Solved Laptop infected with msupdate71/dwm.exe

[AbbbY Sen]

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by Abhishek (administrator) on ABHISHEK-HP on 22-02-2015 10:55:56
Running from C:\Users\Abhishek\Desktop
Loaded Profiles: Abhishek (Available profiles: Abhishek)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
() C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
() C:\Program Files (x86)\Reliance 3G\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-02-02] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-02-02] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-11-10] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] => C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2079792 2014-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-12-16] (Power Software Ltd)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-674437956-1809715338-1024526891-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-674437956-1809715338-1024526891-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\Windows\System32\avgrssta.dll => C:\Windows\System32\avgrssta.dll [13048 2013-11-09] (AVG Technologies CZ, s.r.o.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-674437956-1809715338-1024526891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-674437956-1809715338-1024526891-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-674437956-1809715338-1024526891-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Abhishek\AppData\Roaming\Mozilla\Firefox\Profiles\49aoobau.default
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine,S:
FF Keyword.URL: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-674437956-1809715338-1024526891-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Abhishek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Search App by Ask - C:\Users\Abhishek\AppData\Roaming\Mozilla\Firefox\Profiles\49aoobau.default\Extensions\toolbar_BTRSP-C@apn.ask.com.xpi [2015-01-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-05]
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files (x86)\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\Firefox [2013-11-07]
FF HKU\S-1-5-21-674437956-1809715338-1024526891-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-674437956-1809715338-1024526891-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

 

