Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer keeps shutting down, got Server busy – Switch to…error, Spyware?


  • This topic is locked This topic is locked
5 replies to this topic

#1 goodguardian

goodguardian

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 24 September 2014 - 06:56 AM

My computer would often keep shutting down after a while for no apparent reason, when I restart it and run Spybot S&D on it I would find spywares threats which I then removed. But then the computer would again shut down and I again find spywares on start-up.

 

Also yesterday I got the ‘Server Busy’ message: ‘This action cannot be completed because the other program is busy Choose ‘Switch to’ to activate the busy program and correct the problem.’ Beneath this are three buttons, from left to right they’re labelled Switch To… , Retry and Cancel. Cancel is greyed out. Pressing Switch To… opens the start menu,which closes the Server Busy window briefly but reappears after again and the loop continues. Same with the retry button. It seems impossible to get rid of this window.

 

I ran the Avast boot time scan and it detected 4 infected files. I moved all of them to the virus chest.

The infected files are: 

1clickdownload.exe in C:\Program filesx86\1clickdownload folder (Virus Description- Win32:Oneclick-D (PUP))

CNC4.dll in C:\Users\downloads\C&C 4 Tiberian Reloaded\rld-cnc4\Crack folder (Virus Description- Win32:PUP-gen (PUP))

AutoKMS.exe in C:\Windows (Virus Description- Win32:PUP-gen (PUP))

KMSEmulator in C:\Windows (Virus Description- FileRepMalware)

 

Also ran Windows defender and Spybot-s&d scans, before and after the boot time scan but it couldn't find anything.

 

But after restarting the ‘Server Busy’ message is gone for now.

I then ran the Malware anti malware scan and found 1 threat which I quarantined. The log is below:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/09/2014
Scan Time: 2:57:46 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kaustubh
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 189717
Time Elapsed: 2 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [9cad21de96e4c472c8aa2d688a78fa06], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Could there be any more spywares on my system and what steps should I take now. Please suggest next steps. The DDS logs are attached here.

 

Thanks for reading.

 

Mod Edit:  Pasted attach content into topic - Hamluis.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06/01/2012 7:11:26 AM
System Uptime: 23/09/2014 11:50:01 PM (17 hours ago)
.
Motherboard: Dell Inc. |  | 0V0PF3
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz | CPU 1 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 307.098 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP219: 30/08/2014 4:19:09 PM - Removed Camtasia Studio 8
RP220: 30/08/2014 4:30:09 PM - Installed Camtasia Studio 8
RP221: 30/08/2014 4:46:14 PM - Removed TuneUp Utilities 2014
RP222: 30/08/2014 4:47:48 PM - Removed TuneUp Utilities 2014 (en-GB)
RP223: 09/09/2014 10:41:10 PM - Removed Camtasia Studio 8
RP224: 10/09/2014 2:29:14 PM - Windows Update
RP225: 14/09/2014 6:34:54 PM - Windows Update
RP226: 22/09/2014 10:00:34 PM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.12) MUI
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier (x64)
avast! Free Antivirus
Banctec Service Agreement
BitTorrent
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Cisco WebEx Meetings
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
CutePDF Writer 3.0
D3DX10
Debugging Tools for Windows (x64)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
DivX Setup
Dora's World Adventure
Escape Whisper Valley ™
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Google Chrome
Google Talk Plugin
Google+ Auto Backup
GoToMeeting 7.0.0.1694
High-Definition Video Playback
Hotfix for Microsoft Document Explorer 2008 (KB953196)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® WiDi
Intel® Wireless Display
iTunes
Java 7 Update 51
Java Auto Updater
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
Malwarebytes Anti-Malware version 2.0.2.1012
MATLAB R2010a
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Document Explorer 2008
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++  Compilers 2010 Standard - enu - x64
Microsoft Visual C++  Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK .NET Framework Tools (40715)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Windows 7 (7.0)
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Common Utilities (40715)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Samples (40715)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
PDFill PDF Editor with FREE Writer and FREE Tools
Penguins!
PhotoShowExpress
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Premium Service Agreement
QualxServ Service Agreement
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samantha Swift
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Shared C Run-time for x64
Skype™ 6.16
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SyncUP
TrustedID
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.6195
VideoFileDownload
Virtual Villagers 4 - The Tree of Life
VJOcx2.0
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows SDK Intellidocs
Windows SDK IntellisenseNFX
WinRAR 4.00 (32-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
24/09/2014 4:14:11 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
23/09/2014 9:58:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
23/09/2014 9:55:00 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
23/09/2014 9:36:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
23/09/2014 4:45:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
23/09/2014 4:44:41 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
23/09/2014 4:44:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
23/09/2014 11:33:19 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
23/09/2014 11:32:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
23/09/2014 11:32:19 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
23/09/2014 11:31:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
23/09/2014 11:31:19 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
23/09/2014 11:18:46 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
23/09/2014 11:18:46 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
22/09/2014 8:36:32 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
20/09/2014 5:18:10 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
18/09/2014 3:18:34 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
18/09/2014 3:18:34 AM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
18/09/2014 3:06:11 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
18/09/2014 3:06:03 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
18/09/2014 3:06:03 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/09/2014 3:06:02 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
18/09/2014 3:06:02 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
18/09/2014 3:06:01 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/09/2014 3:05:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service Bluetooth Media Service with arguments "" in order to run the server: {9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}
18/09/2014 3:05:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
18/09/2014 3:05:25 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
18/09/2014 3:05:25 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
18/09/2014 1:45:55 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
.
==== End Of File ===========================
 

