Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP ME!!! ON REMOVING appearance of SHORTCUTS,aiasfacoiaksf.vbs error, virus..


  • This topic is locked This topic is locked
26 replies to this topic

#1 ambika

ambika

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 07 August 2014 - 03:05 AM

Hello.....

I didnt know what is the exact problem in my system.....Whenever i insert pen drive I get shortcut and i am not able to copy things from pen drive ..i also get black screen when i start up my system....I really didnt know what is my problem ......Please do help me ....It will be much helpful if u give me a solution for this problem



BC AdBot (Login to Remove)

 


#2 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 07 August 2014 - 03:16 AM

-


Edited by TB-Psychotic, 07 August 2014 - 03:53 AM.


#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 07 August 2014 - 03:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 07 August 2014 - 03:53 AM

-


Edited by TB-Psychotic, 07 August 2014 - 03:53 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 07 August 2014 - 04:02 AM

i was trying to download  FRST 32bit or FRST 64bit but it is showing me a error message as it is not valid win32 application



#6 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 07 August 2014 - 04:09 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by ANU (administrator) on ANU-PC on 07-08-2014 14:35:19
Running from C:\Users\ANU\Downloads
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\ProgramData\Aircel\OnlineUpdate\ouc.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\DefaultTab\DefaultTabSearch.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe
() C:\Program Files\Deal Keeper\updateDealKeeper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
() C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
() C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\airtel\airtel.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\ANU\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Policies\Explorer\Run: [Microsoft Driver Setup] => C:\Windows\yWdrive32.exe No File
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [eType] => C:\Users\ANU\AppData\Roaming\eType\eType.exe [1844 2012-10-24] ()
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Screen Saver Pro 3.1] => C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Hmieil] => C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [proxzy0229] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Nmieir] => C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [asodakaossd] => C:\Windows\system32\cmd.exe /c start C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs exit
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: J - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {04fce076-3e1a-11e3-a74f-d26d07903453} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {2c9ceed7-29c1-11e3-a920-e7f7cd4b444e} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {2c9ceeea-29c1-11e3-a920-e7f7cd4b444e} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {45a3320c-17a2-11e2-a055-e0ca94d3a8ce} - K:\Startme.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {55f6f378-4947-11e3-b106-fa34918c7b42} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {7044eccc-5bee-11e3-b795-f449e975705f} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {718dff0c-97a7-11e2-abff-d5cdff83c44c} - I:\.\StartModem.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {78964c0b-b57a-11e3-b0d8-bdfd6a6c1c5d} - I:\Startme.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {865683f8-29d0-11e3-9b79-a40b6eaf2453} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {86568401-29d0-11e3-9b79-a40b6eaf2453} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {8656842e-29d0-11e3-9b79-a40b6eaf2453} - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {8daa869d-3faa-11e3-9cbc-be96abe427e0} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {9d4f7615-5ca0-11e3-aa26-d843611f8958} - K:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {a34057ef-f2a8-11e1-915c-e0ca94d3a8ce} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {a34057fb-f2a8-11e1-915c-e26bbe348af0} - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {ac4fbbfb-866d-11e2-8174-ae1cf6392a4d} - K:\Setup.exe /Auto
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {c9c7ab72-5c28-11e3-8cd7-d60530e99d49} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {d4146a73-f4f8-11e1-b199-9796f84d2237} - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {f731169a-64be-11e3-9a1a-b1972d730cdc} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2613248 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187352 2014-07-29] (Client Connect LTD)
Startup: C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk
ShortcutTarget: asodakaossd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
BootExecute: autocheck autochk * K7TSDbg
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp&tc=5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0BE7553848CFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.in/
SearchScopes: HKCU - {735A1DDF-547C-4728-BF39-44A1796B03AF} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
BHO: K7 Web Protection -> {08B3B4B6-02DA-4658-8BA6-5974E3EBB03D} -> C:\Program Files\K7 Computing\K7TSecurity\K7SRExt.dll (K7 Computing Pvt Ltd)
BHO: SaveSense -> {2e32cfe5-df92-4ae5-b0be-609ed0df74a6} -> C:\Program Files\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: smartdownloader Class -> {F1AF26F8-1828-4279-ABCE-074EF3235BD7} -> C:\Program Files\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4/jinstall-14-win.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14-win.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{0AF44AA1-95DD-446F-8916-5EFC84D1C6FF}: [NameServer]10.80.213.136 27.251.58.195
Tcpip\..\Interfaces\{3000E3DF-8BBA-4993-8E46-B73BA9ED5927}: [NameServer]203.145.160.5 203.145.160.6
Tcpip\..\Interfaces\{C507F7E0-0303-4540-9BCD-353E26F75E35}: [NameServer]10.80.213.136 27.251.58.195
 