[AbbbY Sen]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=dvd_14_16_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtCzztAtA0A0AyDyCyC0FtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0AzyyByDyC0B0FtGyCyByD0EtGyDzztAtAtGtC0D0C0AtGtDtB0AyE0FyBtD0Dzz0AtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyEtDzytByCtDtG0FtCzzzztGtCyE0E0DtG0E0Bzz0AtGyD0F0EtAyD0BtC0E0DyC0Czz2Q&cr=1501068693&ir=
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_16_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtCzztAtA0A0AyDyCyC0FtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0AzyyByDyC0B0FtGyCyByD0EtGyDzztAtAtGtC0D0C0AtGtDtB0AyE0FyBtD0Dzz0AtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyEtDzytByCtDtG0FtCzzzztGtCyE0E0DtG0E0Bzz0AtGyD0F0EtAyD0BtC0E0DyC0Czz2Q&cr=1501068693&ir=", ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intelî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Liveà Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HTML5 Banner Maker) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmkmgbpbcmoomenlldbdnjmfhcmonag [2013-01-02]
CHR Extension: (Yola - Free Website Builder) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aebppchdponkedofbfclieicclhapjjp [2013-01-02]
CHR Extension: (My World) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemeppengemohiobmmjhfddbhcgkomhm [2013-01-02]
CHR Extension: (Bob Marley) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\alpnhingmddeadgmgjbfefmaanaeifak [2013-02-07]
CHR Extension: (TV) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2013-01-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-16]
CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-02]
CHR Extension: (Facebook) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-01-02]
CHR Extension: (Easy WebContent Free Website Builder) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddhpegnklkpjkobmfeaindkklgkajdio [2013-01-02]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-29]
CHR Extension: (Young Web Builder) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkocgajbaclaimehlpfeibemekidnfbn [2013-01-02]
CHR Extension: (AdBlock) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-07]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2013-01-02]
CHR Extension: (Get CSS Code) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\haggbnpibdenchgnjiffinjibdjhandc [2013-01-02]
CHR Extension: (The Times of India) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkifncilkifgngmpmnmokphicplifhnn [2013-01-02]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-01-24]
CHR Extension: (Top-Instagram.com) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklgnpfdgkjdifefanobeihjaobiepda [2013-01-02]
CHR Extension: (Website Design Tool - Web Start Today) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\loechjcdkmebjbjpldicadlchflcpbkm [2013-01-02]
CHR Extension: (Google Wallet) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Photoshop TV) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpkhfmfgmepjmhokkfjahkgecmcgpdn [2013-01-02]
CHR Extension: (Coding the Web) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbinfbikhndabcdlabpcbhggkcdakgfg [2013-01-02]
CHR Extension: (Weather Underground) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-01-02]
CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2013-11-09] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UDisk Monitor; C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [402944 2008-11-28] () [File not signed]
R2 UI Assistant Service; C:\Program Files (x86)\Reliance 3G\AssistantServices.exe [270672 2011-08-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-11-23] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2013-11-09] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2013-11-09] (AVG Technologies CZ, s.r.o.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2011-08-03] (QUALCOMM Incorporated)
S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 MREMPR5; C:\Program Files (x86)\Common Files\Motive\MREMPR5.sys [19345 2007-02-13] (Motive, Inc.) [File not signed]
S3 MRENDIS5; C:\Program Files (x86)\Common Files\Motive\MRENDIS5.sys [18003 2007-02-13] (Motive, Inc.) [File not signed]
S3 mtkmbim; C:\Windows\System32\DRIVERS\mtkmbim7_x64.sys [208896 2012-10-30] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-02-02] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-11-09] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-21] ()
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [81408 2013-02-21] (MediaTek Inc.)
S3 zteusbser; C:\Windows\System32\DRIVERS\ztemtusbser.sys [118784 2008-08-22] (ZTEMT Incorporated)
U3 axrlo05x; C:\Windows\System32\Drivers\axrlo05x.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 u302bus; system32\DRIVERS\u302bus.sys [X]
S3 u302mdfl; system32\DRIVERS\u302mdfl.sys [X]
S3 u302mdm; system32\DRIVERS\u302mdm.sys [X]
S3 u302mgmt; system32\DRIVERS\u302mgmt.sys [X]
S2 VBoxDRV; \??\K:\VirtualBox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [X]
S2 VBoxUSBMon; \??\K:\VirtualBox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 10:55 - 2015-02-22 10:56 - 00028707 _____ () C:\Users\Abhishek\Desktop\FRST.txt
2015-02-22 10:55 - 2015-02-22 10:55 - 00000000 ____D () C:\FRST
2015-02-22 10:53 - 2015-02-22 10:53 - 00007349 _____ () C:\Users\Abhishek\Desktop\JRT.txt
2015-02-22 10:43 - 2015-02-22 10:43 - 01031616 _____ () C:\Windows\Minidump\022215-31917-01.dmp
2015-02-22 10:29 - 2015-02-22 10:31 - 00000000 ____D () C:\AdwCleaner
2015-02-22 10:24 - 2015-02-22 10:25 - 02086912 _____ (Farbar) C:\Users\Abhishek\Desktop\FRST64.exe
2015-02-22 10:22 - 2015-02-22 10:23 - 01126400 _____ (Farbar) C:\Users\Abhishek\Downloads\FRST.exe
2015-02-22 10:20 - 2015-02-22 10:22 - 01388274 _____ (Thisisu) C:\Users\Abhishek\Desktop\JRT.exe
2015-02-22 10:18 - 2015-02-22 10:20 - 02126848 _____ () C:\Users\Abhishek\Desktop\adwcleaner_4.111.exe
2015-02-22 09:42 - 2015-02-22 09:42 - 00038772 _____ () C:\ComboFix.txt
2015-02-22 09:17 - 2015-02-22 09:42 - 00000000 ____D () C:\Qoobox
2015-02-22 09:17 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-22 09:17 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-22 09:17 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-22 09:17 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-22 09:17 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-22 09:17 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe
2015-02-22 09:17 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe
2015-02-22 09:17 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe
2015-02-22 09:16 - 2015-02-22 09:41 - 00000000 ____D () C:\Windows\erdnt
2015-02-22 09:05 - 2015-02-22 09:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Abhishek\Desktop\rkill.exe
2015-02-22 08:42 - 2015-02-22 08:47 - 05611903 ____R (Swearware) C:\Users\Abhishek\Desktop\ComboFix.exe
2015-02-22 07:58 - 2015-02-22 08:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-21 19:29 - 2015-02-21 19:29 - 00000000 ____D () C:\Users\Abhishek\Desktop\MBAR
2015-02-21 19:25 - 2015-02-21 19:25 - 00005779 _____ () C:\Users\Abhishek\Desktop\RKreport_DEL_02212015_192430.log
2015-02-21 19:16 - 2015-02-21 19:16 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-21 19:16 - 2015-02-21 19:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-21 19:15 - 2015-02-22 10:27 - 00465867 _____ () C:\Users\Abhishek\Desktop\Laptop infected with msupdate71_dwm.exe - TechSpot Forums.htm
2015-02-21 19:15 - 2015-02-22 10:27 - 00000000 ____D () C:\Users\Abhishek\Desktop\Laptop infected with msupdate71_dwm.exe - TechSpot Forums_files
2015-02-21 04:29 - 2015-02-21 04:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-21 04:26 - 2015-02-21 04:35 - 15533656 _____ () C:\Users\Abhishek\Desktop\RogueKiller.exe
2015-02-21 04:13 - 2015-02-21 04:26 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Abhishek\Desktop\mbar-1.09.1.1004.exe
2015-02-19 03:28 - 2015-02-19 03:28 - 00028688 _____ () C:\Users\Abhishek\Desktop\dds.txt
2015-02-19 03:28 - 2015-02-19 03:28 - 00021615 _____ () C:\Users\Abhishek\Desktop\attach.txt
