Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black screen with aiasfacoiaksf.vbs error


  • This topic is locked This topic is locked
21 replies to this topic

#1 gauravit6

gauravit6

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 07 May 2015 - 03:35 AM

I am getting black screen when at the time of system startup that time it asks to close or ignore that message.

And whenever i plugin USB drive it shows shortcut of every folder and when i try to copy file from USB it wont copy any data.

Please help me to remove this VB script malware. 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 AM

Posted 07 May 2015 - 03:29 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 gauravit6

gauravit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 May 2015 - 01:44 AM

Log of FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Gaurav (administrator) on GAURAV-PC on 08-05-2015 12:10:34
Running from C:\Users\Gaurav\Desktop
Loaded Profiles: Gaurav (Available profiles: Gaurav)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
() C:\Tally.ERP9\tallylicserver.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\hqtray.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.exe
(BitTorrent Inc.) C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
() C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [Tutorials] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [501104 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [ConvertAd] => C:\Users\Gaurav\AppData\Local\ConvertAd\ConvertAd.exe
HKLM\...\Run: [VMware hqtray] => C:\Program Files\VMware\VMware Player\hqtray.exe [64048 2008-10-28] (VMware, Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [RGSC] => F:\gamesl\gta4\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [Facebook Update] => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-11] (Facebook Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3865232 2013-10-12] (Speedbit Ltd.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [BitTorrent] => C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe [1443160 2015-04-30] (BitTorrent Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [TornTv Downloader] => C:\Users\Gaurav\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [Connectify] => C:\Program Files\Connectify\Connectify.exe [4007936 2012-11-10] (Connectify)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [asodakaossd] => C:\Windows\system32\cmd.exe /c start C:\Users\Gaurav\AppData\Roaming\aiasfacoafiasksf.vbs exit
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk [2015-04-11]
ShortcutTarget: asodakaossd.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com/?s=DACaya1
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1415459926&from=ild&uid=WDCXWD5000BPVT-75HXZT3_WD-WXC1EC1MAKR3MAKR3
SearchScopes: HKLM -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=DACaya1&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=DACaya1&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1421988896&from=zbd1&uid=wdcxwd5000bpvt-75hxzt3_wd-wxc1ec1makr3makr3&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2283987553-728366819-2836283039-1000 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=DACaya1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2283987553-728366819-2836283039-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D655CCAF78A1123D&affID=119818&tt=250613_gr1&tsp=4928
SearchScopes: HKU\S-1-5-21-2283987553-728366819-2836283039-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415459926&from=ild&uid=WDCXWD5000BPVT-75HXZT3_WD-WXC1EC1MAKR3MAKR3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2283987553-728366819-2836283039-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1421988896&from=zbd1&uid=wdcxwd5000bpvt-75hxzt3_wd-wxc1ec1makr3makr3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2283987553-728366819-2836283039-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=DACaya1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2283987553-728366819-2836283039-1000 -> {E53BB1EE-0428-4CD1-ABC7-F4CB447F22D6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll [2014-11-08] (Thinknice Co. Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation)
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-10-12] (Speedbit Ltd.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2283987553-728366819-2836283039-1000 -> SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Winsock: Catalog9 12 C:\Program Files\VMware\VMware Player\vsocklib.dll [330288 2008-10-28] (VMware, Inc.)
Winsock: Catalog9 13 C:\Program Files\VMware\VMware Player\vsocklib.dll [330288 2008-10-28] (VMware, Inc.)
Tcpip\..\Interfaces\{DCF5E03F-E87E-461F-9B27-B7F0621BE9CA}: [NameServer] 59.179.243.70,203.94.243.70
 