FireFox:
========
FF ProfilePath: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ir_14_31_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0DtA0Azz0C0Ezz0C0A0CtN0D0Tzu0SzyyEtBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtB0B0E0DzztA0AtGzy0EtBtDtGtD0ByC0FtGyC0AtD0FtGtC0B0CyBtDyEyDzztByB0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDtCyByEzzzztDtG0D0B0B0DtGyBtCtDyCtGyBzyyBtAtGtAzztB0F0F0FtA0EzyyDtDzz2Q&cr=979168657&ir=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @k7computing.com/k7webprotection -> C:\Program Files\\K7 Computing\K7TSecurity\npK7SRNPExt.dll (K7 Computing Pvt Ltd)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\user.js
FF SearchPlugin: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: websaave - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\iarozxd@aaozxueoau.co.uk [2014-03-03]
FF Extension: SaveSense - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} [2014-07-31]
FF Extension: Astromenda New Tab - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} [2014-07-31]
FF Extension: Default Tab - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\addon@defaulttab.com.xpi [2013-10-26]
FF Extension: PutLockerDownloader - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012-11-06]
FF HKLM\...\Firefox\Extensions: [k7srff@k7computing.com] - C:\Program Files\K7 Computing\K7TSecurity\K7SR
FF Extension: K7 WebProtection - C:\Program Files\K7 Computing\K7TSecurity\K7SR [2014-07-31]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files\WordWeb\WCaptureMoz [2012-08-29]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MB71B1EAB-48C3-42A7-9835-7D5C02616F2A&SearchSource=55&CUI=&UM=6&UP=&SSPV=SP21620TB_sp_ch", "hxxp://astromenda.com/?f=7&a=ast_ir_14_31_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0DtA0Azz0C0Ezz0C0A0CtN0D0Tzu0SzyyEtBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtB0B0E0DzztA0AtGzy0EtBtDtGtD0ByC0FtGyC0AtD0FtGtC0B0CyBtDyEyDzztByB0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDtCyByEzzzztDtG0D0B0B0DtGyBtCtDyCtGyBzyyBtAtGtAzztB0F0F0FtA0EzyyDtDzz2Q&cr=979168657&ir="
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ANU\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (K7 WebProtection) - C:\Users\ANU\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlpfamleaodfgmfnggonbfljhjggbdbe [2014-08-01]
CHR Extension: (Google Wallet) - C:\Users\ANU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Extutil) - C:\Users\ANU\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-07]
CHR Extension: (Managera) - C:\Users\ANU\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-07]
CHR HKLM\...\Chrome\Extension: [aaaaifmhgonleehnkppkhhchcbhhigac] - C:\Users\ANU\AppData\Local\koyotesoftmoviestoolbarha\GC\toolbar.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files\PutLockerDownloader\putlockerdownloader10.crx [2012-11-06]
CHR HKLM\...\Chrome\Extension: [dlpfamleaodfgmfnggonbfljhjggbdbe] - C:\Program Files\K7 Computing\K7TSecurity\K7SR\k7chrome.crx [2012-11-26]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2012-08-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Aircel. RunOuc; C:\Program Files\Aircel\UpdateDog\ouc.exe [655712 2013-12-03] ()
S2 airtel. RunOuc; C:\Program Files\airtel\UpdateDog\ouc.exe [246112 2013-09-30] ()
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [102400 2009-07-14] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2983896 2014-07-29] (Client Connect LTD)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [135680 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CscService; C:\Windows\System32\cscsvc.dll [544256 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] () [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [557056 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [801792 2012-10-23] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation) [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IKEEXT; C:\Windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation) [File not signed]
R2 K7CrvSvc; C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
R2 K7EmlPxy; C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe [154136 2013-04-02] (K7 Computing Pvt Ltd)
R2 K7FWSrvc; C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe [243736 2014-03-21] (K7 Computing Pvt Ltd)
R2 K7PSSrvc; C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe [336408 2014-03-18] (K7 Computing Pvt Ltd)
R2 K7RTScan; C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe [209432 2014-03-19] (K7 Computing Pvt Ltd)
S3 K7SpmSrc; C:\Program Files\K7 Computing\K7TSecurity\K7SpmSrc.exe [281216 2012-06-21] (K7 Computing Pvt Ltd)
R2 K7TSMngr; C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe [243872 2013-12-30] (K7 Computing Pvt Ltd)
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation) [File not signed]
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [294400 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [743424 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [316416 2009-07-14] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation) [File not signed]
R3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [154624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-06] ()
S3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-06] ()
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [348672 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation) [File not signed]
S2 DefaultTabUpdate; "C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe" [X]
S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\system32\DRIVERS\1394ohci.sys [163328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2009-07-14] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-14] (Microsoft Corporation) [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [387584 2009-07-14] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2009-07-14] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [350720 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [102784 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11136 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [73984 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [195200 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation) [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9023488 2010-07-28] (Intel Corporation) [File not signed]
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [132480 2010-02-26] (Intel Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
R0 K7FWHlpr; C:\Windows\System32\drivers\K7FWHlpr.sys [91424 2013-09-18] (K7 Computing Pvt Ltd)
R0 K7Sentry; C:\Windows\System32\drivers\K7Sentry.sys [1853600 2014-03-24] (K7 Computing Pvt Ltd)
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123392 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [221184 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [95744 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133120 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [177152 2012-02-15] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [5632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [309760 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [306688 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [113664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2012-02-15] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] (Microsoft Corporation) [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] (Microsoft Corporation) [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80640 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [41472 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [20480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [74752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [39040 2012-07-17] (MediaTek Inc.) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [34944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] (Microsoft Corporation) [File not signed]
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-07-30] (StdLib)
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 14:35 - 2014-08-07 14:36 - 00056404 _____ () C:\Users\ANU\Downloads\FRST.txt
2014-08-07 14:34 - 2014-08-07 14:35 - 00000000 ____D () C:\FRST
2014-08-07 14:34 - 2014-08-07 14:34 - 01084928 _____ (Farbar) C:\Users\ANU\Downloads\FRST (1).exe
2014-08-07 14:27 - 2014-08-07 14:27 - 01083468 _____ () C:\Users\ANU\Downloads\FRST.exe
2014-08-06 19:44 - 2014-08-06 19:44 - 205006635 _____ () C:\Windows\MEMORY.DMP
2014-08-03 12:04 - 2014-07-30 02:24 - 00052880 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-08-01 11:21 - 2014-08-01 11:21 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-31 17:41 - 2014-08-05 23:40 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2014-07-31 17:41 - 2014-07-31 17:41 - 00002056 _____ () C:\Users\Public\Desktop\K7TotalSecurity.lnk
2014-07-31 17:41 - 2014-07-31 17:41 - 00000000 ____D () C:\Users\ANU\AppData\Local\K7 Computing
2014-07-31 17:41 - 2014-03-24 10:04 - 01853600 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7Sentry.sys
2014-07-31 17:41 - 2013-09-18 17:15 - 00091424 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7FWHlpr.sys
2014-07-31 17:41 - 2009-04-18 21:00 - 00013600 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7TdiHlp.sys
2014-07-31 17:40 - 2014-07-31 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K7TotalSecurity
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\ProgramData\K7 Computing
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\Program Files\K7 Computing
2014-07-31 17:40 - 2011-12-29 10:08 - 00020064 _____ (K7 Computing Pvt. Ltd.) C:\Windows\system32\K7TSDbg.exe
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Program Files\SaveSense
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Program Files\SearchProtect
2014-07-31 17:29 - 2014-07-31 17:29 - 00699016 _____ (CNET Download.com) C:\Users\ANU\Downloads\cbsidlm-cbsi213-K7_TotalSecurity-SEO-10908644.exe
2014-07-31 17:25 - 2014-08-03 12:04 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-07-31 17:23 - 2014-07-31 17:23 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
2014-07-31 12:32 - 2014-07-31 12:32 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
2014-07-31 12:31 - 2014-07-31 12:31 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
2014-07-31 11:42 - 2014-07-31 11:42 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
2014-07-30 11:41 - 2014-07-30 11:41 - 00000610 _____ () C:\Users\ANU\AppData\Roaming\asfsgswasrga.exe
2014-07-23 07:21 - 2014-07-24 06:22 - 00000000 ____D () C:\Users\ANU\Desktop\New folder
2014-07-21 19:11 - 2014-07-26 12:04 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\dvdriversgpucpu
2014-07-21 19:04 - 2014-07-21 19:11 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
2014-07-20 21:10 - 2014-07-20 21:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
2014-07-19 13:46 - 2014-07-19 16:30 - 00011546 _____ () C:\Users\ANU\Downloads\CALCULATION.xlsx
2014-07-19 09:09 - 2014-07-19 09:10 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
2014-07-19 09:09 - 2014-07-19 09:09 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
2014-07-18 08:54 - 2014-07-18 08:54 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
2014-07-17 20:56 - 2014-08-07 13:41 - 00004398 _____ () C:\Windows\PFRO.log
2014-07-17 18:50 - 2014-07-31 17:27 - 00000000 ____D () C:\Program Files\Smadav