2015-02-19 02:40 - 2015-02-22 07:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 02:40 - 2015-02-21 19:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-19 02:40 - 2015-02-19 02:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-19 02:40 - 2015-02-19 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 02:40 - 2015-02-19 02:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-19 02:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-19 02:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-18 15:25 - 2015-02-18 15:24 - 00688992 ____R (Swearware) C:\Users\Abhishek\Desktop\dds.com
2015-02-18 15:21 - 2015-02-18 15:24 - 00688992 _____ (Swearware) C:\Users\Abhishek\Downloads\dds.com
2015-02-18 14:51 - 2015-02-18 15:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Abhishek\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-18 02:41 - 2015-02-18 04:18 - 00009439 _____ () C:\Windows\system32\avgrep.txt
2015-02-18 00:12 - 2015-02-18 00:12 - 00000000 ____D () C:\Users\Abhishek\Documents\Any Video Converter Professional
2015-02-17 23:12 - 2015-02-17 23:12 - 00002171 _____ () C:\Users\Public\Desktop\ImTOO Video Converter Ultimate 6.lnk
2015-02-17 23:12 - 2015-02-17 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO
2015-02-17 23:12 - 2015-02-17 23:12 - 00000000 ____D () C:\ProgramData\ImTOO
2015-02-14 19:19 - 2015-02-14 18:13 - 839284238 ____N () C:\Users\Abhishek\Desktop\Interstellar.2014.DVDSCR.800MB.ShAaNiG.mkv
2015-02-10 16:24 - 2015-02-14 16:53 - 00000000 ____D () C:\Users\Abhishek\Desktop\Camera
2015-02-08 01:40 - 2015-02-08 01:40 - 00000885 _____ () C:\Users\Abhishek\Desktop\BitTorrent.lnk
2015-02-08 01:24 - 2015-02-08 17:10 - 00000000 ____D () C:\Users\Abhishek\Downloads\PK (2014) 720p HDRiP x265 HEVC-MMKV
2015-02-08 00:09 - 2015-02-08 00:09 - 00002986 _____ () C:\Windows\System32\Tasks\{FB47F3A0-2DDB-47D1-8FEF-F0DA6368F364}
2015-02-07 01:43 - 2015-02-07 01:43 - 00000000 ____D () C:\Users\Abhishek\Downloads\p-0730--Hospital Management in JAVA
2015-02-07 01:31 - 2015-02-07 01:42 - 07108447 _____ () C:\Users\Abhishek\Downloads\p-0730--Hospital Management in JAVA.rar
2015-02-07 01:21 - 2015-02-07 01:21 - 00000000 ____D () C:\Users\Abhishek\Downloads\AlienSwarm
2015-02-07 01:18 - 2015-02-07 01:21 - 03538001 _____ () C:\Users\Abhishek\Downloads\AlienSwarm.zip
2015-02-06 23:49 - 2015-02-06 23:49 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\IDT
2015-02-02 03:16 - 2015-02-02 03:16 - 00000000 ____D () C:\Users\Abhishek\.jmc
2015-02-02 03:16 - 2015-02-02 03:16 - 00000000 ____D () C:\Users\Abhishek\.eclipse
2015-02-02 02:49 - 2015-02-07 01:34 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-02 01:45 - 2015-02-02 03:35 - 00000000 ____D () C:\Users\Abhishek\Downloads\Just Java 2, 6th Edition
2015-02-01 01:51 - 2015-02-01 01:51 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2015-02-01 01:07 - 2015-02-01 01:07 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-01 01:06 - 2015-02-01 01:06 - 00002454 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2015-01-30 16:34 - 2015-01-30 16:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_usb2ser_01005.Wdf
2015-01-30 16:33 - 2015-01-30 16:33 - 00001136 _____ () C:\Users\Public\Desktop\MMX377G 3G USB Manager.lnk
2015-01-30 16:33 - 2015-01-30 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMX377G 3G USB Manager
2015-01-30 16:33 - 2015-01-30 16:33 - 00000000 ____D () C:\Program Files (x86)\MMX377G 3G USB Manager
2015-01-30 16:33 - 2013-02-21 15:17 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01005.dll
2015-01-30 16:33 - 2013-02-21 15:17 - 00081408 _____ (MediaTek Inc.) C:\Windows\system32\Drivers\usb2ser.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 10:51 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 10:51 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 10:50 - 2012-10-12 18:30 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\CrashDumps
2015-02-22 10:49 - 2012-10-12 16:03 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F986992-9698-4D82-BDFF-30956510C54E}
2015-02-22 10:49 - 2009-07-14 10:43 - 00791410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 10:47 - 2012-10-12 16:02 - 01899522 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 10:44 - 2014-08-28 15:51 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\Adobe
2015-02-22 10:44 - 2013-01-14 08:59 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-22 10:43 - 2014-12-27 19:00 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForAbhishek.job
2015-02-22 10:43 - 2014-09-05 19:22 - 00000000 ____D () C:\Temp
2015-02-22 10:43 - 2013-11-14 21:19 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-22 10:43 - 2013-03-20 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-22 10:43 - 2012-11-13 01:38 - 00000000 ____D () C:\Windows\Minidump
2015-02-22 10:43 - 2012-10-16 15:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 10:43 - 2010-11-21 09:17 - 00805778 _____ () C:\Windows\PFRO.log
2015-02-22 10:43 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 10:43 - 2009-07-14 10:21 - 00397558 _____ () C:\Windows\setupact.log
2015-02-22 10:29 - 2012-02-05 04:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-22 10:10 - 2012-10-16 15:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 09:42 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Default
2015-02-22 09:39 - 2009-07-14 08:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-22 09:28 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\tracing
2015-02-22 07:59 - 2014-12-27 19:00 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAbhishek
2015-02-21 19:39 - 2013-11-07 19:36 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2015-02-21 04:27 - 2014-10-21 06:41 - 00000000 ____D () C:\Users\Abhishek\Desktop\infographics
2015-02-21 00:51 - 2013-04-28 18:30 - 00001456 _____ () C:\Users\Abhishek\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-20 18:47 - 2012-10-13 00:31 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\vlc
2015-02-19 02:40 - 2013-09-11 02:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 01:48 - 2014-11-05 19:40 - 00000000 ____D () C:\Users\Abhishek\Desktop\New folder (3)
2015-02-18 23:27 - 2012-10-28 12:03 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-02-18 17:20 - 2014-11-15 04:16 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1416005194
2015-02-18 17:20 - 2014-11-15 04:16 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-18 01:21 - 2012-10-25 03:55 - 00000000 ____D () C:\ProgramData\avg9
2015-02-18 01:07 - 2012-10-17 16:04 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\Orbit
2015-02-17 03:24 - 2012-11-01 06:18 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\DVDVideoSoft
2015-02-16 21:07 - 2012-11-14 20:00 - 00000000 ____D () C:\Users\Abhishek\Documents\FIFA 12
2015-02-10 03:30 - 2014-06-09 02:08 - 00000000 ____D () C:\Users\Abhishek\AppData\Roaming\BitTorrent
2015-02-10 03:19 - 2014-12-16 00:55 - 00000000 ____D () C:\Users\Abhishek\Desktop\Resume
2015-02-09 00:53 - 2012-10-21 19:15 - 00000000 ___RD () C:\Flicks
2015-02-09 00:10 - 2015-01-20 00:36 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\Eclipse
2015-02-08 05:05 - 2012-10-16 15:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 05:05 - 2012-10-16 15:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 01:40 - 2014-06-16 06:13 - 00000865 _____ () C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-02-07 01:35 - 2012-02-05 04:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 01:35 - 2012-02-05 04:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 01:35 - 2012-02-05 04:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 00:30 - 2014-03-22 09:33 - 00000000 ____D () C:\Users\Abhishek\AppData\Local\Windows Live
2015-02-02 03:16 - 2012-10-12 16:00 - 00000000 ____D () C:\Users\Abhishek
2015-02-02 01:31 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-01 01:06 - 2012-02-05 04:46 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-01 01:06 - 2012-02-05 04:46 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games

