____ C:\Windows\WindowsUpdate.log
2017-01-12 09:23 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-12 09:23 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-12 09:16 - 2009-09-30 08:55 - 00000290 _____ C:\ProgramData\hpqp.ini
2017-01-12 09:15 - 2016-07-23 04:40 - 00000000 ____D C:\ProgramData\VMware
2017-01-12 09:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-12 09:15 - 2009-07-13 23:51 - 00205204 _____ C:\Windows\setupact.log
2017-01-11 18:11 - 2016-05-20 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-11 18:00 - 2010-12-22 22:28 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job
2017-01-11 13:13 - 2010-01-13 18:10 - 00516630 _____ C:\Windows\PFRO.log
2017-01-10 21:48 - 2016-10-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-10 21:19 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2017-01-10 21:13 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-01-10 21:11 - 2016-05-20 07:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 21:11 - 2016-05-20 07:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 21:11 - 2011-10-12 09:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 21:11 - 2011-10-12 09:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 21:11 - 2009-08-21 12:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 20:36 - 2016-10-28 22:09 - 00000000 ____D C:\Program Files\McAfee
2017-01-10 18:19 - 2016-09-21 19:18 - 00000000 ____D C:\Users\venkat\Desktop\EAD
2017-01-10 13:25 - 2010-01-13 17:30 - 00002054 _____ C:\Users\Public\Desktop\Accessories.lnk
2017-01-10 01:00 - 2010-12-22 22:28 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job
2017-01-09 20:14 - 2016-07-24 08:59 - 00000000 ____D C:\ProgramData\LightScribe
2017-01-09 17:23 - 2016-07-17 09:06 - 00000235 _____ C:\Users\venkat\Desktop\bags with tsa locks.txt
2017-01-08 23:00 - 2016-07-16 10:26 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Skype
2017-01-08 21:05 - 2010-04-21 18:27 - 00000000 ____D C:\ProgramData\Recovery
2017-01-08 21:00 - 2010-01-13 17:15 - 00118592 _____ C:\Users\Apoorva\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 20:55 - 2010-12-22 22:29 - 00002285 _____ C:\Users\Apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 20:55 - 2010-12-22 22:29 - 00002255 _____ C:\Users\Apoorva\Desktop\Google Chrome.lnk
2017-01-08 13:51 - 2016-07-24 10:36 - 00000000 ____D C:\Users\venkat\AppData\Local\Downloaded Installations
2017-01-08 13:10 - 2010-09-12 17:57 - 00000000 ____D C:\Users\Apoorva\Documents\My Received Files
2017-01-07 23:23 - 2016-07-23 04:53 - 00000000 ____D C:\Users\venkat\AppData\Roaming\VMware
2017-01-07 13:49 - 2016-07-24 11:52 - 00000000 ____D C:\ProgramData\Nero
2017-01-07 13:41 - 2016-07-24 11:54 - 00000188 _____ C:\Windows\SysWOW64\MsiExec.exe.log
2017-01-07 11:04 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat\AppData\Local\VirtualStore
2017-01-06 20:40 - 2011-09-30 10:21 - 00000000 ____D C:\Windows\Minidump
2017-01-05 22:13 - 2016-07-16 03:03 - 00000000 ____D C:\Users\venkat\Desktop\Movies
2017-01-05 18:28 - 2016-10-28 22:14 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-05 18:27 - 2016-10-28 22:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-05 18:21 - 2016-10-28 22:08 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-05 17:09 - 2009-07-14 00:13 - 00786806 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 17:04 - 2016-10-28 21:47 - 00000000 ____D C:\Users\venkat\AppData\Local\LogMeIn Rescue Applet