2014-07-17 18:50 - 2014-07-17 18:50 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Smadav
2014-07-16 09:05 - 2014-08-07 13:47 - 00008496 _____ () C:\Windows\setupact.log
2014-07-16 09:05 - 2014-07-16 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 14:15 - 2014-07-14 14:15 - 00009994 _____ () C:\Users\ANU\Downloads\E-cell students list.xlsx
2014-07-14 08:51 - 2014-07-14 08:51 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe
2014-07-10 09:10 - 2014-07-10 09:10 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwsesdasfwea.exe
2014-07-09 08:53 - 2014-07-09 08:53 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwesdasfwea.exe
2014-07-08 21:38 - 2014-07-04 06:30 - 00024221 _____ () C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 14:36 - 2014-08-07 14:35 - 00056404 _____ () C:\Users\ANU\Downloads\FRST.txt
2014-08-07 14:35 - 2014-08-07 14:34 - 00000000 ____D () C:\FRST
2014-08-07 14:34 - 2014-08-07 14:34 - 01084928 _____ (Farbar) C:\Users\ANU\Downloads\FRST (1).exe
2014-08-07 14:29 - 2012-08-29 23:56 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 14:27 - 2014-08-07 14:27 - 01083468 _____ () C:\Users\ANU\Downloads\FRST.exe
2014-08-07 14:26 - 2013-07-03 10:55 - 01324076 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 14:23 - 2012-11-06 12:52 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 14:03 - 2012-08-30 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 13:55 - 2009-07-14 07:34 - 00000505 _____ () C:\Windows\win.ini
2014-08-07 13:47 - 2014-07-16 09:05 - 00008496 _____ () C:\Windows\setupact.log
2014-08-07 13:46 - 2009-07-14 10:04 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:46 - 2009-07-14 10:04 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:42 - 2013-03-07 21:38 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Skype
2014-08-07 13:41 - 2014-07-17 20:56 - 00004398 _____ () C:\Windows\PFRO.log
2014-08-07 13:41 - 2012-11-06 12:52 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 13:41 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 10:55 - 2012-08-30 00:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-06 19:44 - 2014-08-06 19:44 - 205006635 _____ () C:\Windows\MEMORY.DMP
2014-08-06 19:44 - 2014-03-03 18:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 12:09 - 2013-10-26 20:56 - 00001108 __RSH () C:\Users\ANU\ntuser.pol
2014-08-06 12:09 - 2012-08-29 23:50 - 00000000 ____D () C:\Users\ANU
2014-08-06 10:02 - 2009-07-14 10:23 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 23:40 - 2014-07-31 17:41 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2014-08-05 22:36 - 2012-08-29 23:59 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\vlc
2014-08-05 19:36 - 2014-02-26 12:37 - 00000000 ____D () C:\ProgramData\websavE
2014-08-03 12:04 - 2014-07-31 17:25 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-08-01 11:25 - 2012-08-30 00:20 - 00066656 _____ () C:\Users\ANU\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:21 - 2014-08-01 11:21 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-01 09:59 - 2009-07-14 10:03 - 01632792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-31 17:41 - 2014-07-31 17:41 - 00002056 _____ () C:\Users\Public\Desktop\K7TotalSecurity.lnk
2014-07-31 17:41 - 2014-07-31 17:41 - 00000000 ____D () C:\Users\ANU\AppData\Local\K7 Computing
2014-07-31 17:41 - 2014-07-31 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K7TotalSecurity
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\ProgramData\K7 Computing
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\Program Files\K7 Computing
2014-07-31 17:40 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Help
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Program Files\SaveSense
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Program Files\SearchProtect
2014-07-31 17:29 - 2014-07-31 17:29 - 00699016 _____ (CNET Download.com) C:\Users\ANU\Downloads\cbsidlm-cbsi213-K7_TotalSecurity-SEO-10908644.exe
2014-07-31 17:27 - 2014-07-17 18:50 - 00000000 ____D () C:\Program Files\Smadav
2014-07-31 17:23 - 2014-07-31 17:23 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
2014-07-31 12:32 - 2014-07-31 12:32 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
2014-07-31 12:31 - 2014-07-31 12:31 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
2014-07-31 11:42 - 2014-07-31 11:42 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
2014-07-30 16:59 - 2013-08-19 15:55 - 00000000 __SHD () C:\[Smad-Cage]
2014-07-30 11:41 - 2014-07-30 11:41 - 00000610 _____ () C:\Users\ANU\AppData\Roaming\asfsgswasrga.exe
2014-07-30 02:24 - 2014-08-03 12:04 - 00052880 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-07-26 12:04 - 2014-07-21 19:11 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\dvdriversgpucpu
2014-07-24 06:22 - 2014-07-23 07:21 - 00000000 ____D () C:\Users\ANU\Desktop\New folder
2014-07-23 01:33 - 2014-03-27 21:21 - 00000005 _____ () C:\Windows\system32\SySCut.dat
2014-07-22 21:58 - 2014-05-03 12:53 - 00000000 ____D () C:\Users\ANU\Desktop\SIP REPT
2014-07-22 21:19 - 2014-03-25 18:29 - 00000000 ____D () C:\Users\ANU\AppData\Local\Windows Live
2014-07-21 19:11 - 2014-07-21 19:04 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
2014-07-20 21:10 - 2014-07-20 21:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
2014-07-19 16:30 - 2014-07-19 13:46 - 00011546 _____ () C:\Users\ANU\Downloads\CALCULATION.xlsx
2014-07-19 09:10 - 2014-07-19 09:09 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
2014-07-19 09:09 - 2014-07-19 09:09 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
2014-07-18 18:14 - 2012-08-30 00:08 - 00000000 ____D () C:\Users\ANU\Documents\Visual Studio 2008
2014-07-18 08:54 - 2014-07-18 08:54 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
2014-07-17 19:28 - 2012-08-07 12:18 - 00000000 ____D () C:\Users\ANU\Documents\Smadav
2014-07-17 18:50 - 2014-07-17 18:50 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Smadav
2014-07-16 09:05 - 2014-07-16 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 14:15 - 2014-07-14 14:15 - 00009994 _____ () C:\Users\ANU\Downloads\E-cell students list.xlsx
2014-07-14 10:00 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 08:51 - 2014-07-14 08:51 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe
2014-07-10 09:10 - 2014-07-10 09:10 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwsesdasfwea.exe
2014-07-09 08:53 - 2014-07-09 08:53 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwesdasfwea.exe
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 10:53
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by ANU (administrator) on ANU-PC on 07-08-2014 14:35:19
Running from C:\Users\ANU\Downloads
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\ProgramData\Aircel\OnlineUpdate\ouc.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\DefaultTab\DefaultTabSearch.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe
() C:\Program Files\Deal Keeper\updateDealKeeper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(K7 Computing Pvt Ltd) C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
() C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
() C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\airtel\airtel.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\ANU\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Policies\Explorer\Run: [Microsoft Driver Setup] => C:\Windows\yWdrive32.exe No File
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [eType] => C:\Users\ANU\AppData\Roaming\eType\eType.exe [1844 2012-10-24] ()
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Screen Saver Pro 3.1] => C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Hmieil] => C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [proxzy0229] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Nmieir] => C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Run: [asodakaossd] => C:\Windows\system32\cmd.exe /c start C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs exit
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: J - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {04fce076-3e1a-11e3-a74f-d26d07903453} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {2c9ceed7-29c1-11e3-a920-e7f7cd4b444e} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {2c9ceeea-29c1-11e3-a920-e7f7cd4b444e} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {45a3320c-17a2-11e2-a055-e0ca94d3a8ce} - K:\Startme.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {55f6f378-4947-11e3-b106-fa34918c7b42} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {7044eccc-5bee-11e3-b795-f449e975705f} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {718dff0c-97a7-11e2-abff-d5cdff83c44c} - I:\.\StartModem.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {78964c0b-b57a-11e3-b0d8-bdfd6a6c1c5d} - I:\Startme.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {865683f8-29d0-11e3-9b79-a40b6eaf2453} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {86568401-29d0-11e3-9b79-a40b6eaf2453} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {8656842e-29d0-11e3-9b79-a40b6eaf2453} - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {8daa869d-3faa-11e3-9cbc-be96abe427e0} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {9d4f7615-5ca0-11e3-aa26-d843611f8958} - K:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {a34057ef-f2a8-11e1-915c-e0ca94d3a8ce} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {a34057fb-f2a8-11e1-915c-e26bbe348af0} - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {ac4fbbfb-866d-11e2-8174-ae1cf6392a4d} - K:\Setup.exe /Auto
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {c9c7ab72-5c28-11e3-8cd7-d60530e99d49} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {d4146a73-f4f8-11e1-b199-9796f84d2237} - J:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\MountPoints2: {f731169a-64be-11e3-9a1a-b1972d730cdc} - I:\AutoRun.exe
HKU\S-1-5-21-3926738898-1164919332-210253149-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2613248 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187352 2014-07-29] (Client Connect LTD)
Startup: C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk
ShortcutTarget: asodakaossd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
BootExecute: autocheck autochk * K7TSDbg
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp&tc=5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0BE7553848CFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.in/
SearchScopes: HKCU - {735A1DDF-547C-4728-BF39-44A1796B03AF} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
BHO: K7 Web Protection -> {08B3B4B6-02DA-4658-8BA6-5974E3EBB03D} -> C:\Program Files\K7 Computing\K7TSecurity\K7SRExt.dll (K7 Computing Pvt Ltd)
BHO: SaveSense -> {2e32cfe5-df92-4ae5-b0be-609ed0df74a6} -> C:\Program Files\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: smartdownloader Class -> {F1AF26F8-1828-4279-ABCE-074EF3235BD7} -> C:\Program Files\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4/jinstall-14-win.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14-win.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{0AF44AA1-95DD-446F-8916-5EFC84D1C6FF}: [NameServer]10.80.213.136 27.251.58.195
Tcpip\..\Interfaces\{3000E3DF-8BBA-4993-8E46-B73BA9ED5927}: [NameServer]203.145.160.5 203.145.160.6
Tcpip\..\Interfaces\{C507F7E0-0303-4540-9BCD-353E26F75E35}: [NameServer]10.80.213.136 27.251.58.195
 