 

 


Edited by hamluis, 24 September 2014 - 07:00 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 24 September 2014 - 08:26 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 goodguardian

goodguardian
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 24 September 2014 - 09:23 AM

Hello,

 

Thanks for your reply and offer of help.

 

I am pretty sure, the malware would have entered through these cracksites/waresites. I have myself not installed any illegal cracked software from any of these website sources.

 

But, I am ready to remove all cracked software from my system.

Looking at the logs, which are the cracked programs you think that I have on my system. If you could name them I could then remove them and continue with the cleanup.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 24 September 2014 - 09:57 AM

Please uninstall your Microsoft Office components, then scan with FRST and CKscan.

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with CKScanner

Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 goodguardian

goodguardian
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 25 September 2014 - 05:23 AM

I have removed the Microsoft office and any other cracked software components that I could find. But  the Matlab software is original and was downloaded from the Mathworks website and I have the license for it as well and been using it for long without any problem. So I am not going to be removing that.

 

The FRST.txt and Addition.txt results of FRST scan are below:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Kaustubh (administrator) on HOMEPC on 25-09-2014 05:40:03
Running from C:\Users\Kaustubh\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Kaustubh\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Malwarebytes\mbamservice.exe
(Malwarebytes Corporation) C:\Malwarebytes\mbamscheduler.exe
(Malwarebytes Corporation) C:\Malwarebytes\mbam.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-25] (Dell Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-30] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-02-07] ()
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-30] ()
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-03-07] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [iTunesHelper] => "E:\iTunesHelper.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1063501291-1798557927-574659722-1000\...\Run: [Google Update] => C:\Users\Kaustubh\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-06] (Google Inc.)
HKU\S-1-5-21-1063501291-1798557927-574659722-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe -update activex
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BDDF9DB-2E5B-450A-85DA-F653E51F00CC}: [NameServer] 0.0.0.0
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Kaustubh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kaustubh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Kaustubh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Kaustubh\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Kaustubh\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kaustubh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kaustubh\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-06]
CHR Extension: (Google Search) - C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-06]
CHR Extension: (avast! WebRep) - C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-04-06]
CHR Extension: (GoToMeeting Free Sharing) - C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgncfoanhgdfmkgfehkfdlbdnbhafpp [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Users\Kaustubh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-06]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-04-06]
CHR StartMenuInternet: Google Chrome - C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-06] (WildTangent)
R4 MBAMScheduler; C:\Malwarebytes\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Malwarebytes\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
S2 vvdsvc; C:\windows\SysWOW64\Nagasoft\vjocx.dll [1685024 2009-03-18] (NanJing Nagasoft Co, LTD.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-07] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-07] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 05:40 - 2014-09-25 05:40 - 00022373 _____ () C:\Users\Kaustubh\Downloads\FRST.txt
2014-09-25 05:38 - 2014-09-25 05:38 - 00000467 _____ () C:\Users\Kaustubh\Desktop\ckfiles.txt
2014-09-25 04:31 - 2014-09-25 04:31 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-25 01:12 - 2014-09-25 05:40 - 00000000 ____D () C:\FRST
2014-09-25 00:46 - 2014-09-25 00:49 - 02106880 _____ (Farbar) C:\Users\Kaustubh\Downloads\FRST64.exe
2014-09-24 22:54 - 2014-09-24 22:55 - 00468480 _____ () C:\Users\Kaustubh\Downloads\CKScanner.exe
2014-09-24 16:22 - 2014-09-24 16:22 - 00026906 _____ () C:\Users\Kaustubh\Desktop\dds.txt
2014-09-24 16:22 - 2014-09-24 16:22 - 00022155 _____ () C:\Users\Kaustubh\Desktop\attach.txt
2014-09-24 15:51 - 2014-09-24 15:53 - 00688992 ____R (Swearware) C:\Users\Kaustubh\Downloads\dds.com
2014-09-24 14:53 - 2014-09-25 04:42 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 14:51 - 2014-09-24 14:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 14:51 - 2014-09-24 14:51 - 00000000 ____D () C:\Malwarebytes
2014-09-24 14:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-24 14:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-24 14:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-24 06:10 - 2014-09-24 07:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kaustubh\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 22:20 - 2014-08-19 03:59 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-22 22:20 - 2014-08-19 03:35 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-22 22:20 - 2014-08-19 03:27 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-22 22:20 - 2014-08-19 03:07 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-22 22:19 - 2014-08-19 23:35 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-22 22:19 - 2014-08-19 23:09 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-22 22:19 - 2014-08-19 04:31 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-22 22:19 - 2014-08-19 03:59 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-22 