2017-01-05 12:43 - 2010-01-13 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-05 12:42 - 2016-05-28 03:09 - 00002327 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-05 12:42 - 2016-05-20 07:24 - 00002157 ____R C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2017-01-05 12:41 - 2016-05-28 03:09 - 00002315 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-12-31 15:26 - 2016-07-26 07:01 - 00000000 ____D C:\Users\venkat\AppData\Roaming\BITS
2016-12-31 10:13 - 2010-01-31 21:52 - 00000000 ____D C:\Program Files\Google
2016-12-30 23:25 - 2016-05-28 03:01 - 00000000 ____D C:\Users\venkat\AppData\Local\Google
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-30 23:25 - 2010-01-13 17:57 - 00000000 ____D C:\ProgramData\Google
2016-12-30 21:40 - 2011-04-16 17:15 - 00000000 ____D C:\Windows\system32\nn-NO
2016-12-30 21:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2016-12-30 21:29 - 2016-05-20 07:26 - 00000000 ____D C:\Users\venkat\AppData\Local\Hewlett-Packard
2016-12-30 21:07 - 2009-08-21 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-30 21:05 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat
2016-12-30 20:48 - 2011-04-22 22:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 20:17 - 2011-02-26 22:03 - 00000000 ____D C:\ProgramData\UAB
2016-12-30 20:10 - 2009-08-21 13:48 - 00000000 ____D C:\ProgramData\CyberLink
2016-12-29 23:19 - 2016-07-24 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 16:10 - 2016-09-15 21:04 - 00000087 _____ C:\Users\venkat\AppData\default.pls
2016-12-17 16:18 - 2016-08-01 04:54 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Notepad++
2016-12-17 14:37 - 2010-01-13 17:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-16 17:54 - 2010-02-15 13:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 17:54 - 2010-02-15 13:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2016-08-10 00:17 - 2016-08-10 00:17 - 0004096 ____H () C:\Users\venkat\AppData\Local\keyfile3.drm
2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-06 22:03 - 2017-01-07 07:44 - 0007601 _____ () C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2009-09-30 08:55 - 2017-01-12 09:16 - 0000290 _____ () C:\ProgramData\hpqp.ini
2010-11-08 21:09 - 2014-05-02 22:40 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-01-13 17:48 - 2017-01-08 21:15 - 0001282 _____ () C:\ProgramData\HPWALog.txt
2011-01-08 18:46 - 2011-04-30 21:09 - 0001257 _____ () C:\ProgramData\hpzinstall.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-21 13:55 - 2009-08-21 13:55 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-30 08:56 - 2009-09-30 08:56 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-21 13:49 - 2009-08-21 13:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-30 08:56 - 2009-09-30 08:56 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-21 13:48 - 2009-08-21 13:49 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-21 13:51 - 2009-08-21 13:55 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Apoorva\jagex_runescape_preferences.dat