 

[AbbbY Sen]

==================== Files in the root of some directories =======

2013-07-24 01:34 - 2013-07-24 01:34 - 0000132 _____ () C:\Users\Abhishek\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-04-16 02:37 - 2014-07-29 21:40 - 0000132 _____ () C:\Users\Abhishek\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-31 01:51 - 2014-05-31 01:51 - 0000024 _____ () C:\Users\Abhishek\AppData\Roaming\MyPhrases.dta
2013-04-28 18:30 - 2015-02-21 00:51 - 0001456 _____ () C:\Users\Abhishek\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-10-28 12:08 - 2012-10-28 12:08 - 0014848 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 02:42 - 2013-08-24 02:42 - 0000001 _____ () C:\Users\Abhishek\AppData\Local\llftool.4.30.agreement
2014-03-23 22:17 - 2014-06-21 20:24 - 0007629 _____ () C:\Users\Abhishek\AppData\Local\resmon.resmoncfg
2012-11-09 08:40 - 2014-02-20 21:17 - 0002558 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Abhishek\AppData\Local\Temp\Quarantine.exe
C:\Users\Abhishek\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-02-13 02:07

==================== End Of Log ============================

 

[AbbbY Sen]

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
Ran by Abhishek at 2015-02-22 10:56:36
Running from C:\Users\Abhishek\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM-x32\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM-x32\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Angry Birds Rio (HKLM-x32\...\{D7B3493D-766C-40AA-9AA9-053B896D76DE}) (Version: 1.1.0 - Rovio)
Any Video Converter Professional 5.0.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
AVG Free 9.0 (HKLM-x32\...\AVG9Uninstall) (Version: - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bitnami WordPress Module (HKLM-x32\...\Bitnami WordPress Module 4.0-1) (Version: 4.0-1 - Bitnami)
BitTorrent (HKU\S-1-5-21-674437956-1809715338-1024526891-1000\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3300 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
D1600 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_SF_06_D1600_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EasyTether (HKLM\...\{A3FAE73B-4474-4A1D-A343-2FE248F05265}) (Version: 1.1.14 - Mobile Stream)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FIFA 12 (c) EA version 1 (HKLM-x32\...\FIFA 12 (c) EA_is1) (Version: 1 - )
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.14.0 - Androxyde)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (HKLM\...\{2CD0168D-FBBC-4667-8810-105CB6EC6348}) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
ImTOO Video Converter Ultimate 6 (HKLM-x32\...\ImTOO Video Converter Ultimate 6) (Version: 6.0.15.1110 - ImTOO)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MMX377G 3G USB Manager v06.100413.377G (HKLM-x32\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 27.0.1689.69 (HKLM-x32\...\Opera 27.0.1689.69) (Version: 27.0.1689.69 - Opera Software ASA)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
Photomatix Pro version 4.2.4 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.4 - HDRsoft Sarl)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
RapidTyping (HKLM-x32\...\RapidTyping) (Version: 4.6.5 - RapidTyping Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
Reliance 3G (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - )
Reliance Netconnect (HKLM-x32\...\Reliance Netconnect) (Version: 11.012.03.38.114 - Huawei Technologies Co.,Ltd)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
RSDLite (HKLM-x32\...\{EAC93E1D-4807-43E2-B39A-8170B731B7D0}) (Version: 5.6 - Motorola)
Search App by Ask (HKLM-x32\...\{42545253-502D-4300-76A7-A75C790C1700}) (Version: 12.23.0.200 - APN, LLC) <==== ATTENTION
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Mobile Update Service (HKLM-x32\...\Update Service) (Version: 2.13.3.43 - Sony Mobile Communications AB)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Uninstall BSNL Wireless Connection Manager (HKLM-x32\...\Uninstall BSNL Wireless Connection Manager) (Version: - )
UnLock Root 3.1 (HKLM-x32\...\UnLock Root) (Version: 3.1 - Unlcokroot)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. Net (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
Windows Driver Package - Microsoft (WUDFRd) WPD (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Wondershare Photo Recovery (build 3.0.0) (HKLM-x32\...\Wondershare Photo Recovery_is1) (Version: - Wondershare Software Co., Ltd.)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
ZTE EV-DO (HKLM-x32\...\ZTEEVDO-101_is1) (Version: - )
ZTE Wireless Terminal (HKLM\...\ZTEWireless-101_is1) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

[AbbbY Sen]

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2015-02-22 09:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {046B3C49-6A89-4A36-9B12-E6A2E23C4D62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {047CA982-9AAC-44E1-8D5C-A4BE46F67AFA} - System32\Tasks\{30E6523D-8A4E-4E74-8AF1-4D15B6C72311} => pcalua.exe -a C:\Users\Abhishek\AppData\Local\Temp\7zS20AF\hppiw.exe -d C:\Users\Abhishek\AppData\Local\Temp\7zS20AF
Task: {14D7D718-CD62-4706-82D2-4EDCE7D8C8B0} - System32\Tasks\{5A4470DA-749D-4DB6-97AE-43BA0571D74A} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-06] (Broadcom Corporation.)
Task: {3BB1AB38-5BEC-4B9A-B94C-23EC89352E1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {47BB3870-9E26-4543-8B55-11A6D30FD2F7} - System32\Tasks\AdobeAAMUpdater-1.0-Abhishek-HP-Abhishek => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {50DE9868-70B7-468F-B82C-92DD0D40DC69} - System32\Tasks\{06044999-30A3-4798-8D09-6B34F0D3CE89} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-06] (Broadcom Corporation.)
Task: {51ACADC6-BECC-4F72-B3F5-0399E0931189} - System32\Tasks\{1A2F4A22-0495-44A5-A0AA-8F845613D1C3} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-06] (Broadcom Corporation.)
Task: {5E06635E-C7CA-4E65-A9B1-41A82C192158} - System32\Tasks\{FB47F3A0-2DDB-47D1-8FEF-F0DA6368F364} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-06] (Broadcom Corporation.)
Task: {64458500-191E-4F62-8E05-899F4CE1F3D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7080BB64-5E05-496B-BA0B-1C9E61D8C20F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {7F02A969-D29D-4ECB-A238-B0CA71A40EE3} - System32\Tasks\{59246E38-F407-4BE7-8FA0-14E7340EB848} => pcalua.exe -a "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\GUninstaller.exe" -c -uprtc -key "BabylonToolbar"
Task: {7F27C0FF-6CBD-48A8-AE4B-A4203B18B322} - System32\Tasks\HPCeeScheduleForAbhishek => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {811892F9-8E44-4781-8758-094F9574D43C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8ABA1C0C-4D0B-4FB0-81CB-8438F4BB0936} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8AC9261C-52EE-4F00-9777-60E4ACBA5524} - System32\Tasks\{93E63D54-B118-486C-9A28-1552E7F2EAA8} => pcalua.exe -a C:\Users\Abhishek\Downloads\devcpp-4.9.9.2_setup.exe -d C:\Users\Abhishek\Downloads
Task: {9001E3A7-D220-4082-B714-797B627B6855} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {99C49EA1-4A76-406C-B54F-04C298156A92} - System32\Tasks\{87332844-375C-4E51-BBEB-2F78096120E4} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\GUninstaller.exe" -c -uprtc -key "claro"
Task: {A21B2B93-E63A-4E92-A1CD-9EAFC3E27925} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {ACC0A2B2-B817-445A-ABD6-0C0EC2D5C1B0} - System32\Tasks\Opera scheduled Autoupdate 1416005194 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-10] (Opera Software)
Task: {B702A52C-49DB-40E9-BCD8-740BD3A114B4} - System32\Tasks\{6401B00E-C03B-4DE4-8943-487F34D518A8} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {C92FE6D2-A48C-4981-A94B-60C67BDC4C4B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-29] (CyberLink)
Task: {CCD4C010-47D2-4C10-B42E-B15A87977E11} - System32\Tasks\{4FADDC5B-A1BF-4C41-89FD-534C572D1563} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-06] (Broadcom Corporation.)
Task: {D19767B9-78CD-4F90-AE92-24FC222DD24F} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D1EFCB1F-537E-441E-A16E-381A12685314} - System32\Tasks\{17447C46-81D6-44DF-8E11-E502BE6BC38A} => pcalua.exe -a D:\Softwares\Nokia_PC_Suite_eng_web_2.exe -d D:\Softwares
Task: {F3825471-E6CA-4C11-BD20-B45BBBA0ABC6} - System32\Tasks\{7A0F9C8C-F8A5-4F6B-96BB-954E978CA9FA} => pcalua.exe -a C:\Users\Abhishek\AppData\Local\Temp\7zS1F48\hppiw.exe -d C:\Users\Abhishek\AppData\Local\Temp\7zS1F48
Task: {F472A402-D18E-4051-95BA-96386C4721CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAbhishek.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-03 15:10 - 2011-12-17 02:07 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-11-10 22:04 - 2008-11-28 16:35 - 00402944 _____ () C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
2013-04-21 00:13 - 2011-08-09 16:24 - 00270672 _____ () C:\Program Files (x86)\Reliance 3G\AssistantServices.exe
2012-01-06 06:54 - 2012-01-06 06:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-11 10:25 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-01-18 11:04 - 2012-01-18 11:04 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-27 04:11 - 2011-12-27 04:11 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-10-31 20:35 - 2013-10-31 20:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-11-11 10:25 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
2014-02-13 03:31 - 2014-02-13 03:31 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\28fa9bfd5db2f3e7338a262c8d4bccf2\IsdiInterop.ni.dll
2012-05-03 15:10 - 2011-11-30 08:30 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-05-03 15:09 - 2011-12-17 00:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-07 01:35 - 2015-02-07 01:35 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Abhishek\AppData\Local\CWup6Pgh:g8RVvRBzXW7F05wqfWzm5WCR
AlternateDataStreams: C:\Users\Abhishek\AppData\Local\MjL99dmzs4GrOxp:c4pbrllNVKWEKYimjDz73
AlternateDataStreams: C:\Users\Abhishek\AppData\Local\Temporary Internet Files:F6wnsdHpFMcKfQrsxeNmc