22:19 - 2014-08-19 03:56 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-22 22:19 - 2014-08-19 03:50 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-22 22:19 - 2014-08-19 03:49 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-22 22:19 - 2014-08-19 03:45 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-22 22:19 - 2014-08-19 03:45 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-22 22:19 - 2014-08-19 03:44 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-22 22:19 - 2014-08-19 03:44 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-22 22:19 - 2014-08-19 03:38 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-22 22:19 - 2014-08-19 03:38 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-22 22:19 - 2014-08-19 03:38 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-22 22:19 - 2014-08-19 03:33 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-22 22:19 - 2014-08-19 03:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-22 22:19 - 2014-08-19 03:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-22 22:19 - 2014-08-19 03:26 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-22 22:19 - 2014-08-19 03:21 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-22 22:19 - 2014-08-19 03:16 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-22 22:19 - 2014-08-19 03:15 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-22 22:19 - 2014-08-19 03:15 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-22 22:19 - 2014-08-19 03:14 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-22 22:19 - 2014-08-19 03:14 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-22 22:19 - 2014-08-19 03:12 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-22 22:19 - 2014-08-19 03:10 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-22 22:19 - 2014-08-19 03:09 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-22 22:19 - 2014-08-19 03:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-22 22:19 - 2014-08-19 03:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-22 22:19 - 2014-08-19 03:08 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-22 22:19 - 2014-08-19 03:06 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-22 22:19 - 2014-08-19 03:05 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-22 22:19 - 2014-08-19 02:57 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-22 22:19 - 2014-08-19 02:55 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-22 22:19 - 2014-08-19 02:55 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-22 22:19 - 2014-08-19 02:53 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-22 22:19 - 2014-08-19 02:53 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-22 22:19 - 2014-08-19 02:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-22 22:19 - 2014-08-19 02:49 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-22 22:19 - 2014-08-19 02:47 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-22 22:19 - 2014-08-19 02:47 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-22 22:19 - 2014-08-19 02:46 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-22 22:19 - 2014-08-19 02:45 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-22 22:19 - 2014-08-19 02:45 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-22 22:19 - 2014-08-19 02:39 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-22 22:19 - 2014-08-19 02:38 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-22 22:19 - 2014-08-19 02:37 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-22 22:19 - 2014-08-19 02:25 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-22 22:19 - 2014-08-19 02:16 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-22 22:19 - 2014-08-19 02:08 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-22 22:19 - 2014-08-19 02:08 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-22 22:19 - 2014-08-19 02:06 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-22 22:01 - 2014-06-27 07:38 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-22 22:01 - 2014-06-27 07:15 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-16 02:15 - 2014-09-25 01:37 - 00001186 _____ () C:\windows\setupact.log
2014-09-16 02:15 - 2014-09-16 02:15 - 00000000 _____ () C:\windows\setuperr.log
2014-09-10 22:39 - 2014-08-01 17:23 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 22:39 - 2014-08-01 17:05 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 22:33 - 2014-06-24 08:59 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 22:33 - 2014-06-24 08:29 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 22:32 - 2014-07-07 07:36 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 22:32 - 2014-07-07 07:36 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 22:32 - 2014-07-07 07:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 22:32 - 2014-07-07 07:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 22:32 - 2014-07-07 07:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 22:31 - 2014-09-05 07:40 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 22:31 - 2014-09-05 07:35 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-09 15:25 - 2014-09-09 15:25 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\TechSmith
2014-09-09 15:23 - 2014-09-09 22:43 - 00000000 ____D () C:\ProgramData\TechSmith
2014-08-30 19:19 - 2014-09-23 23:08 - 00000000 ____D () C:\Users\Kaustubh\Documents\CB&I
2014-08-30 16:29 - 2014-08-30 16:29 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\TuneUp Software
2014-08-30 16:29 - 2014-08-30 16:29 - 00000000 ____D () C:\Users\Kaustubh\AppData\Local\TuneUp Software
2014-08-30 16:28 - 2014-08-30 16:30 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-08-30 16:28 - 2014-08-30 16:28 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-08-30 16:25 - 2014-08-30 16:25 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\RHEng
2014-08-30 16:24 - 2014-08-30 16:26 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\rmi
2014-08-28 01:03 - 2014-08-23 07:37 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 01:03 - 2014-08-23 07:15 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 01:03 - 2014-08-23 06:29 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 05:40 - 2014-09-25 05:40 - 00022373 _____ () C:\Users\Kaustubh\Downloads\FRST.txt