Some files in TEMP:
====================
C:\Users\venkat\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-07-08 21:25

==================== End of FRST.txt ============================

 

[venkatbollu]

Addition Log - 1
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by venkat (2017-01-12 09:42:49)
Running from C:\Users\venkat\Desktop\New folder
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-13 22:08:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3623452270-2088294941-995359613-500 - Administrator - Disabled)
Apoorva (S-1-5-21-3623452270-2088294941-995359613-1001 - Administrator - Enabled) => C:\Users\Apoorva
Guest (S-1-5-21-3623452270-2088294941-995359613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3623452270-2088294941-995359613-1002 - Limited - Enabled)
venkat (S-1-5-21-3623452270-2088294941-995359613-1003 - Administrator - Enabled) => C:\Users\venkat
__vmware_user__ (S-1-5-21-3623452270-2088294941-995359613-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
BitTorrent (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CodeSite 3.0.1 Client Tools (HKLM-x32\...\CodeSite 3.0.1 Client Tools) (Version: 3.0 - Raize Software, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.005) - Open Text Corporation.)
FlashGet 3.3 (HKLM-x32\...\FlashGet 3.3) (Version: 3.3.0.1092 - http://www.FlashGet.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
PostgreSQL 9.6 (HKLM\...\PostgreSQL 9.6) (Version: 9.6 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.2.0 - Adlice Software)
RPS CRT (x32 Version: 9.0.40 - Bell) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TeamPostgreSQL 1.07 (HKLM-x32\...\0115-9748-2388-7305) (Version: 1.07 - Webworks SA)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VEX Programming Driver 64-bit (HKLM-x32\...\{00B74926-F27A-4661-8827-6BFCAFD35AF0}) (Version: 1.0.0.2 - VEX Robotics, Inc.)
VEXnet Firmware Upgrade Utility (HKLM-x32\...\VEXnet Firmware Upgrade Utility_is1) (Version: - )
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.5.1.5078 - VMware, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-01-2017 13:31:11 Removed Nero 8 Essentials. Available with Windows Installer version 1.2 and later.
07-01-2017 14:06:24 Removed Toad for Oracle
10-01-2017 15:57:07 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-05 16:17 - 2017-01-10 21:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C79267-0EC4-4985-882D-E7E935DB911B} - System32\Tasks\{F2F30F23-07ED-45A3-849C-B55476ECCFAF} => C:\Program Files (x86)\FirstClass\fcc32.exe [2011-02-15] (Open Text Inc.)
Task: {0E1DB523-5AB8-4747-85EA-BEEB91AA4867} - System32\Tasks\{E7958005-452C-41D7-9DF8-14E78BEBCCB6} => Chrome.exe http://ui.skype.com/ui/0/5.3.0.116....google-chrome:notoffered;ienotdefaultbrowser2
Task: {13F33A43-6318-47FD-A3C7-16E5BE070570} - System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901} => pcalua.exe -a F:\venkat\DATA\OracleXEClient.exe -d F:\venkat\DATA
Task: {1AA42887-21B2-4795-BF03-B9A3BD780FAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-07] (HP Inc.)
Task: {21D3B24C-5B7C-460F-B519-25DA61FEF396} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-08] (Hewlett-Packard)
Task: {3AB3CA47-0F53-487F-9244-90E5D4042065} - System32\Tasks\{EA460A63-A1D1-4BFF-AD39-98B87763B670} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
Task: {400A1DFE-1699-46DC-AD0E-AB676CE8C7D3} - System32\Tasks\{FAF9B758-61CE-4ECD-BF20-E49B8D2241F6} => pcalua.exe -a C:\Users\Apoorva\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Apoorva\Downloads
Task: {4ACE4019-02FA-4113-AAC4-5A1139E418F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {4B95C303-C0C1-4521-936B-3EB156890FAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {4D45399D-586E-42BF-BCD2-573CAB8B6119} - System32\Tasks\{6823A56D-DDC6-4B70-B152-0D965D06C1A3} => F:\adobe-master-cs4-keygen.exe
Task: {5309CFE5-ED98-40BB-B579-0914BAE25204} - System32\Tasks\{A86CC31E-76A7-4341-89DD-75CE59D7457D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -c -runfromtemp -l0x0009 -uninst -removeonly
Task: {53DF5D7F-66C9-4DE1-AE88-D45C11632981} - System32\Tasks\{97AE6B8B-F48F-4D2B-8286-745C193C3C2C} => F:\adobe-master-cs4-keygen.exe