FireFox:
========
FF ProfilePath: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ir_14_31_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0DtA0Azz0C0Ezz0C0A0CtN0D0Tzu0SzyyEtBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtB0B0E0DzztA0AtGzy0EtBtDtGtD0ByC0FtGyC0AtD0FtGtC0B0CyBtDyEyDzztByB0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDtCyByEzzzztDtG0D0B0B0DtGyBtCtDyCtGyBzyyBtAtGtAzztB0F0F0FtA0EzyyDtDzz2Q&cr=979168657&ir=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @k7computing.com/k7webprotection -> C:\Program Files\\K7 Computing\K7TSecurity\npK7SRNPExt.dll (K7 Computing Pvt Ltd)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\user.js
FF SearchPlugin: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: websaave - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\iarozxd@aaozxueoau.co.uk [2014-03-03]
FF Extension: SaveSense - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} [2014-07-31]
FF Extension: Astromenda New Tab - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} [2014-07-31]
FF Extension: Default Tab - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\addon@defaulttab.com.xpi [2013-10-26]
FF Extension: PutLockerDownloader - C:\Users\ANU\AppData\Roaming\Mozilla\Firefox\Profiles\j5zl3uu7.default\Extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012-11-06]
FF HKLM\...\Firefox\Extensions: [k7srff@k7computing.com] - C:\Program Files\K7 Computing\K7TSecurity\K7SR
FF Extension: K7 WebProtection - C:\Program Files\K7 Computing\K7TSecurity\K7SR [2014-07-31]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files\WordWeb\WCaptureMoz [2012-08-29]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MB71B1EAB-48C3-42A7-9835-7D5C02616F2A&SearchSource=55&CUI=&UM=6&UP=&SSPV=SP21620TB_sp_ch", "hxxp://astromenda.com/?f=7&a=ast_ir_14_31_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0DtA0Azz0C0Ezz0C0A0CtN0D0Tzu0SzyyEtBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtB0B0E0DzztA0AtGzy0EtBtDtGtD0ByC0FtGyC0AtD0FtGtC0B0CyBtDyEyDzztByB0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtDtCyByEzzzztDtG0D0B0B0DtGyBtCtDyCtGyBzyyBtAtGtAzztB0F0F0FtA0EzyyDtDzz2Q&cr=979168657&ir="
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ANU\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (K7 WebProtection) - C:\Users\ANU\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlpfamleaodfgmfnggonbfljhjggbdbe [2014-08-01]
CHR Extension: (Google Wallet) - C:\Users\ANU\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Extutil) - C:\Users\ANU\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-07]
CHR Extension: (Managera) - C:\Users\ANU\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-07]
CHR HKLM\...\Chrome\Extension: [aaaaifmhgonleehnkppkhhchcbhhigac] - C:\Users\ANU\AppData\Local\koyotesoftmoviestoolbarha\GC\toolbar.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files\PutLockerDownloader\putlockerdownloader10.crx [2012-11-06]
CHR HKLM\...\Chrome\Extension: [dlpfamleaodfgmfnggonbfljhjggbdbe] - C:\Program Files\K7 Computing\K7TSecurity\K7SR\k7chrome.crx [2012-11-26]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2013-10-07]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2012-08-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Aircel. RunOuc; C:\Program Files\Aircel\UpdateDog\ouc.exe [655712 2013-12-03] ()
S2 airtel. RunOuc; C:\Program Files\airtel\UpdateDog\ouc.exe [246112 2013-09-30] ()
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [102400 2009-07-14] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2983896 2014-07-29] (Client Connect LTD)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [135680 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CscService; C:\Windows\System32\cscsvc.dll [544256 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] () [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [557056 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [801792 2012-10-23] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation) [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IKEEXT; C:\Windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation) [File not signed]
R2 K7CrvSvc; C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
R2 K7EmlPxy; C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe [154136 2013-04-02] (K7 Computing Pvt Ltd)
R2 K7FWSrvc; C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe [243736 2014-03-21] (K7 Computing Pvt Ltd)
R2 K7PSSrvc; C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe [336408 2014-03-18] (K7 Computing Pvt Ltd)
R2 K7RTScan; C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe [209432 2014-03-19] (K7 Computing Pvt Ltd)
S3 K7SpmSrc; C:\Program Files\K7 Computing\K7TSecurity\K7SpmSrc.exe [281216 2012-06-21] (K7 Computing Pvt Ltd)
R2 K7TSMngr; C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe [243872 2013-12-30] (K7 Computing Pvt Ltd)
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation) [File not signed]
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [294400 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [743424 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [316416 2009-07-14] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation) [File not signed]
R3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [154624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-06] ()
S3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-06] ()
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [348672 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation) [File not signed]
S2 DefaultTabUpdate; "C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe" [X]
S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\system32\DRIVERS\1394ohci.sys [163328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2009-07-14] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-14] (Microsoft Corporation) [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [387584 2009-07-14] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2009-07-14] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [350720 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [102784 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11136 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [73984 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [195200 2013-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation) [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9023488 2010-07-28] (Intel Corporation) [File not signed]
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [132480 2010-02-26] (Intel Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
R0 K7FWHlpr; C:\Windows\System32\drivers\K7FWHlpr.sys [91424 2013-09-18] (K7 Computing Pvt Ltd)
R0 K7Sentry; C:\Windows\System32\drivers\K7Sentry.sys [1853600 2014-03-24] (K7 Computing Pvt Ltd)
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123392 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [221184 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [95744 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133120 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [177152 2012-02-15] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [5632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [309760 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [306688 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [113664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2012-02-15] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] (Microsoft Corporation) [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] (Microsoft Corporation) [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80640 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [41472 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [20480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [74752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [39040 2012-07-17] (MediaTek Inc.) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [34944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] (Microsoft Corporation) [File not signed]
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-07-30] (StdLib)
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 14:35 - 2014-08-07 14:36 - 00056404 _____ () C:\Users\ANU\Downloads\FRST.txt
2014-08-07 14:34 - 2014-08-07 14:35 - 00000000 ____D () C:\FRST
2014-08-07 14:34 - 2014-08-07 14:34 - 01084928 _____ (Farbar) C:\Users\ANU\Downloads\FRST (1).exe
2014-08-07 14:27 - 2014-08-07 14:27 - 01083468 _____ () C:\Users\ANU\Downloads\FRST.exe
2014-08-06 19:44 - 2014-08-06 19:44 - 205006635 _____ () C:\Windows\MEMORY.DMP
2014-08-03 12:04 - 2014-07-30 02:24 - 00052880 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-08-01 11:21 - 2014-08-01 11:21 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-31 17:41 - 2014-08-05 23:40 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2014-07-31 17:41 - 2014-07-31 17:41 - 00002056 _____ () C:\Users\Public\Desktop\K7TotalSecurity.lnk
2014-07-31 17:41 - 2014-07-31 17:41 - 00000000 ____D () C:\Users\ANU\AppData\Local\K7 Computing
2014-07-31 17:41 - 2014-03-24 10:04 - 01853600 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7Sentry.sys
2014-07-31 17:41 - 2013-09-18 17:15 - 00091424 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7FWHlpr.sys
2014-07-31 17:41 - 2009-04-18 21:00 - 00013600 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7TdiHlp.sys
2014-07-31 17:40 - 2014-07-31 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K7TotalSecurity
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\ProgramData\K7 Computing
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\Program Files\K7 Computing
2014-07-31 17:40 - 2011-12-29 10:08 - 00020064 _____ (K7 Computing Pvt. Ltd.) C:\Windows\system32\K7TSDbg.exe
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Program Files\SaveSense
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Program Files\SearchProtect
2014-07-31 17:29 - 2014-07-31 17:29 - 00699016 _____ (CNET Download.com) C:\Users\ANU\Downloads\cbsidlm-cbsi213-K7_TotalSecurity-SEO-10908644.exe
2014-07-31 17:25 - 2014-08-03 12:04 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-07-31 17:23 - 2014-07-31 17:23 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
2014-07-31 12:32 - 2014-07-31 12:32 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
2014-07-31 12:31 - 2014-07-31 12:31 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
2014-07-31 11:42 - 2014-07-31 11:42 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
2014-07-30 11:41 - 2014-07-30 11:41 - 00000610 _____ () C:\Users\ANU\AppData\Roaming\asfsgswasrga.exe
2014-07-23 07:21 - 2014-07-24 06:22 - 00000000 ____D () C:\Users\ANU\Desktop\New folder
2014-07-21 19:11 - 2014-07-26 12:04 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\dvdriversgpucpu
2014-07-21 19:04 - 2014-07-21 19:11 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
2014-07-20 21:10 - 2014-07-20 21:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
2014-07-19 13:46 - 2014-07-19 16:30 - 00011546 _____ () C:\Users\ANU\Downloads\CALCULATION.xlsx
2014-07-19 09:09 - 2014-07-19 09:10 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
2014-07-19 09:09 - 2014-07-19 09:09 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
2014-07-18 08:54 - 2014-07-18 08:54 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
2014-07-17 20:56 - 2014-08-07 13:41 - 00004398 _____ () C:\Windows\PFRO.log
2014-07-17 18:50 - 2014-07-31 17:27 - 00000000 ____D () C:\Program Files\Smadav
2014-07-17 18:50 - 2014-07-17 18:50 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Smadav
2014-07-16 09:05 - 2014-08-07 13:47 - 00008496 _____ () C:\Windows\setupact.log
2014-07-16 09:05 - 2014-07-16 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 14:15 - 2014-07-14 14:15 - 00009994 _____ () C:\Users\ANU\Downloads\E-cell students list.xlsx
2014-07-14 08:51 - 2014-07-14 08:51 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe
2014-07-10 09:10 - 2014-07-10 09:10 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwsesdasfwea.exe
2014-07-09 08:53 - 2014-07-09 08:53 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwesdasfwea.exe
2014-07-08 21:38 - 2014-07-04 06:30 - 00024221 _____ () C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 14:36 - 2014-08-07 14:35 - 00056404 _____ () C:\Users\ANU\Downloads\FRST.txt
2014-08-07 14:35 - 2014-08-07 14:34 - 00000000 ____D () C:\FRST
2014-08-07 14:34 - 2014-08-07 14:34 - 01084928 _____ (Farbar) C:\Users\ANU\Downloads\FRST (1).exe
2014-08-07 14:29 - 2012-08-29 23:56 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 14:27 - 2014-08-07 14:27 - 01083468 _____ () C:\Users\ANU\Downloads\FRST.exe
2014-08-07 14:26 - 2013-07-03 10:55 - 01324076 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 14:23 - 2012-11-06 12:52 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 14:03 - 2012-08-30 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 13:55 - 2009-07-14 07:34 - 00000505 _____ () C:\Windows\win.ini
2014-08-07 13:47 - 2014-07-16 09:05 - 00008496 _____ () C:\Windows\setupact.log
2014-08-07 13:46 - 2009-07-14 10:04 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:46 - 2009-07-14 10:04 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:42 - 2013-03-07 21:38 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Skype
2014-08-07 13:41 - 2014-07-17 20:56 - 00004398 _____ () C:\Windows\PFRO.log
2014-08-07 13:41 - 2012-11-06 12:52 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 13:41 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 10:55 - 2012-08-30 00:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-06 19:44 - 2014-08-06 19:44 - 205006635 _____ () C:\Windows\MEMORY.DMP
2014-08-06 19:44 - 2014-03-03 18:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 12:09 - 2013-10-26 20:56 - 00001108 __RSH () C:\Users\ANU\ntuser.pol
2014-08-06 12:09 - 2012-08-29 23:50 - 00000000 ____D () C:\Users\ANU
2014-08-06 10:02 - 2009-07-14 10:23 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 23:40 - 2014-07-31 17:41 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2014-08-05 22:36 - 2012-08-29 23:59 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\vlc
2014-08-05 19:36 - 2014-02-26 12:37 - 00000000 ____D () C:\ProgramData\websavE
2014-08-03 12:04 - 2014-07-31 17:25 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-08-01 11:25 - 2012-08-30 00:20 - 00066656 _____ () C:\Users\ANU\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-01 11:21 - 2014-08-01 11:21 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-01 09:59 - 2009-07-14 10:03 - 01632792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-31 17:41 - 2014-07-31 17:41 - 00002056 _____ () C:\Users\Public\Desktop\K7TotalSecurity.lnk
2014-07-31 17:41 - 2014-07-31 17:41 - 00000000 ____D () C:\Users\ANU\AppData\Local\K7 Computing
2014-07-31 17:41 - 2014-07-31 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K7TotalSecurity
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\ProgramData\K7 Computing
2014-07-31 17:40 - 2014-07-31 17:40 - 00000000 ____D () C:\Program Files\K7 Computing
2014-07-31 17:40 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Help
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\Program Files\SaveSense
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
2014-07-31 17:31 - 2014-07-31 17:31 - 00000000 ____D () C:\Program Files\SearchProtect
2014-07-31 17:29 - 2014-07-31 17:29 - 00699016 _____ (CNET Download.com) C:\Users\ANU\Downloads\cbsidlm-cbsi213-K7_TotalSecurity-SEO-10908644.exe
2014-07-31 17:27 - 2014-07-17 18:50 - 00000000 ____D () C:\Program Files\Smadav
2014-07-31 17:23 - 2014-07-31 17:23 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
2014-07-31 12:32 - 2014-07-31 12:32 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
2014-07-31 12:31 - 2014-07-31 12:31 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
2014-07-31 11:42 - 2014-07-31 11:42 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
2014-07-30 16:59 - 2013-08-19 15:55 - 00000000 __SHD () C:\[Smad-Cage]
2014-07-30 11:41 - 2014-07-30 11:41 - 00000610 _____ () C:\Users\ANU\AppData\Roaming\asfsgswasrga.exe