FireFox:
========
FF ProfilePath: C:\Users\Gaurav\AppData\Roaming\Mozilla\Firefox\Profiles\kvto4sk2.default-1422072188285
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-23] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283987553-728366819-2836283039-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\Gaurav\AppData\Roaming\Mozilla\Firefox\Profiles\bvbvr78w.default-1421814510690\searchplugins\V9.xml [2015-01-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-08]
FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files\SearchPredict\PRFireFox
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SPEEDbit Video Downloader\SPFireFox
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2013-10-12]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Gaurav\AppData\Roaming\Mozilla\Firefox\Profiles\k8cmgwk7.default-1380971258599\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2013-10-12]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb [2013-08-31]
CHR Extension: (No Name) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn [2014-11-12]
CHR Extension: (No Name) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-17]
CHR Extension: (GoSave) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc [2014-11-08]
CHR HKLM\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\Gaurav\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Gaurav\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-01]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2013-10-12]
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-10-06]
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx [Not Found]
CHR HKU\S-1-5-21-2283987553-728366819-2836283039-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\Gaurav\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-29]
CHR HKU\S-1-5-21-2283987553-728366819-2836283039-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Gaurav\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-01]
 
Opera: 
=======
OPR Extension: (Easy Youtube Video Downloader For Opera) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\acghaimmohdiildbgkbcjfmkdgglpofi [2013-10-05]
OPR Extension: (Youtube to mp3 converter) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2015-03-16]
OPR Extension: (YouTube Downloader) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-03-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2007-11-02] (ABBYY (BIT Software)) [File not signed]
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [65536 2012-11-10] () [File not signed]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1087792 2015-04-26] (Flexera Software LLC)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1751672 2014-03-04] (Speedbit Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-27] (IDT, Inc.)
R2 Tally License Server 2.0; C:\Tally.ERP9\tallylicserver.exe [478208 2009-04-02] () [File not signed]
S3 ufad-ws60; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [113200 2008-10-28] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [326192 2008-10-28] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [399920 2008-10-28] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 GSService; "C:\Windows\system32\GSService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [302120 2011-02-08] (Broadcom Corporation.)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [27248 2015-01-09] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-05] (DT Soft Ltd)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2008-10-28] (VMware, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-03-04] ()
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2008-10-28] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2008-10-28] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2008-10-28] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2008-10-28] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [857392 2008-10-28] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2008-10-02] (VMware, Inc.)