Task: {65A3F676-92BC-4873-9F12-6B183064BC8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {761F6C41-F669-4B38-AB34-C0E89AB3028A} - System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111} => pcalua.exe -a "C:\Program Files (x86)\Windows Live Safety Center\wlschost.exe" -c -Uninstall
Task: {7A746220-D1E7-4DE8-B7C1-2A98F0C76856} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {7B23C974-6F2B-4C8D-9E6B-2F4593FB6682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {7B261AA9-7538-43ED-9927-C498780007AF} - System32\Tasks\ba30338763033876 => C:\Program Files (x86)\Cappuccinos\intravenous.exe [2017-01-05] ()
Task: {80BBF6EC-4102-4BBA-B843-3A55F21260AA} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {826FE22C-B0FF-4CF6-8E90-4FCE13EC2008} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {84F43933-098E-4187-BC12-ED32FB2D859B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {8AC9B359-2774-4C42-945D-96972DDDD3C2} - System32\Tasks\{A62FE67E-04F7-4FA7-ADAE-6AAE7C264E12} => F:\adobe-master-cs4-keygen.exe
Task: {9315B6A8-3E47-463E-9AEF-7CA62B1EEDC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {A100F944-0708-46F3-B701-70A612F256F7} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {A8C5C8E1-A339-4625-9317-2950683F350F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {D2D44C00-FD62-4039-AE4B-FA5E4BF9C508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D92E1664-B5CB-4742-B020-DA5C814F91B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {DB481021-DDF9-4603-B123-946F004563B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCDC0242-F5FE-48C2-8944-D77046A0C242} - System32\Tasks\{B6493AA2-6DCF-4DB4-8540-1313591AD2B7} => F:\adobe-master-cs4-keygen.exe
Task: {E3E4A235-E952-40C3-85FC-2789F325AAE5} - System32\Tasks\bak3033876k3033876 => C:\Program Files (x86)\leander\leander.exe
Task: {EF3D6DEF-1AE9-4A8B-8A71-6114B5E4CBF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {F5ED44E4-7C17-4D17-AC67-BD0DA4B35077} - System32\Tasks\{420B1986-45F9-4D13-9576-68D05B728CDD} => F:\adobe-master-cs4-keygen.exe
Task: {FBD6E98F-D49E-43CC-9325-1CB10B620B4E} - \3033876 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2016-12-29 23:23 - 2016-10-25 05:08 - 00182784 _____ () C:\Program Files\PostgreSQL\9.6\bin\LIBPQ.dll
2009-08-21 13:55 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-12-29 23:28 - 2016-08-01 05:29 - 02264576 _____ () C:\Program Files\PostgreSQL\9.6\bin\libxml2.dll
2016-12-31 15:19 - 2016-10-06 23:26 - 00197120 _____ () C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
2017-01-07 13:43 - 2017-01-11 17:44 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-07-23 04:23 - 2010-03-15 00:58 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-03-28 19:40 - 2009-05-01 12:54 - 00291496 _____ () C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ () C:\Program Files (x86)\Cappuccinos\intravenous.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2008-10-28 12:38 - 2008-10-28 12:38 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2008-10-28 12:38 - 2008-10-28 12:38 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2011-03-28 19:40 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyscw.dll
2011-03-28 19:40 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files (x86) (x86)\Lexmark 3400 Series\iptk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\kuaiche.com -> hxxp://software.kuaiche.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEFE6630-389E-44DF-82F3-9485A7A6FD6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CD3BBA8F-D17B-418B-B56F-F8B2608FFAAB}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{3D774B82-31A0-4C83-881F-4A06ED7619BA}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{14C6C2AC-2EDB-4705-9A83-364F97376224}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{73288AF7-2806-4D81-A131-053D89D47F0C}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{47FC9419-5892-47CA-B917-915EA4362EA5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{9F022428-26EC-44CC-A40F-F6E7C0191156}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0C4814E0-119B-4F84-9444-7989C1985B37}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{F3DC371C-4528-494E-8DE9-5C35ED44EAD1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{46D10E6C-F4DC-4E78-9BCC-E9DAF8919A5F}