2014-07-30 02:24 - 2014-08-03 12:04 - 00052880 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-07-26 12:04 - 2014-07-21 19:11 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\dvdriversgpucpu
2014-07-24 06:22 - 2014-07-23 07:21 - 00000000 ____D () C:\Users\ANU\Desktop\New folder
2014-07-23 01:33 - 2014-03-27 21:21 - 00000005 _____ () C:\Windows\system32\SySCut.dat
2014-07-22 21:58 - 2014-05-03 12:53 - 00000000 ____D () C:\Users\ANU\Desktop\SIP REPT
2014-07-22 21:19 - 2014-03-25 18:29 - 00000000 ____D () C:\Users\ANU\AppData\Local\Windows Live
2014-07-21 19:11 - 2014-07-21 19:04 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
2014-07-20 21:10 - 2014-07-20 21:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
2014-07-19 16:30 - 2014-07-19 13:46 - 00011546 _____ () C:\Users\ANU\Downloads\CALCULATION.xlsx
2014-07-19 09:10 - 2014-07-19 09:09 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
2014-07-19 09:09 - 2014-07-19 09:09 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
2014-07-18 18:14 - 2012-08-30 00:08 - 00000000 ____D () C:\Users\ANU\Documents\Visual Studio 2008
2014-07-18 08:54 - 2014-07-18 08:54 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
2014-07-17 19:28 - 2012-08-07 12:18 - 00000000 ____D () C:\Users\ANU\Documents\Smadav
2014-07-17 18:50 - 2014-07-17 18:50 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Smadav
2014-07-16 09:05 - 2014-07-16 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 14:15 - 2014-07-14 14:15 - 00009994 _____ () C:\Users\ANU\Downloads\E-cell students list.xlsx
2014-07-14 10:00 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 08:51 - 2014-07-14 08:51 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe
2014-07-10 09:10 - 2014-07-10 09:10 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwsesdasfwea.exe
2014-07-09 08:53 - 2014-07-09 08:53 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfgwesdasfwea.exe
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 10:53
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014
Ran by ANU at 2014-08-07 14:36:26
Running from C:\Users\ANU\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: K7TotalSecurity (Enabled - Out of date) {96053243-D4B1-7CB4-BBA0-4BFBC0A5A129}
AS: K7TotalSecurity (Enabled - Out of date) {2D64D3A7-F28B-733A-8110-7089BB22EB94}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: K7TotalSecurity (Enabled) {AE3EB366-9EDE-7DEC-90FF-E2CE3E76E652}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Aircel (HKLM\...\Aircel) (Version: 21.005.20.02.850 - Huawei Technologies Co.,Ltd)
airtel (HKLM\...\airtel) (Version: 21.005.20.01.284 - Huawei Technologies Co.,Ltd)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.42 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Crystal Reports Basic for Visual Studio 2008 (HKLM\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Deal Keeper (HKLM\...\Deal Keeper) (Version: 2014.07.31.102939 - Deal Keeper) <==== ATTENTION
DefaultTab (HKLM\...\DefaultTab) (Version: 2.3.3.0 - Search Results, LLC) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
D-Link Connection Manager v6.0.0IN (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version:  - )
Easy Audio Cutter V2.1 (HKLM\...\Easy Audio Cutter_is1) (Version: 2.1.0.0 - Koyote Soft)
Free Video Cutter Joiner 9.8 (HKLM\...\{8C5A4758-C782-4200-B337-DB3466D33ADD}}_is1) (Version: 9.8 - DVDVideoMedia, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Java 2 Runtime Environment Standard Edition v1.4 (HKLM\...\JRE 1.4.0) (Version:  - )
Java 2 SDK Standard Edition v1.4.0 (HKLM\...\Java 2 SDK Standard Edition v1.4.0) (Version:  - )
Java Servlet Development Kit 2.0 (HKLM\...\JSDK2.0) (Version:  - )
Java Web Start (HKLM\...\Java Web Start) (Version:  - )
K7TotalSecurity (HKLM\...\K7TotalSecurity) (Version: 13.00 - K7 Computing Pvt Ltd)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Device Emulator version 3.0 - ENU (HKLM\...\{B32E7732-B2FB-3FD0-81AC-6025B1104C66}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Movies Toolbar for Chrome (Dist. by Koyote-Lab, Inc.) (HKLM\...\koyotesoftmoviestoolbarhaCR) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 13.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 13.0.1 (x86 en-GB)) (Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MP3 Cutter Joiner 1.17 (HKLM\...\MP3 Cutter Joiner_is1) (Version:  - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Need for Speed™ SHIFT (HKLM\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
Nuance PDF Reader (HKLM\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
NVIDIA PhysX (HKLM\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)
Photo Common (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PutLockerDownloader (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - PutLockerDownloader.com) <==== ATTENTION
SaveSense (remove only) (HKLM\...\SaveSense) (Version: 5.3.0.7 - SaveSense) <==== ATTENTION
Search Protect (HKLM\...\SearchProtect) (Version: 2.16.20.149 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (HKLM\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB972221) (Version: 1 - Microsoft Corporation)
Updater Service (HKLM\...\Updater Service) (Version: 14,12,8,9 - ) <==== ATTENTION
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022 - Microsoft Corporation) Hidden
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
websavE (HKLM\...\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}) (Version: 4.3.0.1718 - websave) <==== ATTENTION
Windows Live Communications Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WordWeb (HKLM\...\WordWeb) (Version: 6 - WordWeb Software)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 5.1.20.0121 - Xilisoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
06-08-2014 15:00:58 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1141D774-7512-42AC-A5CE-505332C93F21} - System32\Tasks\DTReg => C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\DTReg.exe [2014-02-14] (Search Results, LLC) <==== ATTENTION
Task: {3BFFEAA3-920B-47D3-9237-B3095C4132BD} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {54811534-346A-42E7-A4DC-E5721A6857F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: {6E99CFEA-9219-4CB9-9BEA-6B083F8DA90B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: {6FCFF41C-91F2-4870-BE3F-1DED6ABF60F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-22] (Adobe Systems Incorporated)
Task: {C6E7BF93-DB56-4104-9B34-73A75AFCA355} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-05-15] (Search Results, LLC)
Task: {F0C4A605-409B-402E-AE8E-95EE672A9E55} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-25] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-30 16:47 - 2013-12-03 19:14 - 00655712 _____ () C:\ProgramData\Aircel\OnlineUpdate\ouc.exe
2013-09-30 16:47 - 2013-09-30 16:45 - 00011362 _____ () C:\ProgramData\Aircel\OnlineUpdate\mingwm10.dll
2013-09-30 16:47 - 2013-09-30 16:45 - 00043008 _____ () C:\ProgramData\Aircel\OnlineUpdate\libgcc_s_dw2-1.dll
2013-09-30 16:47 - 2013-09-30 16:45 - 02415104 _____ () C:\ProgramData\Aircel\OnlineUpdate\QtCore4.dll
2013-09-30 16:47 - 2013-09-30 16:45 - 01148416 _____ () C:\ProgramData\Aircel\OnlineUpdate\QtNetwork4.dll
2013-09-30 16:47 - 2013-09-30 16:45 - 00835072 _____ () C:\ProgramData\Aircel\OnlineUpdate\QueryStrategy.dll
2013-09-30 16:47 - 2013-09-30 16:45 - 00398336 _____ () C:\ProgramData\Aircel\OnlineUpdate\QtXml4.dll
2012-08-30 19:36 - 2013-09-30 18:39 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2012-08-30 19:36 - 2012-08-30 19:35 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2012-08-30 19:36 - 2012-08-30 19:35 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2012-08-30 19:36 - 2012-08-30 19:35 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2012-08-30 19:36 - 2012-08-30 19:35 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2012-08-30 19:36 - 2012-08-30 19:35 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2012-08-30 19:36 - 2012-08-30 19:35 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-10-07 22:24 - 2013-10-07 22:24 - 00573952 _____ () C:\Program Files\DefaultTab\DefaultTabSearch.exe
2011-03-14 20:57 - 2011-03-14 20:57 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-07-31 15:59 - 2014-08-06 18:37 - 00323320 _____ () C:\Program Files\Deal Keeper\updateDealKeeper.exe
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-30 00:02 - 2007-05-05 11:40 - 00128512 _____ () C:\Program Files\WinRar\rarext.dll
2012-08-29 23:59 - 2011-03-15 20:03 - 00022800 ____N () C:\Program Files\WordWeb\WUCNT.dll
2014-08-03 12:02 - 2014-08-06 18:36 - 00323320 _____ () C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe
2014-07-22 01:27 - 2014-07-15 14:54 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-22 01:27 - 2014-07-15 14:54 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-22 01:27 - 2014-07-15 14:54 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-22 01:27 - 2014-07-15 14:54 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-22 01:27 - 2014-07-15 14:54 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-03 12:04 - 2014-08-06 18:56 - 00096504 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
2014-08-03 12:04 - 2014-08-06 06:26 - 00239352 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe
2014-07-22 01:27 - 2014-07-15 14:54 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00514048 _____ () C:\Program Files\airtel\airtel.exe
2013-09-30 18:39 - 2013-09-30 18:39 - 00430080 _____ () C:\Program Files\airtel\core.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00264192 _____ () C:\Program Files\airtel\sdk.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 02415104 _____ () C:\Program Files\airtel\QtCore4.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00011362 _____ () C:\Program Files\airtel\mingwm10.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00043008 _____ () C:\Program Files\airtel\libgcc_s_dw2-1.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 09515520 _____ () C:\Program Files\airtel\QtGui4.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00382464 _____ () C:\Program Files\airtel\Proxy.DLL
2013-09-30 18:39 - 2013-09-30 18:39 - 00218112 _____ () C:\Program Files\airtel\Common.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00135168 _____ () C:\Program Files\airtel\Trace.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00545280 _____ () C:\Program Files\airtel\PluginContainer.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00238080 _____ () C:\Program Files\airtel\AtCodec.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00304128 _____ () C:\Program Files\airtel\DeviceSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00238080 _____ () C:\Program Files\airtel\NetSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00133120 _____ () C:\Program Files\airtel\OSDialup.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00160256 _____ () C:\Program Files\airtel\XCodec.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00157184 _____ () C:\Program Files\airtel\DataServicePlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00176128 _____ () C:\Program Files\airtel\CallSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00264704 _____ () C:\Program Files\airtel\AddrBookSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00217600 _____ () C:\Program Files\airtel\SmsSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00142336 _____ () C:\Program Files\airtel\USSDSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00156672 _____ () C:\Program Files\airtel\STKSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00339968 _____ () C:\Program Files\airtel\DeviceAppPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00065536 _____ () C:\Program Files\airtel\OSPowerMgr.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00114688 _____ () C:\Program Files\airtel\Win7Support.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 01078272 _____ () C:\Program Files\airtel\AddrBookPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00670720 _____ () C:\Program Files\airtel\SmsAppPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00182272 _____ () C:\Program Files\airtel\CallAppPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00547840 _____ () C:\Program Files\airtel\CallLogSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00158720 _____ () C:\Program Files\airtel\NetConnectSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00211968 _____ () C:\Program Files\airtel\DialUpPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00101888 _____ () C:\Program Files\airtel\OSAdapt.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00180736 _____ () C:\Program Files\airtel\NDISPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00131072 _____ () C:\Program Files\airtel\OSNDIS.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 01101824 _____ () C:\Program Files\airtel\NDISAPI.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00278528 _____ () C:\Program Files\airtel\NetInfoSrvPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00062976 _____ () C:\Program Files\airtel\OSCall.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00539648 _____ () C:\Program Files\airtel\DeviceMgrUIPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00398336 _____ () C:\Program Files\airtel\QtXml4.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00123392 _____ () C:\Program Files\airtel\ATR2SMgr.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00183808 _____ () C:\Program Files\airtel\XFramePlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00310784 _____ () C:\Program Files\airtel\StatusBarMgrPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00117760 _____ () C:\Program Files\airtel\LayoutPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00441856 _____ () C:\Program Files\airtel\DialupUIPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00093184 _____ () C:\Program Files\airtel\NotifyServicePlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00335360 _____ () C:\Program Files\airtel\NetConnectPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00296960 _____ () C:\Program Files\airtel\MenuMgrPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00393216 _____ () C:\Program Files\airtel\USSDUIPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00824832 _____ () C:\Program Files\airtel\SMSUIPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00771584 _____ () C:\Program Files\airtel\AddrBookUIPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00485888 _____ () C:\Program Files\airtel\NetInfoUIExPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00209408 _____ () C:\Program Files\airtel\ToolBarMgrPlugin.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00082944 _____ () C:\Program Files\airtel\plugins\imageformats\qgif4.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00081920 _____ () C:\Program Files\airtel\plugins\imageformats\qico4.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00192000 _____ () C:\Program Files\airtel\plugins\imageformats\qjpeg4.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00350720 _____ () C:\Program Files\airtel\plugins\imageformats\qmng4.dll
2013-09-30 18:39 - 2013-09-30 18:39 - 00370176 _____ () C:\Program Files\airtel\plugins\imageformats\qtiff4.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2014 02:29:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/07/2014 02:29:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/07/2014 02:27:47 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (08/07/2014 01:46:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/07/2014 01:46:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/07/2014 01:11:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/07/2014 01:11:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/07/2014 11:27:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/07/2014 11:27:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/07/2014 10:54:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ytd.exe version 4.8.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2634
 