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-08 12:10 - 2015-05-08 12:11 - 00019744 _____ () C:\Users\Gaurav\Desktop\FRST.txt
2015-05-08 12:10 - 2015-05-08 12:10 - 00000000 ____D () C:\FRST
2015-05-08 12:09 - 2015-05-08 12:08 - 01141248 _____ (Farbar) C:\Users\Gaurav\Desktop\FRST.exe
2015-05-08 12:08 - 2015-05-08 12:08 - 01141248 _____ (Farbar) C:\Users\Gaurav\Downloads\FRST.exe
2015-05-07 21:09 - 2015-05-07 21:11 - 02177024 _____ () C:\Users\Gaurav\Downloads\Daily Update of 7th May'15.xls
2015-05-07 21:08 - 2015-05-07 21:08 - 00078816 _____ () C:\Users\Gaurav\Downloads\e.htm
2015-05-07 13:39 - 2015-05-07 13:40 - 00243912 _____ () C:\Users\Gaurav\Downloads\report1430986187266.xls
2015-05-03 22:48 - 2015-05-04 07:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-03 22:48 - 2015-05-03 23:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-03 22:43 - 2015-05-03 22:48 - 16873560 _____ () C:\Users\Gaurav\Downloads\RogueKiller.exe
2015-05-03 22:22 - 2015-05-03 22:24 - 00000000 ____D () C:\Users\Gaurav\Downloads\mov
2015-05-02 20:43 - 2015-05-03 08:11 - 00000000 ____D () C:\Users\Gaurav\Downloads\Cloverfield (2008) 720p BLuRay x264 Dual Audio [Eng DD 5.1-Hindi 2.0] XdesiArsenal [ExD-XMR]
2015-05-02 20:42 - 2015-05-02 20:42 - 00019693 _____ () C:\Users\Gaurav\Downloads\MONOVA.ORG Cloverfield_(2008)_720p_BLuRay_x264_Dual_Audio_(Eng_DD_5.1-Hindi_2.0)_XdesiArsenal_(ExD-XMR).torrent
2015-04-26 12:01 - 2015-04-26 12:01 - 00001231 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 8.2 (32-bit).lnk
2015-04-26 12:01 - 2015-04-26 12:01 - 00001219 _____ () C:\Users\Public\Desktop\Tableau 8.2 (32-bit).lnk
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\Users\Gaurav\Documents\My Tableau Repository
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-26 12:00 - 2015-04-26 12:00 - 00000000 ____D () C:\Program Files\Tableau
2015-04-25 18:36 - 2015-04-25 19:02 - 00000000 ____D () C:\Users\Gaurav\Downloads\Unbroken (2014) 720p Blu-Ray x264 [Dual-Audio][English BD 5.1 + Hindi BD 5.1] - Mafiaking - M2Tv
2015-04-23 09:57 - 2015-04-23 09:57 - 17244848 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-04-20 21:37 - 2015-04-20 21:37 - 00001245 _____ () C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe
2015-04-18 10:08 - 2015-04-18 17:42 - 00000000 ____D () C:\Users\Gaurav\Downloads\Falcon Rising [2014] Blu-Ray 720p x264 Dual audio [Eng 5.1 +Hindi 2.0]...Hon3y
2015-04-11 14:59 - 2014-07-04 11:13 - 00024221 _____ () C:\Users\Gaurav\AppData\Roaming\aiasfacoafiasksf.vbs
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-08 12:09 - 2012-10-04 11:44 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\BitTorrent
2015-05-08 12:09 - 2010-11-21 02:31 - 00718036 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 12:07 - 2012-10-03 07:03 - 01501127 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 12:04 - 2014-12-16 11:20 - 00000000 ____D () C:\ProgramData\VMware
2015-05-08 12:04 - 2013-06-29 18:45 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\EQATEC Analytics
2015-05-08 12:04 - 2012-12-06 18:19 - 00000000 ____D () C:\Tally.ERP9
2015-05-08 12:04 - 2012-10-03 13:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-08 12:04 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 12:04 - 2009-07-14 10:09 - 00152992 _____ () C:\Windows\setupact.log
2015-05-07 22:00 - 2014-11-08 22:00 - 00000292 _____ () C:\Windows\Tasks\FoxTab.job
2015-05-07 21:39 - 2015-02-23 10:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-07 21:02 - 2013-08-11 23:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000UA.job
2015-05-07 18:23 - 2012-10-02 22:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-07 11:43 - 2009-07-14 10:04 - 00021520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 11:43 - 2009-07-14 10:04 - 00021520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 22:24 - 2013-10-12 22:15 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2015-05-04 07:53 - 2015-01-18 13:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-04 07:32 - 2013-09-30 21:08 - 00000000 ____D () C:\Program Files\Opera