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Abhishek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aide => C:\Program Files (x86)\Reliance Netconnect\Aide.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BSNLWCM_McciTrayApp => C:\Program Files (x86)\BSNLWCM\McciTrayApp.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: EasyTether => "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Abhishek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: MotiveReportAgent => "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\MotiveBrowser.exe" /hidden
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\Reliance 3G\UIExec.exe"

==================== Accounts: =============================

Abhishek (S-1-5-21-674437956-1809715338-1024526891-1000 - Administrator - Enabled) => C:\Users\Abhishek
Administrator (S-1-5-21-674437956-1809715338-1024526891-500 - Administrator - Disabled)
Guest (S-1-5-21-674437956-1809715338-1024526891-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: EasyTether Network Adapter
Description: EasyTether Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Mobile Stream
Service: easytether
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PortableVBoxDRV
Description: PortableVBoxDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VBoxDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PortableVBoxUSBMon
Description: PortableVBoxUSBMon
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VBoxUSBMon
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/03/2014 04:07:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 66367 seconds with 420 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-02-22 09:38:13.375
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-22 09:38:13.297
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-04 06:05:40.968
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Abhishek\AppData\Local\Temp\Tcpz-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-04 06:05:40.890
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Abhishek\AppData\Local\Temp\Tcpz-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-06 15:05:09.868
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRENDIS5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-06 15:05:09.822
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRENDIS5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-06 15:05:08.761
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRENDIS5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-06 15:05:08.714
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRENDIS5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-06 15:05:07.622
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRENDIS5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-06 15:05:07.591
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRENDIS5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 3994.36 MB
Available physical RAM: 2187.24 MB
Total Pagefile: 7986.9 MB
Available Pagefile: 5744.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:205.62 GB) (Free:20.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Stuffs) (Fixed) (Total:199.74 GB) (Free:5.53 GB) NTFS
Drive g: (Recovery) (Fixed) (Total:19.46 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 794AE9E5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[AbbbY Sen]