2014-09-25 05:40 - 2014-09-25 01:12 - 00000000 ____D () C:\FRST
2014-09-25 05:39 - 2014-07-09 01:41 - 00000544 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1063501291-1798557927-574659722-1000.job
2014-09-25 05:38 - 2014-09-25 05:38 - 00000467 _____ () C:\Users\Kaustubh\Desktop\ckfiles.txt
2014-09-25 05:35 - 2012-02-27 07:09 - 00000000 ____D () C:\Red Alert 3 Expansion
2014-09-25 05:35 - 2012-02-14 06:42 - 00000000 ____D () C:\Users\Kaustubh\Downloads\Command.And.Conquer.Red.Alert.3.Uprising-RELOADED
2014-09-25 05:35 - 2012-01-18 07:23 - 00000000 ____D () C:\Pro Engineer
2014-09-25 05:29 - 2012-08-16 07:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 05:24 - 2012-01-06 08:29 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1063501291-1798557927-574659722-1000UA.job
2014-09-25 04:48 - 2012-08-12 13:47 - 00000000 ____D () C:\Users\Kaustubh\Downloads\Command And Conquer 4 Tiberian Twilight-RELOADED
2014-09-25 04:42 - 2014-09-24 14:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 04:32 - 2012-08-16 07:35 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 04:31 - 2014-09-25 04:31 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-25 04:31 - 2012-04-23 22:22 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 04:31 - 2011-12-06 19:35 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 04:15 - 2011-12-06 19:24 - 01280132 _____ () C:\windows\WindowsUpdate.log
2014-09-25 01:38 - 2009-07-14 10:43 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-25 01:37 - 2014-09-16 02:15 - 00001186 _____ () C:\windows\setupact.log
2014-09-25 01:24 - 2012-01-06 08:29 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1063501291-1798557927-574659722-1000Core.job
2014-09-25 00:49 - 2014-09-25 00:46 - 02106880 _____ (Farbar) C:\Users\Kaustubh\Downloads\FRST64.exe
2014-09-24 23:47 - 2012-01-06 08:06 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{A21914E4-C6D4-42FB-98A2-FF0CDE6E4599}
2014-09-24 22:55 - 2014-09-24 22:54 - 00468480 _____ () C:\Users\Kaustubh\Downloads\CKScanner.exe
2014-09-24 16:22 - 2014-09-24 16:22 - 00026906 _____ () C:\Users\Kaustubh\Desktop\dds.txt
2014-09-24 16:22 - 2014-09-24 16:22 - 00022155 _____ () C:\Users\Kaustubh\Desktop\attach.txt
2014-09-24 15:53 - 2014-09-24 15:51 - 00688992 ____R (Swearware) C:\Users\Kaustubh\Downloads\dds.com
2014-09-24 14:51 - 2014-09-24 14:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 14:51 - 2014-09-24 14:51 - 00000000 ____D () C:\Malwarebytes
2014-09-24 14:00 - 2013-05-22 13:48 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-09-24 07:10 - 2014-09-24 06:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kaustubh\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-24 06:03 - 2009-07-14 10:15 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 06:03 - 2009-07-14 10:15 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 04:57 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\rescache
2014-09-24 04:13 - 2011-12-06 20:38 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-24 04:13 - 2011-12-06 20:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-24 04:13 - 2011-12-06 20:29 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-24 04:13 - 2011-12-06 20:10 - 00000000 ____D () C:\ProgramData\Sonic
2014-09-24 03:58 - 2013-10-28 19:30 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-24 03:55 - 2013-01-19 01:42 - 00000202 _____ () C:\windows\Tasks\AutoKMSDaily.job
2014-09-24 03:55 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-24 00:31 - 2012-01-19 14:20 - 00000000 ____D () C:\Program Files (x86)\1ClickDownload
2014-09-23 23:08 - 2014-08-30 19:19 - 00000000 ____D () C:\Users\Kaustubh\Documents\CB&I
2014-09-22 22:53 - 2011-12-06 20:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-22 22:40 - 2013-01-19 13:30 - 00204045 _____ () C:\windows\AutoKMS.log
2014-09-22 22:40 - 2013-01-19 01:42 - 00000206 _____ () C:\windows\Tasks\AutoKMS.job
2014-09-22 22:39 - 2009-07-14 10:15 - 00393144 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-22 22:36 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-22 22:34 - 2012-04-02 13:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-22 22:16 - 2011-12-06 19:38 - 00766780 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-22 22:15 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-09-22 22:01 - 2014-05-18 09:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-22 16:59 - 2014-07-09 01:41 - 00003576 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1063501291-1798557927-574659722-1000
2014-09-22 16:47 - 2013-04-06 09:52 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-18 14:48 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\system32\NDF
2014-09-16 02:15 - 2014-09-16 02:15 - 00000000 _____ () C:\windows\setuperr.log
2014-09-15 17:13 - 2013-09-10 04:55 - 00000000 ____D () C:\windows\Minidump
2014-09-15 09:06 - 2010-11-21 08:57 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-15 02:15 - 2010-11-21 09:17 - 00240998 _____ () C:\windows\PFRO.log
2014-09-12 00:49 - 2012-01-09 03:25 - 00000000 ____D () C:\Users\Kaustubh\AppData\Local\Microsoft Games
2014-09-09 22:43 - 2014-09-09 15:23 - 00000000 ____D () C:\ProgramData\TechSmith
2014-09-09 15:25 - 2014-09-09 15:25 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\TechSmith
2014-09-08 21:30 - 2012-08-15 10:35 - 00000000 ____D () C:\Users\Kaustubh\AppData\Local\CutePDF Writer
2014-09-07 17:50 - 2009-07-14 10:38 - 00032562 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-05 07:40 - 2014-09-10 22:31 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 07:35 - 2014-09-10 22:31 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-30 16:30 - 2014-08-30 16:28 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-08-30 16:29 - 2014-08-30 16:29 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\TuneUp Software
2014-08-30 16:29 - 2014-08-30 16:29 - 00000000 ____D () C:\Users\Kaustubh\AppData\Local\TuneUp Software
2014-08-30 16:28 - 2014-08-30 16:28 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-08-30 16:26 - 2014-08-30 16:24 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\rmi
2014-08-30 16:25 - 2014-08-30 16:25 - 00000000 ____D () C:\Users\Kaustubh\AppData\Roaming\RHEng
2014-08-29 13:01 - 2012-01-10 10:28 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-23 19:15
 
