Inactive Virus removal

[roshith]

Hi,
I scanned my system through farbar recovery scan tool. scan result are listed below
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-04-2017
Ran by ROSHITH (20-04-2017 10:20:43)
Running from C:\Documents and Settings\ROSHITH\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2016-01-16 08:23:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-436374069-790525478-1644491937-500 - Administrator - Enabled)
Guest (S-1-5-21-436374069-790525478-1644491937-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-436374069-790525478-1644491937-1000 - Limited - Disabled)
ROSHITH (S-1-5-21-436374069-790525478-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\ROSHITH
SUPPORT_388945a0 (S-1-5-21-436374069-790525478-1644491937-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 9.0.408.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Anvsoft Photo Slideshow Maker Free 5.58 (HKLM\...\Anvsoft Photo Slideshow Maker Free) (Version: 5.58 - Anvsoft, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-8510DN (HKLM\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 2.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Crystal Reports 9 (HKLM\...\{71A7D000-0D1F-4CF9-BB75-BB5920436F0C}) (Version: 9.2.2.570 - Crystal Decisions, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EasyVideoMaker (HKLM\...\{03EC818F-96E5-497F-AF28-EC6BC4CF32D3}) (Version: 6.35 - Easy Video Maker)
ESET NOD32 Antivirus (HKLM\...\{2E94E0C3-CB66-4A59-AF7A-C70BB9F5F0B3}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
Free Video Cutter 1.1 (HKLM\...\{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1) (Version: - FreeVideoCutter.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
Intel(R) Network Connections 13.1.33.0 (HKLM\...\{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}) (Version: 13.1.33.0 - Intel)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
JobGen Plus (HKLM\...\JobGen Plus) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
Microsoft VM for Java (HKLM\...\MsJavaVM) (Version: - )
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version: - )
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 50.0.2 (x86 en-GB)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - )
Nuance PaperPort 12 (HKLM\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.00 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (Version: - ) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3665 - Analog Devices)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Browser Updater Task(Core).job => C:\Program Files\QQBrowser\Update\851F10F1C9A94800E9E20AA8ABF4EFCA\Update\BrowserUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WinTaske.job => C:\Program Files\WinTaske\WinTaske\WinTaske.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Documents and Settings\ROSHITH\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1458719105&a=1049763&src=sh&uuid=1f8404d4-8852-4995-ac8b-765fadde5611"
ShortcutWithArgument: C:\Documents and Settings\ROSHITH\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1458719105&a=1049763&src=sh&uuid=1f8404d4-8852-4995-ac8b-765fadde5611"
ShortcutWithArgument: C:\Documents and Settings\ROSHITH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1458719105&a=1049763&src=sh&uuid=1f8404d4-8852-4995-ac8b-765fadde5611"

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-02 14:29 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2012-06-13 18:35 - 2012-06-13 18:35 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 15:00 - 2008-04-14 15:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 15:00 - 2008-04-14 15:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll
2008-04-14 15:00 - 2008-04-14 15:00 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C [270]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPBC416F8 [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" is missing and should be manually restored.
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" is missing and should be manually restored.

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-436374069-790525478-1644491937-1003\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-436374069-790525478-1644491937-1003\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 15:00 - 2017-01-26 12:28 - 00001162 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 idb.iobit.com
127.0.0.1 asc55.iobit.com
127.0.0.1 is360.iobit.com
127.0.0.1 asc.iobit.com
127.0.0.1 pf.iobit.com
127.0.0.1 track.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 By Roonney
127.0.0.1 track.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 By Roonney