2015-05-04 07:30 - 2013-07-07 10:42 - 00000000 ____D () C:\Program Files\WinZipper
2015-05-02 20:39 - 2015-02-23 10:10 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-30 09:51 - 2012-10-02 19:42 - 00000000 ____D () C:\Users\Gaurav\Documents\Bluetooth Exchange Folder
2015-04-28 09:09 - 2013-08-11 23:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000Core.job
2015-04-23 09:57 - 2012-10-02 19:27 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-23 09:57 - 2012-10-02 19:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-23 09:02 - 2012-10-03 07:53 - 00000000 ____D () C:\Windows.old
2015-04-21 10:14 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-20 21:33 - 2010-11-21 03:18 - 00051932 _____ () C:\Windows\PFRO.log
2015-04-11 15:13 - 2014-09-07 08:29 - 00002000 ____H () C:\Users\Gaurav\Documents\Default.rdp
2015-04-11 15:08 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-08 10:32 - 2012-10-06 10:24 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2015-04-11 14:59 - 2014-07-04 11:13 - 0024221 _____ () C:\Users\Gaurav\AppData\Roaming\aiasfacoafiasksf.vbs
2015-04-20 21:37 - 2015-04-20 21:37 - 0001245 _____ () C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe
2012-12-02 17:33 - 2012-12-03 20:43 - 0155984 _____ () C:\Users\Gaurav\AppData\Roaming\icr-20-jan
2012-12-02 17:33 - 2012-12-02 17:33 - 0663552 _____ (Macrovision Corporation) C:\Users\Gaurav\AppData\Roaming\icr-20-jan.exe
2014-11-08 21:00 - 2014-11-08 21:00 - 0613012 _____ (CMI Limited) C:\Users\Gaurav\AppData\Local\nsuAF95.tmp
2014-11-08 21:55 - 2014-11-08 21:55 - 0613012 _____ (CMI Limited) C:\Users\Gaurav\AppData\Local\nsv9A4.tmp
2012-10-15 00:19 - 2013-02-23 00:41 - 0007606 _____ () C:\Users\Gaurav\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Gaurav\AppData\Local\Temp\8D81CD1A-6757-DFEC-EC64-82A4FEAE2EB9.dll
C:\Users\Gaurav\AppData\Local\Temp\8D81CD1A-6757-DFEC-EC64-82A4FEAE2EB9.exe
C:\Users\Gaurav\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gaurav\AppData\Local\Temp\DB885B82-41A3-5A42-5702-2B22AACA983A.exe
C:\Users\Gaurav\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Gaurav\AppData\Local\Temp\down.5332.setupytb.exe
C:\Users\Gaurav\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Gaurav\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.17.exe
C:\Users\Gaurav\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Gaurav\AppData\Local\Temp\InstallIMVU_507.0.exe
C:\Users\Gaurav\AppData\Local\Temp\install_flashplayer16x32pp_chra_dy_aaa_aih.exe
C:\Users\Gaurav\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Gaurav\AppData\Local\Temp\Runner2.exe
C:\Users\Gaurav\AppData\Local\Temp\Runner4.exe
C:\Users\Gaurav\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Gaurav\AppData\Local\Temp\Tsu0E92F319.dll
C:\Users\Gaurav\AppData\Local\Temp\ttv.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 10:44
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
Log of Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Gaurav at 2015-05-08 12:11:28
Running from C:\Users\Gaurav\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2283987553-728366819-2836283039-500 - Administrator - Disabled)
Gaurav (S-1-5-21-2283987553-728366819-2836283039-1000 - Administrator - Enabled) => C:\Users\Gaurav
Guest (S-1-5-21-2283987553-728366819-2836283039-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2283987553-728366819-2836283039-1002 - Limited - Enabled)
__vmware_user__ (S-1-5-21-2283987553-728366819-2836283039-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Professional Edition (HKLM\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.662.5581 - ABBYY)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Angry Birds Rio (HKLM\...\{4933D2E2-B621-487F-A7E7-96DA7312BCFE}) (Version: 1.3.2 - Rovio)
Any Video Converter 5.0.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashes Cricket 2009 (HKLM\...\InstallShield_{8B39736E-7C8C-4A32-82C1-F94245F20D85}) (Version: 1.00.0000 - Codemasters)