==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Kaustubh at 2014-09-25 05:41:18
Running from C:\Users\Kaustubh\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1483.0 - AVAST Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.1 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 7.0.0.1694 (HKCU\...\GoToMeeting) (Version: 7.0.0.1694 - CitrixOnline)
High-Definition Video Playback (x32 Version: 11.1.11500.4.273 - Nero AG) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
MATLAB R2010a (HKLM-x32\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (HKLM\...\{965DF723-5688-359E-84D2-417CAFE644B5}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM-x32\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
Microsoft Windows SDK .NET Framework Tools (40715) (Version: 7.0.40715 - Microsoft) Hidden
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{62577E41-C350-3D07-97C8-2B6CDB4BAD60}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 .NET Documentation (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Win32 Documentation (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715) (Version: 7.0.40715 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoFileDownload (HKLM-x32\...\vfd-ob) (Version: 1.0 - VideoFileDownload)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VJOcx2.0 (HKLM-x32\...\VJOcx2.0) (Version: 2.0.309.0 - )
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.25 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.25 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows SDK Intellidocs (x32 Version: 9.0.30729 - Microsoft) Hidden
Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1063501291-1798557927-574659722-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kaustubh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1063501291-1798557927-574659722-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1063501291-1798557927-574659722-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kaustubh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1063501291-1798557927-574659722-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kaustubh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1063501291-1798557927-574659722-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kaustubh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
14-09-2014 13:04:54 Windows Update
22-09-2014 16:30:34 Windows Update
24-09-2014 16:08:52 Configured Microsoft Office Professional Plus 2010
24-09-2014 16:10:42 Configured Microsoft Office Professional Plus 2010
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2012-07-06 14:28 - 00443842 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 forum.alcohol-soft.com
127.0.0.1 support.alcohol-soft.com
127.0.0.1 users.alcohol-soft.com
127.0.0.1 shop.alcohol-soft.com
127.0.0.1 vodka.alcohol-soft.com
127.0.0.1 195.137.236.101
127.0.0.1 gosredirector.ea.com
127.0.0.1 gosredirector.ea.com
127.0.0.1 blazeserver.blazeemu.org
127.0.0.1 gosgvaprod-qos01.ea.com
127.0.0.1 gosiadprod-qos01.ea.com
127.0.0.1 gossjcprod-qos01.ea.com
127.0.0.1 demangler.ea.com
127.0.0.1 vmp.tools.gos.ea.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C3C8CAB-A9A8-4F71-8AE3-E06468C571AC} - System32\Tasks\{1CFBD057-EA81-4183-843B-67B43038214C} => C:\Users\Kaustubh\Desktop\Cricket07.exe [2007-08-29] (PlanetCricket)
Task: {0C77EB03-548B-41C2-8E69-A5FCB740C879} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-02-01] (PC-Doctor, Inc.)
Task: {40064A69-113A-444A-B6CD-1C57CC7DE55B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1063501291-1798557927-574659722-1000Core => C:\Users\Kaustubh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06] (Google Inc.)
Task: {54FD8829-7DF2-47C6-A781-2BAE25B79F64} - System32\Tasks\{E3BD5528-C768-4715-995A-708A9C9B8070} => C:\Users\Kaustubh\Desktop\Cricket07.exe [2007-08-29] (PlanetCricket)
Task: {59D5D202-0D3A-417A-B3A8-3DAA6E7C64C9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6A56AE89-ADA9-4D65-8233-294621B09A8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1063501291-1798557927-574659722-1000UA => C:\Users\Kaustubh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06] (Google Inc.)