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-436374069-790525478-1644491937-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.59
sharedaccess => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: BluetoothAuthenticationAgent =>
MSCONFIG\startupreg: LuckyBrowse =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe] => Enabled:腾讯产品下载组件
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\bugreport_xf.exe] => Enabled:腾讯产品下载组件Crash上报
DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\ROSHITH\Local Settings\Application Data\TNT2\2.0.0.2065\TNT2User.exe] => Enabled:TNT2
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Explorer.EXE] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\ControlCenter4\BrCcBoot.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Kies3\Kies3.exe] => Enabled:Samsung Kies 3
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ctfmon.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\userinit.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [E:\DIAMOND\DIAMOND50.EXE] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\ControlCenter4\BrCcUxSys.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Browny02\BrYNSvc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Browny02\Brother\BrStMonW.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Enabledxpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe] => Enabled:腾讯产品下载组件
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\bugreport_xf.exe] => Enabled:腾讯产品下载组件Crash上报
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [E:\DIAMOND\LicenseServer.EXE] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\ControlCenter4\BrCtrlCntr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\aevx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winsrka.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winyrsopc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winnkrsc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\brmic.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\PhotoScape\PhotoScape.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\whywst.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winejbqak.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\ROSHITH\My Documents\Downloads\realplayer-18.1.3.100_1931024936.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winukge.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\xvtkja.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\chhvvw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Browny02\Brother\WarningDialog.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winvfleq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\mpdys.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\hdtdv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\wingdbmv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\tmrns.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\eahvqw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winsmdfwk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\wingqtdro.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\igkk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winjrerdd.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winxtct.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\rvjtxn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winyhpgie.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winluvevf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\haih.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\gvwcb.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\jfbx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\wmidc.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\slomj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winufne.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\oxbuf.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winrnwisu.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\orgjyd.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\uduv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\yqjknn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winhajj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winsxsm.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\wintchecq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\vgwyy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\kihdxx.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\wingbvy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winecfieu.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winqicah.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\gvwbrh.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\itgocp.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\ostsmt.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winpqgg.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\trlsfi.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\wintdrdxi.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winqijihv.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winhuxdic.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winsumwqi.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winlgsetq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\ywvgja.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winyxvk.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\phqsya.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\csetw.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\sfbmq.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winthjxm.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winoknr.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\pahd.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\potihm.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winsgdan.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winnkpdfa.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\twba.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\xivy.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\ngnn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winxkvlpj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winlqhcan.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winybywj.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\winghcv.exe] => Enabled:ipsec
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabledxpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabledxpsp2res.dll,-22008

==================== Restore Points =========================

01-03-2017 13:03:55 System Checkpoint
02-03-2017 13:04:36 System Checkpoint
04-03-2017 08:58:22 System Checkpoint
05-03-2017 09:17:33 System Checkpoint
06-03-2017 10:44:14 System Checkpoint
07-03-2017 13:01:24 System Checkpoint
08-03-2017 15:52:30 System Checkpoint
11-03-2017 15:03:46 System Checkpoint
13-03-2017 08:32:44 System Checkpoint
14-03-2017 08:45:32 System Checkpoint
15-03-2017 09:13:22 System Checkpoint
16-03-2017 11:16:10 System Checkpoint
16-03-2017 15:18:25 Installed Windows Media Format 9 Series Runtime Setup
18-03-2017 08:39:53 System Checkpoint
19-03-2017 08:44:23 System Checkpoint
20-03-2017 13:04:26 System Checkpoint
21-03-2017 15:17:57 System Checkpoint
23-03-2017 08:49:16 System Checkpoint
25-03-2017 08:54:56 System Checkpoint
26-03-2017 08:55:56 System Checkpoint
27-03-2017 13:04:12 System Checkpoint
28-03-2017 14:54:27 System Checkpoint
29-03-2017 15:53:27 System Checkpoint
01-04-2017 08:40:58 System Checkpoint
02-04-2017 08:50:00 System Checkpoint
03-04-2017 08:53:28 System Checkpoint
04-04-2017 09:07:37 System Checkpoint
05-04-2017 10:52:34 System Checkpoint
06-04-2017 13:05:46 System Checkpoint
08-04-2017 08:43:47 System Checkpoint
09-04-2017 09:02:19 System Checkpoint
10-04-2017 13:02:04 System Checkpoint
11-04-2017 13:03:53 System Checkpoint
12-04-2017 13:21:32 System Checkpoint
15-04-2017 08:46:43 System Checkpoint
16-04-2017 08:46:50 System Checkpoint
17-04-2017 08:48:21 System Checkpoint
18-04-2017 08:56:12 System Checkpoint
19-04-2017 13:15:01 System Checkpoint
19-04-2017 14:50:43 Restore Operation
19-04-2017 15:02:53 Removed EasyVideoMaker.
19-04-2017 15:11:09 Installed EasyVideoMaker.
19-04-2017 15:31:03 Removed EasyVideoMaker.
20-04-2017 08:15:19 Installed EasyVideoMaker.
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2017 03:04:19 PM) (Source: MsiInstaller) (EventID: 11905) (User: GBB)
Description: Product: EasyVideoMaker -- Error 1905.Module C:\Program Files\Common Files\EVMMediaCodec\decoder\VisioForge_Bridge_Audio.ax failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error: (04/19/2017 03:04:15 PM) (Source: MsiInstaller) (EventID: 11905) (User: GBB)
Description: Product: EasyVideoMaker -- Error 1905.Module C:\Program Files\Common Files\EVMMediaCodec\decoder\VisioForge_Bridge_Video.ax failed to unregister. HRESULT -2147220472. Contact your support personnel.