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F48B909D-B583-42E0-AF37-3197053845FA}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{7393CE50-32F0-48CC-A376-EC1B9F59E385}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{ADF450EF-2A82-4C17-AC44-006380307EC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{01AD65CD-19EA-4FA8-A727-7F95AF4E8574}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DEE232A2-F0BE-4EB1-9E1C-0109C368E6EF}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C5D0C97C-7162-477A-902E-C069810DF6C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8662FEFB-4A27-4D64-A82D-73ABE4C1C88A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6BF1A9AF-9E34-477A-8CF1-7B41546E1E47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17ED5779-2164-46E0-8E9F-01A66A91DCF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C4ED4A68-B3ED-4552-AC94-894659188A51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BFCB4B69-A999-4840-8C2C-AE4A83A48F37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FF52AFEB-0A7E-4049-8FA6-745427DC305F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EBB4F998-53A1-4361-AEAB-1CF260C6C585}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{68B26E8D-C2AF-40B9-8390-7F701DC8A6CA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{16C4A618-F814-4845-8A60-0B4ECD8E8A32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C7B04456-7990-43AA-B8F4-BB700129395B}] => (Allow) svchost.exe
FirewallRules: [{433D8BC5-FC16-444C-AF78-7A9630EC5976}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9D896ACF-4069-49CF-850B-E29E594015F9}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{954892B4-46AF-43D2-8FC4-F2A27ED3F2FE}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{C8BC2726-ACC8-4AB4-A3B9-00762493D0F6}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4FDCF821-2B16-45C3-9EA6-AE259B4E6764}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4E82F33F-C870-44BA-8642-4D75868180E8}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{C1828FFF-05CF-488B-A7CE-EA3E54888C6E}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{B6B4FE57-8DE8-473E-89BE-BA346E80B818}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{EAFC6447-CCF0-4ACB-A4DB-6128764B0CB5}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{4DDB8838-4FB0-4C42-B881-A0B0BA19E0FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{197BDDFC-5E69-4551-ACB7-10CF33684645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F7C17022-D05C-4358-B584-6EAFC61F0590}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [UDP Query User{370E9F8A-6264-4DB5-BB55-E45F3E8C9FC2}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [{E3D44FAE-A6D8-4378-AA27-F55F0DAF83C4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A6CA6B5-C57A-4F0D-8D20-474FF804A814}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{D378E215-5A71-4506-80FF-6FA1BBFF9645}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{8609C6CF-FC48-4942-9D81-AA44483D2804}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{EDA7D9FD-3485-41A7-BAC7-7308CDC798F6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{7B6AE310-337D-4302-858F-EDFD2E2D8F24}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{2C0FE087-8539-4604-A7AD-492226CCA3A4}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{E4E5E4BE-AFB3-4BE3-B4DA-9F8A65AA78BB}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{CB34981A-B7C8-4CF5-B04D-DB2B898FCE79}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{94A7E039-4028-4F49-A11D-00E709D996C2}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{FF753986-7706-4B2C-A39C-9C96EB1FE880}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{8EA72A0D-BD79-4ED2-8BF5-4C2737B06E0E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{729F16B0-117F-493A-B125-AE2D36AA2B2C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{D5A1A7A3-074D-4010-8152-848D7772DA60}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{4B8026D1-DC47-4723-A2EB-5702476D268E}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{893F4CF6-6E71-4140-B976-65E37B87C634}] => (Allow) LPort=135
FirewallRules: [{4723771B-437C-4765-95FA-278C9E7E0455}] => (Allow) LPort=5000
FirewallRules: [{98FAB258-07BE-462B-BD2D-C99E621C7463}] => (Allow) LPort=5001