Ashes Cricket 2009 (Version: 1.00.0000 - Codemasters) Hidden
Assassin's Creed ® III (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.00 - Ubisoft)
Assassins Creed III version 5.1 (HKLM\...\{B810D852-DFD6-ACIII-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Assassin's Creed Revelations (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations (HKLM\...\Assassin's Creed Revelations_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BitTorrent (HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\BitTorrent) (Version: 7.9.3.40101 - BitTorrent Inc.)
Connectify Hotspot (HKLM\...\Connectify) (Version: 3.7.1.25486 - Connectify)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10053 (Build 2558) - Speedbit Ltd.)
Edraw Max 7 (HKLM\...\Edraw Max_is1) (Version:  - EdrawSoft)
F.E.A.R. 3 (HKLM\...\F.E.A.R. 3_is1) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Far Cry 3 (HKLM\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
FarCry 3 version 5.1 (HKLM\...\{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts)
Gears of War (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Hitman Blood Money (HKLM\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IMVU Avatar Chat Software (HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
London 2012 The Official Video Game of the Olympic Games version 1.02 (HKLM\...\{75D84EF7-0D8C-4e70-LOND12-7B42A5D4E0EB}_is1) (Version: 1.02 - Black_Box)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MotoGP2 (HKLM\...\MotoGP2_is1) (Version:  - THQ)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
MpcStar 5.4 (HKLM\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
Need for Speed Most Wanted - Black Edition (HKLM\...\Need for Speed Most Wanted - Black Edition_is1) (Version:  - )
Need For Speed Most Wanted 2 1.00 (HKLM\...\Need For Speed Most Wanted 2 1.00) (Version:  - )
Netflix in Windows Media Center (HKLM\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Opera Stable 29.0.1795.47 (HKLM\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Prince of Persia Warrior Within (HKLM\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Rapture3D 2.4.8 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Sexy Beach 3 Platinum Pack (HKLM\...\{BE43FDDD-F003-494F-952A-69731FF82197}) (Version: 1.00.0000 - ILLUSION)
Simple Webcam Capture v1.3 (remove only) (HKLM\...\Simple Webcam Capture) (Version:  - )
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tableau 8.2 (32-bit) (HKLM\...\{6CCDD8B4-7875-458E-A108-E75264225751}) (Version: 8.2.326 - Tableau Software)
Tally 9 (HKLM\...\{5574BC1C-4011-44B2-9981-FC49AB65F7A4}) (Version:  - ©Tally Solutions FZ-LLC, 1988-2008.)
Tally.ERP 9 (HKLM\...\{D2B2D8B6-92E3-4E7F-8947-B32885598F7E}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2009.)
Total Overdose (HKLM\...\Total Overdose) (Version:  - Edios)
Transformers Fall of Cybertron version 5.1 (HKLM\...\{B810D852-DFD6-TRANSFOC-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
TypingMaster Pro (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unreal Tournament (HKLM\...\Unreal Tournament) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VirtualDJ Home FREE (HKLM\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
VMware Player (HKLM\...\{A53A11EA-0095-493F-86FA-A15E8A86A405}) (Version: 2.5.1.5078 - VMware, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZipper (HKLM\...\WinZipper) (Version: 1.5.83 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{5EABAB2E-57F1-60FA-98DE-FD71FC6AD9E3}\InprocServer32 -> C:\Windows\SYSTEM32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Conduit\Community Alerts\Alert.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Restore Points  =========================
 