System errors:
=============
Error: (04/20/2017 07:57:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc

Error: (04/19/2017 04:04:52 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.

Error: (04/19/2017 03:30:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc

Error: (04/19/2017 03:10:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc

Error: (04/19/2017 02:52:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc

Error: (04/18/2017 07:57:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc

Error: (04/17/2017 03:22:47 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (04/17/2017 08:00:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc

Error: (04/16/2017 07:57:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc

Error: (04/15/2017 07:51:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qutmipc


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 86%
Total physical RAM: 1014.79 MB
Available physical RAM: 141.73 MB
Total Virtual: 2445.34 MB
Available Virtual: 1564.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.29 GB) (Free:7.35 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:45.23 GB) (Free:44.92 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:34.18 GB) (Free:32.75 GB) NTFS
Drive f: () (Fixed) (Total:40.35 GB) (Free:40.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9C879C87)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 6584BCFD)
Partition 1: (Not Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=40.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[roshith]

Hi,
Please check this scan result

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2017
Ran by ROSHITH (administrator) on GBB (20-04-2017 10:18:49)
Running from C:\Documents and Settings\ROSHITH\My Documents\Downloads
Loaded Profiles: ROSHITH (Available Profiles: ROSHITH & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Diamond Software) E:\DIAMOND\LicenseServer.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Diamond Software) E:\DIAMOND\BIN.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [24064 2016-02-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2016-12-08] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKU\S-1-5-21-436374069-790525478-1644491937-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-436374069-790525478-1644491937-1003\...\Run: [ISUSPM] => C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-436374069-790525478-1644491937-1003\...\RunOnce: [Adobe Speed Launcher] => 1492664819
HKU\S-1-5-21-436374069-790525478-1644491937-1003\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-436374069-790525478-1644491937-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\egui.lnk [2016-06-30]
ShortcutTarget: egui.lnk -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
Startup: C:\Documents and Settings\ROSHITH\Start Menu\Programs\Startup\LicenseServer.lnk [2016-07-11]
ShortcutTarget: LicenseServer.lnk -> E:\DIAMOND\LicenseServer.EXE (Diamond Software)
AlternateShell:
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.59
Tcpip\..\Interfaces\{04B1F090-99A6-4643-8268-B04DB20AF823}: [DhcpNameServer] 192.168.1.59