Start Time: 01cfb1fbe4f86ea5
 
Termination Time: 29
 
Application Path: C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
 
Report Id: 128580a8-1df3-11e4-88d8-c5ad6872292d
 
 
System errors:
=============
Error: (08/07/2014 01:41:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Updater Service service failed to start due to the following error: 
%%2
 
Error: (08/07/2014 01:41:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DefaultTabUpdate service failed to start due to the following error: 
%%2
 
Error: (08/07/2014 01:41:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel. OUC service failed to start due to the following error: 
%%1053
 
Error: (08/07/2014 01:41:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel. OUC service to connect.
 
Error: (08/07/2014 01:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Aircel. OUC service failed to start due to the following error: 
%%1053
 
Error: (08/07/2014 01:41:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.
 
Error: (08/07/2014 01:09:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (08/07/2014 01:09:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (08/07/2014 01:09:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (08/07/2014 01:09:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
 
Microsoft Office Sessions:
=========================
Error: (08/07/2014 02:29:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/07/2014 02:29:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/07/2014 02:27:47 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\ANU\Downloads\FRST.exeC:\Users\ANU\Downloads\FRST.exe0
 
Error: (08/07/2014 01:46:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/07/2014 01:46:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/07/2014 01:11:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/07/2014 01:11:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/07/2014 11:27:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/07/2014 11:27:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/07/2014 10:54:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ytd.exe4.8.1.3263401cfb1fbe4f86ea529C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe128580a8-1df3-11e4-88d8-c5ad6872292d
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-07 14:34:23.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 13:37:04.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 13:28:59.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 13:08:55.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 11:55:46.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 11:45:24.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 21:29:50.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 21:17:19.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 21:07:16.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 19:51:01.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\K7 Computing\K7TSecurity\K7Crvr.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 79%
Total physical RAM: 1909.86 MB
Available physical RAM: 398.48 MB
Total Pagefile: 3819.72 MB
Available Pagefile: 1270.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.53 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:58.59 GB) (Free:12.63 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:87.89 GB) (Free:14.22 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:93.01 GB) (Free:24.78 GB) NTFS
Drive f: () (Fixed) (Total:58.5 GB) (Free:12.79 GB) NTFS
Drive g: (Aug 06 2014) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF
Drive i: (airtel) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D6694B24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=181 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#7 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 07 August 2014 - 04:25 AM

i thank you really for helping me...



#8 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 07 August 2014 - 04:35 AM

i am not able to run aswMBR..please help me



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 07 August 2014 - 04:36 AM

skip aswMBR:

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 10 August 2014 - 01:15 AM

hi... i first downloaded the above mentioned rootkit but unfortunately i stopped the scan ,later i colud not scan further...moreover now when ever i start my system i get a blue screen with lot of messages in it ...and it is aslo recommending to repair the system before start....please do help me 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 12 August 2014 - 06:04 AM