FirewallRules: [{337E4CE1-CD3D-414A-B956-5BCD0DDFA588}] => (Allow) LPort=5002
FirewallRules: [{D1B32D62-5643-44C2-8237-9ECEC69FA6F5}] => (Allow) LPort=5003
FirewallRules: [{AAB6F790-7E12-42B4-AA84-8B7D5DBBD127}] => (Allow) LPort=5004
FirewallRules: [{40505419-B36F-4ED9-99E1-333C30352BBE}] => (Allow) LPort=5005
FirewallRules: [{79F935B9-5F45-4749-B1E9-46B53833A916}] => (Allow) LPort=5006
FirewallRules: [{9B1C853D-5AF9-4398-8790-F33A30F41CC9}] => (Allow) LPort=5007
FirewallRules: [{7A7DD6BE-A3FD-466B-8AEF-B6EF42656EAA}] => (Allow) LPort=5008
FirewallRules: [{BF392420-ABB5-4021-A31B-11959EA4D6F4}] => (Allow) LPort=5009
FirewallRules: [{E4E85B71-49EE-4C9E-8386-FFA06766BB02}] => (Allow) LPort=5010
FirewallRules: [{79C52F32-7ABB-4A07-8B95-763A4AA511AD}] => (Allow) LPort=5011
FirewallRules: [{F746FA93-DB05-42A5-8AEC-F2ED445AB863}] => (Allow) LPort=5012
FirewallRules: [{98EC8327-FA6C-4DCC-AA5B-F2BBF58BCE12}] => (Allow) LPort=5013
FirewallRules: [{24D4CA68-6B12-417E-955A-8F05673BDD37}] => (Allow) LPort=5014
FirewallRules: [{E5D31E9E-DFFD-4A4B-A73B-E7D856740894}] => (Allow) LPort=5015
FirewallRules: [{39F739A5-8154-4D47-9F08-AF4D754ED623}] => (Allow) LPort=5016
FirewallRules: [{A4C08BDE-D1AA-48A8-A116-8662DD488E14}] => (Allow) LPort=5017
FirewallRules: [{D2A12F58-F605-4230-90FB-6856FDD8CA2C}] => (Allow) LPort=5018
FirewallRules: [{ACD18103-2A45-435F-BB0A-35DC7EB216BE}] => (Allow) LPort=5019
FirewallRules: [{D515A646-46D6-45B5-8D82-ABE09399B6A3}] => (Allow) LPort=5020
FirewallRules: [{90D50485-A642-4384-B7FA-98D91C227441}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{5790F44F-371D-45A6-89D7-52200AE8ED1F}] => (Allow) C:\Users\venkat\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{27E47AA8-1635-451E-9B12-6D3B39F0FB7C}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0E8E89E2-E554-4C77-8774-25C0619E5E1A}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8873BAFF-3CE1-4F6C-8D2F-D41F2A936F60}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A845098-E8BF-4FB5-879E-ABDC2EAA4C24}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{01222CD2-A8E5-47D6-8622-79FB6885A97B}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BE191360-1E8D-40FC-A910-673F07745296}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1267A1C0-8A4B-490B-8BF2-CDD32655589E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8AF4AB71-B2CC-46DE-8C86-4D9D2A8BD1B3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{3A2BE009-AD59-49F2-8788-61AE5F20B5DC}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{3CE1E5FE-7010-4290-96EE-2B1B9E36D19F}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{440517F2-B7C1-4770-878B-D163BBE82A9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6409F507-F069-48F1-8982-0846FE9C5906}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [UDP Query User{75C98348-52DF-4811-A14D-4D76A1CE13E7}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [TCP Query User{D5D0CA2B-67BE-46FB-9633-8327688037E0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{00EDC32E-363B-4443-87C3-29495E6499D4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{69ED8510-C0D7-4FE0-9B70-4C47219A27EB}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [UDP Query User{5223A622-1565-4093-89D5-AFD8738D2ED2}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [{D08B1B32-C4FB-4D27-B443-9CD2A71F6697}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮攮數
FirewallRules: [{2D129E07-FBFD-415B-AEFA-6D23C757F0D2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮⹟硥e
FirewallRules: [{D0BF5994-3AF8-417C-B83D-B0EF6E90D9DF}] => (Allow) C:\Program Files (x86)\Mutilated\intravenous.exe
FirewallRules: [{D7699F0F-66C1-4743-9E77-58E03F0CC99E}] => (Allow) C:\Program Files (x86)\Cappuccinos\intravenous.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2017 09:42:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.865, time stamp: 0x584ee8a0
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a1dc
Exception code: 0xc0000005
Fault offset: 0x00192cf1
Faulting process id: 0x11b0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Apoorva-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Apoorva-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Apoorva-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\venkat\ntuser.dat