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Abhishek at 2015-02-23 08:55:09 Run:1
Running from C:\Users\Abhishek\Desktop
Loaded Profiles: Abhishek (Available profiles: Abhishek)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-674437956-1809715338-1024526891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-674437956-1809715338-1024526891-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
Toolbar: HKU\S-1-5-21-674437956-1809715338-1024526891-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Extension: Search App by Ask - C:\Users\Abhishek\AppData\Roaming\Mozilla\Firefox\Profiles\49aoobau.default\Extensions\toolbar_BTRSP-C@apn.ask.com.xpi [2015-01-13]
C:\Users\Abhishek\AppData\Roaming\Mozilla\Firefox\Profiles\49aoobau.default\Extensions\toolbar_BTRSP-C@apn.ask.com.xpi
CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=dvd_14_16_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtCzztAtA0A0AyDyCyC0FtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0AzyyByDyC0B0FtGyCyByD0EtGyDzztAtAtGtC0D0C0AtGtDtB0AyE0FyBtD0Dzz0AtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyEtDzytByCtDtG0FtCzzzztGtCyE0E0DtG0E0Bzz0AtGyD0F0EtAyD0BtC0E0DyC0Czz2Q&cr=1501068693&ir=
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_16_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtCzztAtA0A0AyDyCyC0FtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0AzyyByDyC0B0FtGyCyByD0EtGyDzztAtAtGtC0D0C0AtGtDtB0AyE0FyBtD0Dzz0AtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyEtDzytByCtDtG0FtCzzzztGtCyE0E0DtG0E0Bzz0AtGyD0F0EtAyD0BtC0E0DyC0Czz2Q&cr=1501068693&ir=", ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
U3 axrlo05x; C:\Windows\System32\Drivers\axrlo05x.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
C:\Windows\System32\Drivers\axrlo05x.sys
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 u302bus; system32\DRIVERS\u302bus.sys [X]
S3 u302mdfl; system32\DRIVERS\u302mdfl.sys [X]
S3 u302mdm; system32\DRIVERS\u302mdm.sys [X]
S3 u302mgmt; system32\DRIVERS\u302mgmt.sys [X]
S2 VBoxDRV; \??\K:\VirtualBox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [X]
S2 VBoxUSBMon; \??\K:\VirtualBox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [X]
2013-07-24 01:34 - 2013-07-24 01:34 - 0000132 _____ () C:\Users\Abhishek\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-04-16 02:37 - 2014-07-29 21:40 - 0000132 _____ () C:\Users\Abhishek\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-31 01:51 - 2014-05-31 01:51 - 0000024 _____ () C:\Users\Abhishek\AppData\Roaming\MyPhrases.dta
2013-04-28 18:30 - 2015-02-21 00:51 - 0001456 _____ () C:\Users\Abhishek\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-10-28 12:08 - 2012-10-28 12:08 - 0014848 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 02:42 - 2013-08-24 02:42 - 0000001 _____ () C:\Users\Abhishek\AppData\Local\llftool.4.30.agreement
2014-03-23 22:17 - 2014-06-21 20:24 - 0007629 _____ () C:\Users\Abhishek\AppData\Local\resmon.resmoncfg
2012-11-09 08:40 - 2014-02-20 21:17 - 0002558 _____ () C:\ProgramData\hpzinstall.log
C:\Users\Abhishek\AppData\Local\Temp\Quarantine.exe
C:\Users\Abhishek\AppData\Local\Temp\sqlite3.dll
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
DeleteKey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42545253-502D-4300-76A7-A75C790C1700}"
Task: {7F02A969-D29D-4ECB-A238-B0CA71A40EE3} - System32\Tasks\{59246E38-F407-4BE7-8FA0-14E7340EB848} => pcalua.exe -a "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\GUninstaller.exe" -c -uprtc -key "BabylonToolbar"
C:\Program Files (x86)\BabylonToolbar
Task: {99C49EA1-4A76-406C-B54F-04C298156A92} - System32\Tasks\{87332844-375C-4E51-BBEB-2F78096120E4} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\GUninstaller.exe" -c -uprtc -key "claro"'
C:\Program Files (x86)\Claro LTD
AlternateDataStreams: C:\Users\Abhishek\AppData\Local\CWup6Pgh:g8RVvRBzXW7F05wqfWzm5WCR
AlternateDataStreams: C:\Users\Abhishek\AppData\Local\MjL99dmzs4GrOxp:c4pbrllNVKWEKYimjDz73
AlternateDataStreams: C:\Users\Abhishek\AppData\Local\Temporary Internet Files:F6wnsdHpFMcKfQrsxeNmc

*****************

"HKU\S-1-5-21-674437956-1809715338-1024526891-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-674437956-1809715338-1024526891-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Users\Abhishek\AppData\Roaming\Mozilla\Firefox\Profiles\49aoobau.default\Extensions\toolbar_BTRSP-C@apn.ask.com.xpi => Moved successfully.
"C:\Users\Abhishek\AppData\Roaming\Mozilla\Firefox\Profiles\49aoobau.default\Extensions\toolbar_BTRSP-C@apn.ask.com.xpi" => File/Directory not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll not found.
C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll not found.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
axrlo05x => Service not found.
"C:\Windows\System32\Drivers\axrlo05x.sys" => File/Directory not found.
BTCFilterService => Service deleted successfully.
catchme => Service deleted successfully.
esgiguard => Service deleted successfully.
motccgpfl => Service deleted successfully.
MotDev => Service deleted successfully.
motmodem => Service deleted successfully.
Motousbnet => Service deleted successfully.
motusbdevice => Service deleted successfully.
u302bus => Service deleted successfully.
u302mdfl => Service deleted successfully.
u302mdm => Service deleted successfully.
u302mgmt => Service deleted successfully.
VBoxDRV => Service deleted successfully.
VBoxUSBMon => Service deleted successfully.
C:\Users\Abhishek\AppData\Roaming\Adobe IllExport Filter CS6 Prefs => Moved successfully.
C:\Users\Abhishek\AppData\Roaming\Adobe PNG Format CS6 Prefs => Moved successfully.
C:\Users\Abhishek\AppData\Roaming\MyPhrases.dta => Moved successfully.
C:\Users\Abhishek\AppData\Local\Adobe Save for Web 13.0 Prefs => Moved successfully.
C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Abhishek\AppData\Local\llftool.4.30.agreement => Moved successfully.
C:\Users\Abhishek\AppData\Local\resmon.resmoncfg => Moved successfully.
C:\ProgramData\hpzinstall.log => Moved successfully.
C:\Users\Abhishek\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Abhishek\AppData\Local\Temp\sqlite3.dll => Moved successfully.

The operation completed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42545253-502D-4300-76A7-A75C790C1700} => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F02A969-D29D-4ECB-A238-B0CA71A40EE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F02A969-D29D-4ECB-A238-B0CA71A40EE3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{59246E38-F407-4BE7-8FA0-14E7340EB848} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{59246E38-F407-4BE7-8FA0-14E7340EB848}" => Key deleted successfully.
"C:\Program Files (x86)\BabylonToolbar" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99C49EA1-4A76-406C-B54F-04C298156A92}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99C49EA1-4A76-406C-B54F-04C298156A92}" => Key deleted successfully.
C:\Windows\System32\Tasks\{87332844-375C-4E51-BBEB-2F78096120E4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87332844-375C-4E51-BBEB-2F78096120E4}" => Key deleted successfully.
"C:\Program Files (x86)\Claro LTD" => File/Directory not found.
C:\Users\Abhishek\AppData\Local\CWup6Pgh => ":g8RVvRBzXW7F05wqfWzm5WCR" ADS removed successfully.
C:\Users\Abhishek\AppData\Local\MjL99dmzs4GrOxp => ":c4pbrllNVKWEKYimjDz73" ADS removed successfully.
"C:\Users\Abhishek\AppData\Local\Temporary Internet Files" => ":F6wnsdHpFMcKfQrsxeNmc" ADS not found.

==== End of Fixlog 08:55:10 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[AbbbY Sen]

CheckUp.txt

Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (36.0)
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[AbbbY Sen]

FSS Log

Farbar Service Scanner Version: 17-01-2015
Ran by Abhishek (administrator) on 23-02-2015 at 14:00:22
Running from "C:\Users\Abhishek\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is unreachable
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[AbbbY Sen]

There was no log file after TFC ran scan but I copied the following before exiting which was on the screen.

Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: Abhishek
->Temp folder emptied: 14470613 bytes
->Temporary Internet Files folder emptied: 379544009 bytes
->Java cache emptied: 316968 bytes
->FireFox cache emptied: 365023788 bytes
->Google Chrome cache emptied: 254772894 bytes
->Flash cache emptied: 822075 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2843 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1279701 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26453 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4978682 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43276535 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 0 bytes
Process complete!
Total Files Cleaned = 1,015.00 mb

 

[Broni]

Sophos?

 

[AbbbY Sen]

Sophos Log

2015-02-24 10:14:39.559 Sophos Virus Removal Tool version 2.5.4
2015-02-24 10:14:39.559 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-02-24 10:14:39.559 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-02-24 10:14:39.559 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-02-24 10:14:39.563 Checking for updates...
2015-02-24 10:14:42.358 Update progress: proxy server not available
2015-02-24 10:14:49.198 Option all = no
2015-02-24 10:14:49.198 Option recurse = yes
2015-02-24 10:14:49.198 Option archive = no
2015-02-24 10:14:49.198 Option service = yes
2015-02-24 10:14:49.198 Option confirm = yes
2015-02-24 10:14:49.198 Option sxl = yes
2015-02-24 10:14:49.199 Option max-data-age = 35
2015-02-24 10:14:49.199 Option EnableSafeClean = yes
2015-02-24 10:14:51.035 Option vdl-logging = yes
2015-02-24 10:14:51.040 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-24 10:14:51.040 Machine ID: 38e151fbed324da5a9d1f071c8e9a641
2015-02-24 10:14:51.042 Component SVRTcli.exe version 2.5.4
2015-02-24 10:14:51.042 Component control.dll version 2.5.4
2015-02-24 10:14:51.042 Component SVRTservice.exe version 2.5.4
2015-02-24 10:14:51.042 Component engine\osdp.dll version 1.44.1.2183
2015-02-24 10:14:51.042 Component engine\veex.dll version 3.58.3.2183
2015-02-24 10:14:51.042 Component engine\savi.dll version 8.1.5.2183
2015-02-24 10:14:51.042 Component rkdisk.dll version 1.5.30.0
2015-02-24 10:14:51.042 Version info: Product version 2.5.4
2015-02-24 10:14:51.043 Version info: Detection engine 3.58.3
2015-02-24 10:14:51.043 Version info: Detection data 5.11
2015-02-24 10:14:51.043 Version info: Build date 03-02-2015
2015-02-24 10:14:51.043 Version info: Data files added 283
2015-02-24 10:14:51.043 Version info: Last successful update (not yet updated)
2015-02-24 10:16:25.488 Downloading updates...
2015-02-24 10:16:25.491 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-24 10:16:25.491 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-24 10:16:25.491 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-24 10:16:25.491 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-24 10:16:25.491 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-24 10:16:25.491 Update progress: [I19463] Syncing product SAVIW32 51
2015-02-24 10:16:46.466 Update progress: [I19463] Syncing product IDE512 166
2015-02-24 10:16:49.460 Update progress: [I19463] Syncing product IDE513 127
2015-02-24 10:16:57.195 Installing updates...
2015-02-24 10:16:57.799 Error level 1
2015-02-24 10:17:06.991 Update successful
2015-02-24 10:17:26.843 Option all = no
2015-02-24 10:17:26.843 Option recurse = yes
2015-02-24 10:17:26.843 Option archive = no
2015-02-24 10:17:26.844 Option service = yes
2015-02-24 10:17:26.844 Option confirm = yes
2015-02-24 10:17:26.844 Option sxl = yes
2015-02-24 10:17:26.845 Option max-data-age = 35
2015-02-24 10:17:26.845 Option EnableSafeClean = yes
2015-02-24 10:17:26.892 Option vdl-logging = yes
2015-02-24 10:17:26.894 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-24 10:17:26.894 Machine ID: 38e151fbed324da5a9d1f071c8e9a641
2015-02-24 10:17:26.894 Component SVRTcli.exe version 2.5.4
2015-02-24 10:17:26.894 Component control.dll version 2.5.4
2015-02-24 10:17:26.894 Component SVRTservice.exe version 2.5.4
2015-02-24 10:17:26.894 Component engine\osdp.dll version 1.44.1.2183
2015-02-24 10:17:26.894 Component engine\veex.dll version 3.58.3.2183
2015-02-24 10:17:26.894 Component engine\savi.dll version 8.1.5.2183
2015-02-24 10:17:26.895 Component rkdisk.dll version 1.5.30.0
2015-02-24 10:17:26.895 Version info: Product version 2.5.4
2015-02-24 10:17:26.895 Version info: Detection engine 3.58.3
2015-02-24 10:17:26.895 Version info: Detection data 5.11G
2015-02-24 10:17:26.895 Version info: Build date 03-02-2015
2015-02-24 10:17:26.895 Version info: Data files added 289
2015-02-24 10:17:26.895 Version info: Last successful update 24-02-2015 15:47:06