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-436374069-790525478-1644491937-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95144889_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-790525478-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-436374069-790525478-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ae/?ocid=iehp
HKU\S-1-5-21-436374069-790525478-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={2984B3E1-A12F-49B1-9336-CDBCFC9785D0}&I=
HKU\S-1-5-21-436374069-790525478-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={2984B3E1-A12F-49B1-9336-CDBCFC9785D0}&I=" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-436374069-790525478-1644491937-1003 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-790525478-1644491937-1003 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-790525478-1644491937-1003 -> {EEF4F2A9-E562-42B5-8766-F1002769D146} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-436374069-790525478-1644491937-1003 -> {FFAC1931-2D7C-4BA2-9130-A4D313C3DF67} URL = hxxp://search.eshield.com/serp?guid={2984B3E1-A12F-49B1-9336-CDBCFC9785D0}&action=default_search&k={searchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
Toolbar: HKU\S-1-5-21-436374069-790525478-1644491937-1003 -> No Name - {D7999BE9-44CD-45EE-94AB-218F2D058784} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 41A66E7E5EE1
FF ProfilePath: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 [2017-04-20]
FF user.js: detected! => C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390\user.js [2016-04-11]
FF NewTab: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> hxxp://www.hohosearch.com/?ts=AHEpCHMsC3MsAE..&v=20160329&uid=851F10F1C9A94800E9E20AA8ABF4EFCA&ptid=amz&mode=ffseng
FF DefaultSearchEngine: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> hohosearch
FF DefaultSearchEngine.US: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> data:text/plain,browser.search.defaultenginename.US=yessearches
FF DefaultSearchUrl: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> Avast Search
FF SelectedSearchEngine: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> hohosearch
FF Homepage: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> hxxp://www.hohosearch.com/?ts=AHEpCHMsC3MsAE..&v=20160329&uid=851F10F1C9A94800E9E20AA8ABF4EFCA&ptid=amz&mode=ffseng
FF Keyword.URL: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF Extension: (eShield) - C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390\Extensions\toolbar11467@eshield.com.xpi [2016-04-11] [not signed]
FF SearchPlugin: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390\searchplugins\DD1B66D4.xml [2016-04-03]
FF SearchPlugin: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\o4bxl1kg.default-1455368403390\searchplugins\omniboxes.xml [2016-03-02]
FF ProfilePath: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 [2017-04-20]
FF user.js: detected! => C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-04-11]
FF NewTab: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> about:newtab
FF DefaultSearchEngine: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> Google
FF DefaultSearchEngine.US: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> data:text/plain,browser.search.defaultenginename.US=hohosearch
FF DefaultSearchUrl: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> Avast Search
FF SelectedSearchEngine: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> Google
FF Homepage: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> www.google.com
FF Keyword.URL: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1 -> hxxp://www.hohosearch.com/chrome.php?uid=851F10F1C9A94800E9E20AA8ABF4EFCA&ptid=amz&ts=AHEpCHMsC3MsAE..&v=20160329&mode=ffexttoolbar&q=
FF Extension: (Audio Downloader Prime) - C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid1-l5dUGwHjz2WXo2@jetpack.xpi [2017-02-18]
FF Extension: (Youtube MP3 Downloader using youtube-mp3.org) - C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2016-08-07]
FF SearchPlugin: C:\Documents and Settings\ROSHITH\Application Data\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\music-downloader.xml [2016-08-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=851F10F1C9A94800E9E20AA8ABF4EFCA&v=20160329&ts=AHEpCHMsC3MsAE..
CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=851F10F1C9A94800E9E20AA8ABF4EFCA&v=20160329&ts=AHEpCHMsC3MsAE.."
CHR Profile: C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Google Slides) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-29]
CHR Extension: (Google Docs) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-29]
CHR Extension: (YouTube) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Google Sheets) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-20]
CHR Extension: (Gmail) - C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-29]
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2016-02-20] () [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2016-12-08] (ESET)
S3 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-07-20] (Nero AG) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36616 2016-03-08] (IVT Corporation.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206472 2016-12-08] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156288 2016-12-08] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [137856 2016-12-08] (ESET)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-06-13] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-06-13] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-06-13] (Marvell Semiconductor Inc.)
R3 n558; C:\WINDOWS\System32\Drivers\n558.sys [9600 2007-08-15] ()