Task: {73B7B6F6-A5F3-4BA8-AAA9-9663D3478967} - System32\Tasks\{B77A88F3-E84B-42B5-9378-DF2A023EDD32} => C:\Users\Kaustubh\Desktop\Cricket07.exe [2007-08-29] (PlanetCricket)
Task: {7D96DF9E-F427-43AE-99A4-C4821D4ABDFE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {8228EC5B-4343-41D2-A13A-0CF73733DEE3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-02-01] (PC-Doctor, Inc.)
Task: {8E20D6C3-0F5E-48B8-A2D6-E6F8FCC8DF5D} - System32\Tasks\{24CA0F48-1912-4798-B583-A47EA3FC6A65} => C:\Users\Kaustubh\Desktop\Cricket07.exe [2007-08-29] (PlanetCricket)
Task: {99BB7271-369D-4CD0-B74D-C818543282D3} - System32\Tasks\RunAsStdUser Task => c:\matlab 2010a 32bit\MATLAB R2010a.lnk [2013-09-29] ()
Task: {A2BE60A3-6E02-4DD3-9137-025AE4B71C76} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-11] (AVAST Software)
Task: {B464583C-9505-4A79-B603-58EB699E4C70} - System32\Tasks\{F3DB14C9-6F00-40FE-8FEE-9050BA8E363E} => C:\Users\Kaustubh\Desktop\Cricket07.exe [2007-08-29] (PlanetCricket)
Task: {CD4388DD-8C4A-45EF-95E0-C9CBC3B5A5CC} - System32\Tasks\G2MUpdateTask-S-1-5-21-1063501291-1798557927-574659722-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1694\g2mupdate.exe [2014-09-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F1C3EB3F-F8D4-462A-BEDE-03310237DD16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1063501291-1798557927-574659722-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\1694\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1063501291-1798557927-574659722-1000Core.job => C:\Users\Kaustubh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1063501291-1798557927-574659722-1000UA.job => C:\Users\Kaustubh\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-28 07:37 - 2011-07-28 07:37 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-08-15 10:28 - 2012-08-01 00:01 - 00087152 _____ () C:\windows\System32\cpwmon64.dll
2012-01-20 14:04 - 2011-03-03 02:10 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-12-06 20:29 - 2011-08-18 21:35 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-12-06 20:56 - 2011-04-11 00:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-28 07:37 - 2011-07-28 07:37 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 22:05 - 2010-11-17 22:05 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-04-30 05:48 - 2011-04-30 05:48 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2013-11-15 06:18 - 2013-11-15 06:18 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-24 22:20 - 2014-09-24 15:39 - 02869760 _____ () C:\Program Files\AVAST Software\Avast\defs\14092400\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-23 00:34 - 2014-09-23 00:34 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f0322cce99ffb4609aaaec5e37048cf3\IsdiInterop.ni.dll
2011-12-06 19:34 - 2010-11-06 11:20 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-11-25 10:14 - 2010-11-25 10:14 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-04-30 05:43 - 2011-04-30 05:43 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-04-30 05:43 - 2011-04-30 05:43 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-11-15 06:19 - 2013-11-15 06:19 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-12 23:31 - 2014-09-04 08:31 - 01098056 _____ () C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 23:31 - 2014-09-04 08:31 - 00174408 _____ () C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 23:31 - 2014-09-04 08:31 - 08577864 _____ () C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 23:31 - 2014-09-04 08:31 - 00331592 _____ () C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 23:31 - 2014-09-04 08:31 - 01660232 _____ () C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-12 23:31 - 2014-09-04 08:31 - 14891848 _____ () C:\Users\Kaustubh\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/25/2014 05:35:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.4.2.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2a5c
 