26-04-2015 08:24:48 Scheduled Checkpoint
26-04-2015 11:59:22 Installed Tableau 8.2 (32-bit)
07-05-2015 15:27:48 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09E1C081-3128-4B7B-B2A7-298DB4642663} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {0D518D3A-B1B3-4083-8117-109B0C33EC43} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2014-11-05] () <==== ATTENTION
Task: {17B4CFA0-E84B-46E2-B515-E1E6D745B318} - System32\Tasks\{9B66BDEC-CB85-4440-BA73-8BA965AC9A99} => pcalua.exe -a "C:\Users\Gaurav\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe" -c /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {18D26B1C-024C-46AA-98F0-3814CD746E0C} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {1C57715C-ACAD-4F9D-8C95-317138FDA636} - System32\Tasks\{0139A8BA-D476-4093-BC46-C049B73E2907} => pcalua.exe -a H:\Redist\vcredist_x86.exe -d H:\Redist
Task: {259B27B5-87D6-4299-85EF-5C23EF2CF505} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000Core => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-11] (Facebook Inc.)
Task: {2DFABC7D-B17A-46E8-AF3F-D66F192D6461} - System32\Tasks\FoxTab => C:\Users\Gaurav\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3609B72C-EB1F-4D11-9B29-D3FA0D0C096C} - System32\Tasks\{098AC064-B887-4A90-A87E-BCDB7EA43A3D} => pcalua.exe -a H:\Installer.exe -d H:\
Task: {3D6A2B82-4AFE-48D1-B06F-F715DEF586DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-23] (Adobe Systems Incorporated)
Task: {470B63E2-2E9A-4F70-9858-D198EC44C2D5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe [2015-04-23] (Adobe Systems Incorporated)
Task: {50EC97A9-E3CC-454E-9F32-410BACCC36AE} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2014-11-05] () <==== ATTENTION
Task: {51A0F1DA-6328-45E1-8312-F0A3FF6D4DB4} - System32\Tasks\{9CB098A8-93E0-447D-8C65-AABC23294371} => pcalua.exe -a F:\software\tekken\AUTOINST.EXE -d F:\software\tekken
Task: {5A3E5B6B-C420-4B02-AD3F-204C4B1A83E2} - System32\Tasks\{8C34AD1D-E986-484B-B537-AC198D2E3CBE} => pcalua.exe -a C:\PROGRA~1\DAP\DAPREMOVE.EXE
Task: {68F57CB9-E7D0-4200-9CE3-ACD77D3A8853} - System32\Tasks\{83F5A6E5-113D-4817-8E23-8C3F41744673} => pcalua.exe -a H:\OriginInstaller.exe -d H:\
Task: {6A29DEF9-1938-4D77-96C0-547998A8AF38} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {7F182478-353F-4F71-8E6F-1A378E51C90B} - System32\Tasks\SBWUpdateTask_Logon_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
Task: {8023753A-99FC-4138-81BE-BC8FD82390F0} - System32\Tasks\{A454E165-319A-466D-B901-41EB5EDB50D5} => F:\gamesl\dirt3\dirt3.exe
Task: {822871B6-D726-4D3B-AC9C-900FC9E108DD} - System32\Tasks\{E8FF531E-87DE-4354-80AC-D4FC2865DE37} => pcalua.exe -a C:\Users\Gaurav\Desktop\SetupSigmaFlowVSM.exe -d C:\Users\Gaurav\Desktop
Task: {879197F0-642C-4A56-B2F0-1AB8521B6FEA} - System32\Tasks\{AACC1216-FE00-4172-8A4C-7CDBE64FABC4} => pcalua.exe -a "C:\Program Files\SpeedBit Video Accelerator\VAUninstall.exe"
Task: {92674255-E0ED-48A2-924C-5492D21DAEB1} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {AA590423-A8EB-458C-BBA2-9C7FB78E09AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000UA => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-11] (Facebook Inc.)
Task: {AB3A60CD-C673-4B27-8F7E-B6BEA00EB9BB} - System32\Tasks\{C9B05901-5674-419A-B366-432E76BA8DFE} => F:\gamesl\dirt3\dirt3.exe
Task: {D5F50A10-4858-4431-9D6C-7C3A6241FA5B} - System32\Tasks\SBWUpdateTask_Time_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
Task: {DBDB7FE8-62DB-4A76-BCBB-1CF1B43344A3} - System32\Tasks\Opera scheduled Autoupdate 1380555538 => C:\Program Files\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {EB900B72-62A7-418C-8C0E-13F4B8F8E337} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {ED117815-C2C9-423F-A95A-8340B4E960E7} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files\Omiga Plus\omigaplus.exe
Task: {FC6E68DD-E451-4277-BAC2-F4A34B029BEE} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000Core.job => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000UA.job => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Gaurav\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-09 09:04 - 2012-11-10 01:00 - 00065536 _____ () C:\Program Files\Connectify\ConnectifyService.exe