S1 qutmipc; C:\WINDOWS\system32\drivers\qutmipc.sys [53960 2016-02-01] (360.cn)
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2004-06-07] (Intel Corporation) [File not signed]
S3 TSSK; C:\WINDOWS\System32\tssk.sys [73976 2016-03-23] (电脑管家)
S3 amsint32; \??\C:\WINDOWS\system32\drivers\plppn.sys [X]
S4 Coaperu; no ImagePath
S3 cpuz134; \??\C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\ROSHITH\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QMUdisk.sys [X]
S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\softaal.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 10:18 - 2017-04-20 10:18 - 00000000 ____D C:\FRST
2017-04-20 08:15 - 2017-04-20 09:28 - 00002367 _____ C:\Documents and Settings\All Users\Desktop\Easy Video Maker.lnk
2017-04-20 08:15 - 2017-04-20 08:15 - 00000000 ____D C:\Program Files\Common Files\EVMMediaCodec
2017-04-20 08:15 - 2017-04-20 08:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Easy Video Maker
2017-04-20 08:02 - 2017-04-20 08:02 - 00115770 _____ C:\Documents and Settings\ROSHITH\Desktop\19.4.17.pdf
2017-04-19 15:40 - 2017-04-19 15:40 - 00000975 _____ C:\Documents and Settings\ROSHITH\Desktop\Photo Slideshow Maker Free.lnk
2017-04-19 15:40 - 2017-04-19 15:40 - 00000000 ____D C:\Documents and Settings\ROSHITH\Start Menu\Programs\AnvSoft
2017-04-19 15:40 - 2017-04-19 15:40 - 00000000 ____D C:\Documents and Settings\ROSHITH\My Documents\Anvsoft
2017-04-19 15:11 - 2017-04-19 15:31 - 00000000 ____D C:\New Folder
2017-04-19 11:38 - 2017-04-19 14:52 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2017-04-19 11:35 - 2017-04-19 12:45 - 00000000 ____D C:\Documents and Settings\ROSHITH\My Documents\ros
2017-04-19 11:35 - 2017-04-19 11:35 - 00000000 ____D C:\Documents and Settings\ROSHITH\My Documents\New Folder
2017-04-19 11:19 - 2017-04-19 16:03 - 00000000 ____D C:\Documents and Settings\ROSHITH\Desktop\king
2017-04-19 07:56 - 2017-04-19 07:56 - 00114098 _____ C:\Documents and Settings\ROSHITH\Desktop\18.4.17.pdf
2017-04-18 10:28 - 2017-04-18 10:28 - 00000000 ____D C:\Documents and Settings\ROSHITH\Desktop\shiju
2017-04-18 08:19 - 2017-04-18 08:19 - 00116250 _____ C:\Documents and Settings\ROSHITH\Desktop\17.4.17.pdf
2017-04-12 10:39 - 2017-04-19 09:56 - 00050688 _____ C:\Documents and Settings\ROSHITH\Desktop\trafco-statement.xls
2017-04-10 12:35 - 2017-04-10 12:47 - 00037888 _____ C:\Documents and Settings\ROSHITH\Desktop\trf.xls
2017-04-10 10:57 - 2017-04-11 16:17 - 00166912 _____ C:\Documents and Settings\ROSHITH\Desktop\JAWAD.XLS
2017-04-05 08:10 - 2017-04-05 08:10 - 00170818 _____ C:\Documents and Settings\ROSHITH\Desktop\12020003777.pdf
2017-04-04 10:45 - 2017-04-04 16:04 - 00024576 _____ C:\Documents and Settings\ROSHITH\Desktop\suppliers.xls
2017-03-28 10:55 - 2017-04-10 12:34 - 00026624 _____ C:\Documents and Settings\ROSHITH\Desktop\trafco.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 10:19 - 2016-01-16 11:25 - 00000000 ____D C:\Documents and Settings\ROSHITH\Local Settings\Temp
2017-04-20 10:18 - 2016-04-14 10:16 - 00001520 _____ C:\WINDOWS\Tasks\Browser Updater Task(Core).job
2017-04-20 10:08 - 2016-03-03 09:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-20 09:34 - 2016-01-23 16:02 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-20 09:28 - 2016-01-20 14:40 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-04-20 08:34 - 2016-01-23 16:02 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-20 08:15 - 2016-03-17 13:00 - 00000000 ____D C:\Program Files\Easy Video Maker
2017-04-20 07:58 - 2016-04-07 15:56 - 00000474 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2017-04-20 07:55 - 2016-01-16 11:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-19 16:18 - 2016-03-08 07:39 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-19 16:18 - 2016-01-16 11:25 - 00000178 ___SH C:\Documents and Settings\ROSHITH\ntuser.ini
2017-04-19 16:17 - 2016-01-23 16:18 - 00000000 ____D C:\Documents and Settings\ROSHITH\Application Data\vlc
2017-04-19 15:40 - 2016-02-18 10:07 - 00000000 ____D C:\Documents and Settings\ROSHITH\Application Data\AnvSoft
2017-04-19 15:40 - 2016-02-16 08:44 - 00000000 ____D C:\Program Files\AnvSoft
2017-04-19 15:40 - 2016-01-16 11:25 - 00000000 ___RD C:\Documents and Settings\ROSHITH\My Documents
2017-04-19 15:27 - 2016-01-16 14:03 - 00000000 ____D C:\WINDOWS\security
2017-04-19 15:18 - 2016-01-16 14:03 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-04-19 15:10 - 2016-03-17 12:59 - 00000000 ____D C:\Documents and Settings\ROSHITH\Local Settings\Application Data\Downloaded Installations
2017-04-19 15:05 - 2016-01-16 11:25 - 00000000 ____D C:\Documents and Settings\ROSHITH
2017-04-19 14:50 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-18 18:00 - 2016-04-07 15:56 - 00000448 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2017-04-18 07:58 - 2016-01-16 14:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-29 15:32 - 2016-02-18 10:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-03-26 08:29 - 2016-01-25 09:10 - 00000000 ____D C:\Program Files\TeamViewer

==================== Files in the root of some directories =======

2016-03-23 15:35 - 2016-03-23 15:35 - 0005120 _____ () C:\Documents and Settings\ROSHITH\Application Data\GiftBag.db
2016-04-06 16:14 - 2016-08-21 11:18 - 0010240 _____ () C:\Documents and Settings\ROSHITH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-18 12:32 - 2016-01-18 12:33 - 0087774 ____N () C:\Documents and Settings\ROSHITH\Local Settings\Application Data\FASTWiz.log
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 ____N () C:\Documents and Settings\ROSHITH\Local Settings\Application Data\setup.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.