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 12 August 2014 - 08:54 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-08-2014
Ran by SYSTEM on MININT-KHCG9K4 on 12-08-2014 19:20:33
Running from i:\
Platform: Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2009-07-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [Microsoft Driver Setup] => C:\Windows\yWdrive32.exe No File
HKU\ANU\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [65216 2009-11-08] (WordWeb Software)
HKU\ANU\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\ANU\...\Run: [eType] => C:\Users\ANU\AppData\Roaming\eType\eType.exe [1844 2012-10-23] ()
HKU\ANU\...\Run: [Screen Saver Pro 3.1] => C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr
HKU\ANU\...\Run: [Hmieil] => C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe
HKU\ANU\...\Run: [proxzy0229] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
HKU\ANU\...\Run: [Nmieir] => C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe
HKU\ANU\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\ANU\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-07] (Skype Technologies S.A.)
HKU\ANU\...\Run: [asodakaossd] => C:\Windows\system32\cmd.exe /c start C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs exit
HKU\ANU\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2613248 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187352 2014-07-28] (Client Connect LTD)
Startup: C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk
ShortcutTarget: asodakaossd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
BootExecute: autocheck autochk * K7TSDbg
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Aircel. RunOuc; C:\Program Files\Aircel\UpdateDog\ouc.exe [655712 2013-12-03] ()
S2 airtel. RunOuc; C:\Program Files\airtel\UpdateDog\ouc.exe [246112 2013-09-30] ()
S2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2983896 2014-07-28] (Client Connect LTD)
S2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 K7CrvSvc; C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
S2 K7EmlPxy; C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe [154136 2013-04-02] (K7 Computing Pvt Ltd)
S2 K7FWSrvc; C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe [243736 2014-03-20] (K7 Computing Pvt Ltd)
S2 K7PSSrvc; C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe [336408 2014-03-18] (K7 Computing Pvt Ltd)
S2 K7RTScan; C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe [209432 2014-03-19] (K7 Computing Pvt Ltd)
S3 K7SpmSrc; C:\Program Files\K7 Computing\K7TSecurity\K7SpmSrc.exe [281216 2012-06-21] (K7 Computing Pvt Ltd)
S2 K7TSMngr; C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe [243872 2013-12-30] (K7 Computing Pvt Ltd)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-06] (Microsoft Corporation)
S2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-10] ()
S2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-10] ()
S2 DefaultTabUpdate; "C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe" [X]
S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2013-12-03] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2013-12-03] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2013-12-03] (Huawei Technologies Co., Ltd.)
S0 K7FWHlpr; C:\Windows\System32\drivers\K7FWHlpr.sys [91424 2013-09-18] (K7 Computing Pvt Ltd)
S0 K7Sentry; C:\Windows\System32\drivers\K7Sentry.sys [1853600 2014-03-23] (K7 Computing Pvt Ltd)
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [39040 2012-07-17] (MediaTek Inc.)
S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-07-29] (StdLib)
S3 ztemtusbser; system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 00:05 - 2014-08-10 00:05 - 00137816 _____ () C:\Windows\Minidump\081014-14180-01.dmp
2014-08-07 01:06 - 2014-08-07 01:07 - 00040357 _____ () C:\Users\ANU\Downloads\Addition.txt
2014-08-07 01:05 - 2014-08-07 01:07 - 00068853 _____ () C:\Users\ANU\Downloads\FRST.txt
2014-08-07 01:04 - 2014-08-12 19:20 - 00000000 ____D () C:\FRST
2014-08-02 22:34 - 2014-07-29 12:54 - 00052880 _____ (StdLib) C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-07-31 21:51 - 2014-07-31 21:51 - 00018872 _____ () C:\Windows\System32\Drivers\SPPD.sys
2014-07-31 04:11 - 2014-08-05 10:10 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2014-07-31 04:11 - 2014-07-31 04:11 - 00002056 _____ () C:\Users\Public\Desktop\K7TotalSecurity.lnk
2014-07-31 04:11 - 2014-07-31 04:11 - 00000000 ____D () C:\Users\ANU\AppData\Local\K7 Computing
2014-07-31 04:11 - 2014-03-23 20:34 - 01853600 _____ (K7 Computing Pvt Ltd) C:\Windows\System32\Drivers\K7Sentry.sys
2014-07-31 04:11 - 2013-09-18 03:45 - 00091424 _____ (K7 Computing Pvt Ltd) C:\Windows\System32\Drivers\K7FWHlpr.sys
2014-07-31 04:11 - 2009-04-18 07:30 - 00013600 _____ (K7 Computing Pvt Ltd) C:\Windows\System32\Drivers\K7TdiHlp.sys
2014-07-31 04:10 - 2014-07-31 04:10 - 00000000 ____D () C:\ProgramData\K7 Computing
2014-07-31 04:10 - 2014-07-31 04:10 - 00000000 ____D () C:\Program Files\K7 Computing
2014-07-31 04:10 - 2011-12-28 20:38 - 00020064 _____ (K7 Computing Pvt. Ltd.) C:\Windows\System32\K7TSDbg.exe
2014-07-31 04:02 - 2014-07-31 04:02 - 00000000 ____D () C:\Program Files\SaveSense
2014-07-31 04:01 - 2014-07-31 04:01 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
2014-07-31 04:01 - 2014-07-31 04:01 - 00000000 ____D () C:\Program Files\SearchProtect
2014-07-31 03:59 - 2014-07-31 03:59 - 00699016 _____ (CNET Download.com) C:\Users\ANU\Downloads\cbsidlm-cbsi213-K7_TotalSecurity-SEO-10908644.exe
2014-07-31 03:55 - 2014-08-10 00:29 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-07-31 03:53 - 2014-07-31 03:53 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
2014-07-30 23:02 - 2014-07-30 23:02 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
2014-07-30 23:01 - 2014-07-30 23:01 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
2014-07-30 22:12 - 2014-07-30 22:12 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
2014-07-29 22:11 - 2014-07-29 22:11 - 00000610 _____ () C:\Users\ANU\AppData\Roaming\asfsgswasrga.exe
2014-07-22 17:51 - 2014-07-23 16:52 - 00000000 ____D () C:\Users\ANU\Desktop\New folder
2014-07-21 05:41 - 2014-07-25 22:34 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\dvdriversgpucpu
2014-07-21 05:34 - 2014-07-21 05:41 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
2014-07-20 07:40 - 2014-07-20 07:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-19 04:14 - 2014-07-19 04:14 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
2014-07-19 00:16 - 2014-07-19 03:00 - 00011546 _____ () C:\Users\ANU\Downloads\CALCULATION.xlsx
2014-07-18 19:39 - 2014-07-18 19:40 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
2014-07-18 19:39 - 2014-07-18 19:39 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
2014-07-17 19:24 - 2014-07-17 19:24 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
2014-07-17 07:26 - 2014-07-31 20:29 - 00001170 _____ () C:\Windows\PFRO.log
2014-07-17 05:20 - 2014-07-31 03:57 - 00000000 ____D () C:\Program Files\Smadav
2014-07-17 05:20 - 2014-07-17 05:20 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Smadav
2014-07-15 19:35 - 2014-08-10 00:05 - 00006740 _____ () C:\Windows\setupact.log
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 00:45 - 2014-07-14 00:45 - 00009994 _____ () C:\Users\ANU\Downloads\E-cell students list.xlsx
2014-07-13 19:21 - 2014-07-13 19:21 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 19:20 - 2014-08-07 01:04 - 00000000 ____D () C:\FRST
2014-08-10 21:51 - 2013-08-06 22:16 - 00000000 ____D () C:\users\Administrator
2014-08-10 21:51 - 2012-08-29 10:20 - 00000000 ____D () C:\users\ANU
2014-08-10 21:51 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2014-08-10 21:51 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2014-08-10 13:33 - 2013-03-07 08:08 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Skype
2014-08-10 13:33 - 2012-08-29 11:52 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\FLEXnet
2014-08-10 13:33 - 2012-08-29 10:29 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\vlc
2014-08-10 13:32 - 2014-05-05 03:19 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-08-10 04:42 - 2013-07-02 21:25 - 01324424 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 00:29 - 2014-07-31 03:55 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-08-10 00:14 - 2009-07-13 20:34 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 00:14 - 2009-07-13 20:34 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 00:14 - 2009-07-13 18:04 - 00000505 _____ () C:\Windows\win.ini
2014-08-10 00:12 - 2012-08-29 10:26 - 00006206 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-10 00:05 - 2014-08-10 00:05 - 00137816 _____ () C:\Windows\Minidump\081014-14180-01.dmp
2014-08-10 00:05 - 2014-07-15 19:35 - 00006740 _____ () C:\Windows\setupact.log
2014-08-10 00:05 - 2014-03-03 04:45 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 21:14 - 2009-07-13 23:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-07 01:07 - 2014-08-07 01:06 - 00040357 _____ () C:\Users\ANU\Downloads\Addition.txt
2014-08-07 01:07 - 2014-08-07 01:05 - 00068853 _____ () C:\Users\ANU\Downloads\FRST.txt
2014-08-05 22:39 - 2013-10-26 07:26 - 00001108 __RSH () C:\Users\ANU\ntuser.pol
2014-08-05 10:27 - 2012-08-29 10:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-05 10:10 - 2014-07-31 04:11 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2014-08-05 06:06 - 2014-02-25 23:07 - 00000000 ____D () C:\ProgramData\websavE
2014-07-31 21:55 - 2012-08-29 10:50 - 00066656 _____ () C:\Users\ANU\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 21:51 - 2014-07-31 21:51 - 00018872 _____ () C:\Windows\System32\Drivers\SPPD.sys
2014-07-31 20:29 - 2014-07-17 07:26 - 00001170 _____ () C:\Windows\PFRO.log
2014-07-31 20:29 - 2009-07-13 20:33 - 01632792 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-31 04:11 - 2014-07-31 04:11 - 00002056 _____ () C:\Users\Public\Desktop\K7TotalSecurity.lnk
2014-07-31 04:11 - 2014-07-31 04:11 - 00000000 ____D () C:\Users\ANU\AppData\Local\K7 Computing
2014-07-31 04:10 - 2014-07-31 04:10 - 00000000 ____D () C:\ProgramData\K7 Computing
2014-07-31 04:10 - 2014-07-31 04:10 - 00000000 ____D () C:\Program Files\K7 Computing
2014-07-31 04:10 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Help
2014-07-31 04:02 - 2014-07-31 04:02 - 00000000 ____D () C:\Program Files\SaveSense
2014-07-31 04:01 - 2014-07-31 04:01 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
2014-07-31 04:01 - 2014-07-31 04:01 - 00000000 ____D () C:\Program Files\SearchProtect
2014-07-31 03:59 - 2014-07-31 03:59 - 00699016 _____ (CNET Download.com) C:\Users\ANU\Downloads\cbsidlm-cbsi213-K7_TotalSecurity-SEO-10908644.exe
2014-07-31 03:57 - 2014-07-17 05:20 - 00000000 ____D () C:\Program Files\Smadav
2014-07-31 03:53 - 2014-07-31 03:53 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
2014-07-30 23:02 - 2014-07-30 23:02 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
2014-07-30 23:01 - 2014-07-30 23:01 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
2014-07-30 22:12 - 2014-07-30 22:12 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
2014-07-30 03:29 - 2013-08-19 02:25 - 00000000 __SHD () C:\[Smad-Cage]
2014-07-29 22:11 - 2014-07-29 22:11 - 00000610 _____ () C:\Users\ANU\AppData\Roaming\asfsgswasrga.exe
2014-07-29 12:54 - 2014-08-02 22:34 - 00052880 _____ (StdLib) C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-07-25 22:34 - 2014-07-21 05:41 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\dvdriversgpucpu
2014-07-23 16:52 - 2014-07-22 17:51 - 00000000 ____D () C:\Users\ANU\Desktop\New folder
2014-07-22 12:03 - 2014-03-27 07:51 - 00000005 _____ () C:\Windows\System32\SySCut.dat
2014-07-22 08:28 - 2014-05-02 23:23 - 00000000 ____D () C:\Users\ANU\Desktop\SIP REPT
2014-07-22 07:49 - 2014-03-25 04:59 - 00000000 ____D () C:\Users\ANU\AppData\Local\Windows Live
2014-07-21 05:41 - 2014-07-21 05:34 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
2014-07-20 07:40 - 2014-07-20 07:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-19 04:14 - 2014-07-19 04:14 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
2014-07-19 03:00 - 2014-07-19 00:16 - 00011546 _____ () C:\Users\ANU\Downloads\CALCULATION.xlsx
2014-07-18 19:40 - 2014-07-18 19:39 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
2014-07-18 19:39 - 2014-07-18 19:39 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
2014-07-18 04:44 - 2012-08-29 10:38 - 00000000 ____D () C:\Users\ANU\Documents\Visual Studio 2008
2014-07-17 19:24 - 2014-07-17 19:24 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
2014-07-17 05:58 - 2012-08-06 22:48 - 00000000 ____D () C:\Users\ANU\Documents\Smadav
2014-07-17 05:20 - 2014-07-17 05:20 - 00000000 ____D () C:\Users\ANU\AppData\Roaming\Smadav
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 00:45 - 2014-07-14 00:45 - 00009994 _____ () C:\Users\ANU\Downloads\E-cell students list.xlsx
2014-07-13 20:30 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-07-13 19:21 - 2014-07-13 19:21 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\ANU\AppData\Local\Temp\DW20.EXE_0001.exe
C:\Users\ANU\AppData\Local\Temp\FL_ReportViewer_exe_141105_141105_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.exe
C:\Users\ANU\AppData\Local\Temp\FL_vcredist_x86_exe_132136_132136_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.exe
C:\Users\ANU\AppData\Local\Temp\ICReinstall_KingsoftOffice_ins.exe
C:\Users\ANU\AppData\Local\Temp\MSOHTMED.EXE.x86.exe
C:\Users\ANU\AppData\Local\Temp\MSOXMLED.EXE.x86.exe
C:\Users\ANU\AppData\Local\Temp\{6C9A3A6C-DB99-4EE7-96F4-03FD49ADDF04}-36.0.1985.125_35.0.1916.153_chrome_updater.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-08-10 04:42:50

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 1909.86 MB
Available physical RAM: 1477.83 MB
Total Pagefile: 1909.86 MB
Available Pagefile: 1480.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:12.35 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:87.89 GB) (Free:14.22 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:93.01 GB) (Free:24.78 GB) NTFS
Drive f: () (Fixed) (Total:58.5 GB) (Free:12.79 GB) NTFS
Drive h: (Aug 06 2014) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF
Drive i: (TRANSCEND) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D6694B24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=181 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2014-08-06 21:23