Error: (01/10/2017 01:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.865, time stamp: 0x584ee8a0
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a1dc
Exception code: 0xc0000005
Fault offset: 0x00192cf1
Faulting process id: 0xb60
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/10/2017 04:33:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x000000000033eabe
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/09/2017 09:10:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x000000000033e4c8
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/09/2017 06:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x0000000000032d5e
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/09/2017 11:11:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c
Faulting module name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c
Exception code: 0xc0000005
Fault offset: 0x0000486b
Faulting process id: 0x1258
Faulting application start time: 0xmbamtray.exe0
Faulting application path: mbamtray.exe1
Faulting module path: mbamtray.exe2
Report Id: mbamtray.exe3


System errors:
=============
Error: (01/12/2017 09:18:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%2

Error: (01/12/2017 09:18:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (01/12/2017 09:15:47 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/12/2017 09:15:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Module Core Service service failed to start due to the following error:
%%2

Error: (01/12/2017 09:15:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Service Controller service failed to start due to the following error:
%%2

Error: (01/12/2017 09:15:43 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Boot Delay Start Service service depends the following service: mfevtp. This service might not be installed.

Error: (01/12/2017 09:15:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxcy_device service failed to start due to the following error:
%%2

Error: (01/11/2017 06:40:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/11/2017 06:40:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/11/2017 04:44:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
Date: 2017-01-10 21:10:23.723
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-10 21:10:23.520
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-10 19:39:08.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:38.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:35.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:35.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.148
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

 

[venkatbollu]

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 73%
Total physical RAM: 3999.19 MB
Available physical RAM: 1075.61 MB
Total Virtual: 7996.56 MB
Available Virtual: 4836.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.41 GB) (Free:115.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.49 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 098B9E73)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[venkatbollu]

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by venkat (2017-01-12 21:37:29) Run:1
Running from C:\Users\venkat\Desktop\New folder
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 lxcy_device; C:\Windows\system32\lxcycoms.exe -service [X]
S2 McBootDelayStartSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 ModuleCoreService; "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2016-08-10 00:17 - 2016-08-10 00:17 - 0004096 ____H () C:\Users\venkat\AppData\Local\keyfile3.drm
2016-05-20 07:24 - 2016-05-20 07:24 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-06 22:03 - 2017-01-07 07:44 - 0007601 _____ () C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2009-09-30 08:55 - 2017-01-12 09:16 - 0000290 _____ () C:\ProgramData\hpqp.ini
2010-11-08 21:09 - 2014-05-02 22:40 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-01-13 17:48 - 2017-01-08 21:15 - 0001282 _____ () C:\ProgramData\HPWALog.txt
2011-01-08 18:46 - 2011-04-30 21:09 - 0001257 _____ () C:\ProgramData\hpzinstall.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-21 13:55 - 2009-08-21 13:55 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-30 08:56 - 2009-09-30 08:56 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-21 13:49 - 2009-08-21 13:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-30 08:56 - 2009-09-30 08:56 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-21 13:48 - 2009-08-21 13:49 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-21 13:51 - 2009-08-21 13:55 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-30 08:57 - 2009-09-30 08:57 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\Users\Apoorva\jagex_runescape_preferences.dat
C:\Users\venkat\AppData\Local\Temp\dllnt_dump.dll
Task: {FBD6E98F-D49E-43CC-9325-1CB10B620B4E} - \3033876 -> No File <==== ATTENTION

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3623452270-2088294941-995359613-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully
HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found.
"HKCR\PROTOCOLS\Handler\dssrequest" => key removed successfully
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found.
"HKCR\PROTOCOLS\Handler\sacore" => key removed successfully
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found.
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MVT" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
lxcy_device => service removed successfully
McBootDelayStartSvc => service removed successfully
mccspsvc => service removed successfully
mfemms => service removed successfully
ModuleCoreService => service removed successfully
catchme => service removed successfully
eabfiltr => service removed successfully
mfesapsn => service removed successfully
RtsUIR => service removed successfully
USBCCID => service removed successfully
C:\Users\venkat\AppData\Local\AtStart.txt => moved successfully
C:\Users\venkat\AppData\Local\DSwitch.txt => moved successfully
C:\Users\venkat\AppData\Local\keyfile3.drm => moved successfully
C:\Users\venkat\AppData\Local\QSwitch.txt => moved successfully
C:\Users\venkat\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\hpqp.ini => moved successfully
C:\ProgramData\hpqp.txt => moved successfully
C:\ProgramData\HPWALog.txt => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log => moved successfully
C:\Users\Apoorva\jagex_runescape_preferences.dat => moved successfully
C:\Users\venkat\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBD6E98F-D49E-43CC-9325-1CB10B620B4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBD6E98F-D49E-43CC-9325-1CB10B620B4E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3033876 => key not found.

==== End of Fixlog 21:37:39 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[venkatbollu]

Dear Broni,

Somehow the process intravenous.exe is now removed from my laptop. After the fixlist.txt was processed by FRST, all of sudden Malwarebytes displayed the notification saying "intravenous.exe is removed and reboot your computer".

With your suggestion I am still performing the above steps to ensure no more junks in my system.

 

[Broni]

Hold on there.