2015-02-24 10:36:11.149 Could not open C:\hiberfil.sys
2015-02-24 10:53:48.114 >>> Virus 'Mal/HckPk-A' found in file C:\Program Files (x86)\HP Games\Chuzzle Deluxe\WTA-7783c07f-e883-420d-99d1-49585d840017-wextr.exe
2015-02-24 10:53:48.115 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:53:48.115 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:53:48.115 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:54:57.013 >>> Virus 'Mal/HckPk-A' found in file C:\Program Files (x86)\HP Games\FATE\WTA-cfd140b8-e211-4146-8add-39df43b30d93-wextr.exe
2015-02-24 10:54:57.013 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:54:57.013 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:54:57.014 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:56:28.058 >>> Virus 'Mal/HckPk-A' found in file C:\Program Files (x86)\HP Games\Poker Superstars III\WTA-060835f8-ba92-4f29-9820-bd28e24b395e-wextr.exe
2015-02-24 10:56:28.058 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:56:28.059 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 10:56:28.059 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:45.146 >>> Virus 'Mal/HckPk-A' found in file C:\Program Files (x86)\HP Games\The Treasures of Mystery Island The Ghost Ship\WTA-e586ec1c-31fa-4abc-934c-4ef01131056a-wextr.exe
2015-02-24 11:00:45.146 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:45.146 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:45.147 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:49.705 >>> Virus 'Mal/HckPk-A' found in file C:\Program Files (x86)\HP Games\Torchlight\WTA-40c4a6de-9217-4500-91be-19d6725e32e9-wextr.exe
2015-02-24 11:00:49.705 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:49.705 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:49.706 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:54.305 >>> Virus 'Mal/HckPk-A' found in file C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\WTA-b46d3243-a1be-4c71-ac1e-d389fcb1cca3-wextr.exe
2015-02-24 11:00:54.306 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:54.306 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:00:54.306 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:06:51.984 Could not open C:\ProgramData\avg9\Chjw\3222078e2207566f\154bd69c-44d0-4056-a9ac-9c17f5dc4d79
2015-02-24 11:06:51.985 Could not open C:\ProgramData\avg9\Chjw\3222078e2207566f\cdd32cd3-fc96-4aeb-b3b9-baece8a8fd35
2015-02-24 11:08:58.283 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-060835f8-ba92-4f29-9820-bd28e24b395e-extr.exe
2015-02-24 11:08:58.283 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:08:58.285 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:08:58.285 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:18.895 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-4a2b4983-ca70-4830-839d-ff22f8aa9d8a-extr.exe
2015-02-24 11:09:18.895 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:18.896 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:18.896 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:38.695 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-7783c07f-e883-420d-99d1-49585d840017-extr.exe
2015-02-24 11:09:38.695 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:38.695 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:38.696 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:50.232 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-af29f08a-46ff-4d2d-a302-1d2acacbdf44-extr.exe
2015-02-24 11:09:50.232 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:50.232 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:50.233 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:55.914 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-c667e7ab-917d-4676-8e96-51bfc889843b-extr.exe
2015-02-24 11:09:55.914 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:55.915 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:09:55.915 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:15.198 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-f3cc5135-34be-4ae0-8e90-ea090e326e62-extr.exe
2015-02-24 11:10:15.198 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:15.198 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:15.198 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:18.353 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-f55d017e-e492-494a-8d5d-12bd0349d7b7-extr.exe
2015-02-24 11:10:18.353 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:18.353 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:18.353 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:22.633 >>> Virus 'Mal/HckPk-A' found in file C:\ProgramData\WildTangent\GameInstalls\WTA-fccb90b4-1dc1-467f-b32e-57f3da3abe2a-extr.exe
2015-02-24 11:10:22.633 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:22.633 >>> Virus 'Mal/HckPk-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:10:22.633 >>> Virus 'Mal/HckPk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:12:03.460 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 11:12:03.461 Could not open C:\System Volume Information\{a6ae1615-babf-11e4-b75b-a0b3cc6fa588}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 11:12:03.461 Could not open C:\System Volume Information\{a6ae1723-babf-11e4-b75b-a0b3cc6fa588}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 11:21:19.241 >>> Virus 'Mal/KeyGen-M' found in file C:\Users\Abhishek\Downloads\HDRsoft Photomatix Pro 4.2.4 (32 bit + 64bit) + Keygens---PMS\HDRsoft Photomatix Pro 4.2.4 (64 bit)\HDRsoft Photomatix Pro 4.2.4 (64 bit)\~Get Your Files Here\Keygen\keygen.exe
2015-02-24 11:21:19.241 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:21:19.241 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:21:19.242 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:21:33.260 >>> Virus 'Andr/DroidRt-M' found in file C:\Users\Abhishek\Downloads\MtkDroidTools v2.5.3\files\pwn
2015-02-24 11:21:33.260 >>> Virus 'Andr/DroidRt-M' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:21:33.260 >>> Virus 'Andr/DroidRt-M' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:21:33.260 >>> Virus 'Andr/DroidRt-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 11:27:56.611 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-02-24 11:27:56.611 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-02-24 11:28:00.307 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-02-24 11:28:00.307 Could not open C:\Windows\System32\config\RegBack\SAM
2015-02-24 11:28:00.308 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-02-24 11:28:00.310 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-02-24 11:28:00.310 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-02-24 11:28:25.586 Could not open C:\Windows\System32\drivers\sptd.sys
2015-02-24 12:02:15.771 Could not check D:\Documents\PPT\chapter5.ppt (corrupt)
2015-02-24 12:02:15.989 Could not check D:\Documents\PPT\dsCh5.ppt (corrupt)
2015-02-24 12:10:26.991 >>> Virus 'Troj/Agent-AEEN' found in file D:\Softwares\Adobe Illustrator CC 17.1 Final Multilanguage [ChingLiu]\crack\Adobe.CC.Anticloud.exe
2015-02-24 12:10:26.992 >>> Virus 'Troj/Agent-AEEN' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 12:10:26.992 >>> Virus 'Troj/Agent-AEEN' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 12:10:26.992 >>> Virus 'Troj/Agent-AEEN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 12:12:26.834 >>> Virus 'Troj/LCKeyGen-A' found in file D:\Softwares\CorelDRAW Graphics Suite X5\Keygen\corel-x5_keygen.exe
2015-02-24 12:12:26.836 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 12:12:26.836 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-674437956-1809715338-1024526891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 12:12:26.836 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-24 12:15:54.433 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 12:15:54.433 Could not open D:\System Volume Information\{a6ae1617-babf-11e4-b75b-a0b3cc6fa588}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 12:15:54.433 Could not open D:\System Volume Information\{a6ae1725-babf-11e4-b75b-a0b3cc6fa588}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 12:15:54.945 Could not open G:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 12:15:54.945 Could not open G:\System Volume Information\{a6ae1724-babf-11e4-b75b-a0b3cc6fa588}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-24 12:15:55.185 The following items will be cleaned up:
2015-02-24 12:15:55.185 Mal/HckPk-A
2015-02-24 12:15:55.185 Mal/KeyGen-M
2015-02-24 12:15:55.185 Andr/DroidRt-M
2015-02-24 12:15:55.185 Troj/Agent-AEEN
2015-02-24 12:15:55.185 Troj/LCKeyGen-A

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

===============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[AbbbY Sen]

Thanks a lot Broni. You were a great help.
The system is doing fine as if now and got a lot of free space back.
Thanks (y)

 

[Broni]

Yes!!

Good luck and stay safe