Start Time: 01cfd81f99b73021
 
Termination Time: 182
 
Application Path: C:\Users\Kaustubh\Downloads\CKScanner.exe
 
Report Id: 8fb6dc25-4447-11e4-bb4b-4c809352212c
 
Error: (09/25/2014 04:19:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/25/2014 04:18:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/25/2014 04:18:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/25/2014 03:34:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/25/2014 03:32:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/25/2014 03:29:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/24/2014 04:29:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (09/24/2014 04:51:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/24/2014 04:50:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (09/24/2014 04:14:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (09/24/2014 03:54:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:49:13 PM on ‎23/‎09/‎2014 was unexpected.
 
Error: (09/23/2014 11:33:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
 
Error: (09/23/2014 11:32:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
 
Error: (09/23/2014 11:32:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
 
Error: (09/23/2014 11:31:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
 
Error: (09/23/2014 11:31:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
 
Error: (09/23/2014 11:18:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
 
Error: (09/23/2014 11:18:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
 
Error: (09/23/2014 11:09:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (09/29/2013 02:09:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 359074 seconds with 6600 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 73%
Total physical RAM: 4003.18 MB
Available physical RAM: 1052.81 MB
Total Pagefile: 8036.54 MB
Available Pagefile: 1622.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:332.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 54E0A0E9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 

 

==================== End Of Log ============================

 

The results of CKScanner are below:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\matlab 2010a\toolbox\pde\crackb.m
c:\matlab 2010a\toolbox\pde\crackg.m
c:\matlab 2010a\toolbox\pde\ja\crackb.m
c:\matlab 2010a\toolbox\pde\ja\crackg.m
c:\matlab 2010a 32bit\toolbox\pde\crackb.m
c:\matlab 2010a 32bit\toolbox\pde\crackg.m
c:\matlab 2010a 32bit\toolbox\pde\ja\crackb.m
c:\matlab 2010a 32bit\toolbox\pde\ja\crackg.m
scanner sequence 3.DD.11.IUAPQZ
 ----- EOF ----- 


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 25 September 2014 - 08:40 AM

Directly after replying to me, you´ve downloaded the next pirated program.

 

 

2014-09-25 05:35 - 2012-02-14 06:42 - 00000000 ____D () C:\Users\Kaustubh\Downloads\Command.And.Conquer.Red.Alert.3.Uprising-RELOADED

 

 

This topic will now be closed due to evidence of cracked or pirated software on this system.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users