==================== End Of Log ============================

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 12 August 2014 - 09:13 AM

Fix with FRST (Recovery Environment)

 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2009-07-13] (Microsoft Corporation)
    HKLM\...\Policies\Explorer\Run: [Microsoft Driver Setup] => C:\Windows\yWdrive32.exe No File
    HKU\ANU\...\Run: [eType] => C:\Users\ANU\AppData\Roaming\eType\eType.exe [1844 2012-10-23] ()
    HKU\ANU\...\Run: [Screen Saver Pro 3.1] => C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr
    HKU\ANU\...\Run: [Hmieil] => C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe
    HKU\ANU\...\Run: [proxzy0229] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
    HKU\ANU\...\Run: [Nmieir] => C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe
    HKU\ANU\...\Run: [asodakaossd] => C:\Windows\system32\cmd.exe /c start C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs exit
    HKU\ANU\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2613248 2009-07-13] (Microsoft Corporation) <==== ATTENTION
    AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187352 2014-07-28] (Client Connect LTD)
    Startup: C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk
    ShortcutTarget: asodakaossd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    
    S2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2983896 2014-07-28] (Client Connect LTD)
    S2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
    S2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-10] ()
    S2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-10] ()
    S2 DefaultTabUpdate; "C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe" [X]
    S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [X]
    S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-07-29] (StdLib)
    
    C:\Windows\yWdrive32.exe
    C:\Users\ANU\AppData\Roaming\eType
    C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr
    C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe
    C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
    C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe
    C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs
    C:\Program Files\SearchProtect
    c:\program files\movies toolbar
    C:\Program Files\DefaultTab
    C:\Program Files\Deal Keeper
    C:\Users\ANU\AppData\Roaming\defaulttab
    C:\ProgramData\IBUpdaterService
    C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
    2014-07-31 04:02 - 2014-07-31 04:02 - 00000000 ____D () C:\Program Files\SaveSense
    2014-07-31 04:01 - 2014-07-31 04:01 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
    2014-07-21 05:34 - 2014-07-21 05:41 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
    2014-07-19 04:14 - 2014-07-19 04:14 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
    2014-07-18 19:39 - 2014-07-18 19:40 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
    2014-07-18 19:39 - 2014-07-18 19:39 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
    2014-07-17 19:24 - 2014-07-17 19:24 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
    2014-07-13 19:21 - 2014-07-13 19:21 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe
    2014-08-05 06:06 - 2014-02-25 23:07 - 00000000 ____D () C:\ProgramData\websavE
    2014-07-31 03:53 - 2014-07-31 03:53 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
    2014-07-30 23:02 - 2014-07-30 23:02 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
    2014-07-30 23:01 - 2014-07-30 23:01 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
    2014-07-30 22:12 - 2014-07-30 22:12 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
     
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Try to boot into windows now!

 

When done, do the following - else, reply to me:

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Edited by TB-Psychotic, 12 August 2014 - 09:14 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 12 August 2014 - 11:10 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-08-2014
Ran by SYSTEM at 2014-08-12 21:34:03 Run:1
Running from j:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2009-07-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [Microsoft Driver Setup] => C:\Windows\yWdrive32.exe No File
HKU\ANU\...\Run: [eType] => C:\Users\ANU\AppData\Roaming\eType\eType.exe [1844 2012-10-23] ()
HKU\ANU\...\Run: [Screen Saver Pro 3.1] => C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr
HKU\ANU\...\Run: [Hmieil] => C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe
HKU\ANU\...\Run: [proxzy0229] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
HKU\ANU\...\Run: [Nmieir] => C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe
HKU\ANU\...\Run: [asodakaossd] => C:\Windows\system32\cmd.exe /c start C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs exit
HKU\ANU\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2613248 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187352 2014-07-28] (Client Connect LTD)
Startup: C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk
ShortcutTarget: asodakaossd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

S2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2983896 2014-07-28] (Client Connect LTD)
S2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
S2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-10] ()
S2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-10] ()
S2 DefaultTabUpdate; "C:\Users\ANU\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe" [X]
S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [X]
S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-07-29] (StdLib)

C:\Windows\yWdrive32.exe
C:\Users\ANU\AppData\Roaming\eType
C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr
C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe
C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs
C:\Program Files\SearchProtect
c:\program files\movies toolbar
C:\Program Files\DefaultTab
C:\Program Files\Deal Keeper
C:\Users\ANU\AppData\Roaming\defaulttab
C:\ProgramData\IBUpdaterService
C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-07-31 04:02 - 2014-07-31 04:02 - 00000000 ____D () C:\Program Files\SaveSense
2014-07-31 04:01 - 2014-07-31 04:01 - 00000000 ____D () C:\Users\ANU\AppData\Local\SearchProtect
2014-07-21 05:34 - 2014-07-21 05:41 - 02265600 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe
2014-07-19 04:14 - 2014-07-19 04:14 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe
2014-07-18 19:39 - 2014-07-18 19:40 - 00000000 _____ () C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe
2014-07-18 19:39 - 2014-07-18 19:39 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe
2014-07-17 19:24 - 2014-07-17 19:24 - 00000315 _____ () C:\Users\ANU\AppData\Roaming\asftryasfwea.exe
2014-07-13 19:21 - 2014-07-13 19:21 - 00000313 _____ () C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe
2014-08-05 06:06 - 2014-02-25 23:07 - 00000000 ____D () C:\ProgramData\websavE
2014-07-31 03:53 - 2014-07-31 03:53 - 00779176 _____ ( ) C:\Users\ANU\Downloads\setup-eng-ts.exe
2014-07-30 23:02 - 2014-07-30 23:02 - 00056147 _____ () C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip
2014-07-30 23:01 - 2014-07-30 23:01 - 00039700 _____ () C:\Users\ANU\Downloads\gunday_english-918688.zip
2014-07-30 22:12 - 2014-07-30 22:12 - 00042835 _____ () C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Microsoft Driver Setup => value deleted successfully.
HKU\ANU\Software\Microsoft\Windows\CurrentVersion\Run\\eType => value deleted successfully.
HKU\ANU\Software\Microsoft\Windows\CurrentVersion\Run\\Screen Saver Pro 3.1 => value deleted successfully.
HKU\ANU\Software\Microsoft\Windows\CurrentVersion\Run\\Hmieil => value deleted successfully.
HKU\ANU\Software\Microsoft\Windows\CurrentVersion\Run\\proxzy0229 => value deleted successfully.
HKU\ANU\Software\Microsoft\Windows\CurrentVersion\Run\\Nmieir => value deleted successfully.
HKU\ANU\Software\Microsoft\Windows\CurrentVersion\Run\\asodakaossd => value deleted successfully.
HKU\ANU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL" => Value Data removed successfully.
C:\Users\ANU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk => Moved successfully.
C:\Windows\System32\cmd.exe => Moved successfully.
HKLM\System\ControlSet001\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
C:\Windows\System32\GroupPolicy\Machine => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
CltMngSvc => Service deleted successfully.
DefaultTabSearch => Service deleted successfully.
Update Deal Keeper => Service deleted successfully.
Util Deal Keeper => Service deleted successfully.
DefaultTabUpdate => Service deleted successfully.
IBUpdaterService => Service deleted successfully.
{55dce8ba-9dec-4013-937e-adbf9317d990}w => Service deleted successfully.
"C:\Windows\yWdrive32.exe" => File/Directory not found.
C:\Users\ANU\AppData\Roaming\eType => Moved successfully.
"C:\Users\ANU\AppData\Roaming\ScreenSaverPro.scr" => File/Directory not found.
"C:\Users\ANU\AppData\Roaming\Microsoft\Hmieil.exe" => File/Directory not found.
"C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe" => File/Directory not found.
"C:\Users\ANU\AppData\Roaming\Microsoft\Nmieir.exe" => File/Directory not found.
C:\Users\ANU\AppData\Roaming\aiasfacoafiasksf.vbs => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.
"c:\program files\movies toolbar" => File/Directory not found.
C:\Program Files\DefaultTab => Moved successfully.
C:\Program Files\Deal Keeper => Moved successfully.
C:\Users\ANU\AppData\Roaming\defaulttab => Moved successfully.
C:\ProgramData\IBUpdaterService => Moved successfully.
C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys => Moved successfully.
C:\Program Files\SaveSense => Moved successfully.
C:\Users\ANU\AppData\Local\SearchProtect => Moved successfully.
C:\Users\ANU\AppData\Roaming\asfsgwasrga.exe => Moved successfully.
C:\Users\ANU\AppData\Roaming\asfsgwsfwasdea.exe => Moved successfully.
C:\Users\ANU\AppData\Roaming\asfsgwasdsfwea.exe => Moved successfully.
C:\Users\ANU\AppData\Roaming\asfsgwsfwea.exe => Moved successfully.
C:\Users\ANU\AppData\Roaming\asftryasfwea.exe => Moved successfully.
C:\Users\ANU\AppData\Roaming\asfsgwsesdasfwea.exe => Moved successfully.
C:\ProgramData\websavE => Moved successfully.
C:\Users\ANU\Downloads\setup-eng-ts.exe => Moved successfully.
C:\Users\ANU\Downloads\hasee-toh-phasee_english-915652.zip => Moved successfully.
C:\Users\ANU\Downloads\gunday_english-918688.zip => Moved successfully.
C:\Users\ANU\Downloads\ohm-shanthi-oshaana_english-923716.zip => Moved successfully.

==== End of Fixlog ====

#15 ambika

ambika
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 12 August 2014 - 11:12 AM

i am not able to boost to my window....again i get that same blue screen.........i didnt scan my system....i have the hope that you will help me for sure....please reply me.....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users