2015-01-09 09:04 - 2012-11-10 01:00 - 00090472 _____ () C:\Program Files\Connectify\NativeLibrary.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00035176 _____ () C:\Program Files\Connectify\DriverLib.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 01068904 _____ () C:\Program Files\Connectify\ConnectifyNAT.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00185704 _____ () C:\Program Files\Connectify\LibDispatch.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00010240 _____ () C:\Program Files\Connectify\BuildProps.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00777064 _____ () C:\Program Files\Connectify\Vendors.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00024936 _____ () C:\Program Files\Connectify\gma.Windows.Firewall.dll
2012-12-06 18:22 - 2009-04-02 14:12 - 00478208 _____ () C:\Tally.ERP9\tallylicserver.exe
2008-10-28 23:01 - 2008-10-28 23:01 - 00970288 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2008-10-28 23:01 - 2008-10-28 23:01 - 00068656 _____ () C:\Program Files\VMware\VMware Player\zlib1.dll
2011-02-08 00:48 - 2011-02-08 00:48 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-10-03 13:00 - 2012-10-03 12:59 - 00090824 _____ () C:\Windows\system32\EasyHook32.dll
2012-10-02 19:12 - 2011-03-26 05:58 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-10-12 23:37 - 2015-01-29 21:35 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2013-10-12 23:37 - 2015-01-29 21:35 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2013-10-12 23:37 - 2015-01-29 21:35 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2013-10-12 23:38 - 2015-01-29 21:35 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2013-10-12 23:38 - 2015-01-29 21:35 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2013-10-12 23:37 - 2013-10-12 23:38 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00054120 _____ () C:\Program Files\Connectify\Scannify.dll
2015-04-30 09:58 - 2015-04-30 09:57 - 00479352 _____ () C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
2015-04-30 09:58 - 2015-04-30 09:57 - 01576568 _____ () C:\Program Files\Opera\29.0.1795.47\libglesv2.dll
2015-04-30 09:58 - 2015-04-30 09:57 - 00081016 _____ () C:\Program Files\Opera\29.0.1795.47\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 59.179.243.70 - 203.94.243.70
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5DAE25F3-A6CD-47EC-AF88-032073D28628}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{70E5417F-63E8-4BFC-8ADF-4927F25F3A01}C:\users\gaurav\downloads\bittorrent.exe] => (Allow) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [UDP Query User{0B2FC6B1-9C16-4F0B-9512-C0A151A6CFD7}C:\users\gaurav\downloads\bittorrent.exe] => (Allow) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [{89AC2C8E-483A-4BB9-AD6F-72B17BE675C5}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{971E0F57-CCD4-4D17-B268-0D9FDEF44465}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8640124A-C4C3-4575-8809-E883D2009F3F}C:\users\gaurav\downloads\bittorrent.exe] => (Block) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [UDP Query User{5EBB4859-96A6-406C-8F4E-A91733D5E338}C:\users\gaurav\downloads\bittorrent.exe] => (Block) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [TCP Query User{49BB1B43-D24B-4170-85B4-CBCC395BE6E2}C:\program files\1clickdownload\1clickdownloader.exe] => (Block) C:\program files\1clickdownload\1clickdownloader.exe
FirewallRules: [UDP Query User{3BE53095-1BD9-4F80-A50B-12A53B789AFE}C:\program files\1clickdownload\1clickdownloader.exe] => (Block) C:\program files\1clickdownload\1clickdownloader.exe
FirewallRules: [{95E292CE-1EC6-42F1-9EC1-96B89EA6A6DD}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{0C9A457D-74B4-4FB5-A1D2-0C9DF7ADA7C7}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{3CF93BDA-AB0F-47EB-8D3E-23B225E3C4F0}C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe] => (Allow) C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe
FirewallRules: [UDP Query User{E37E6571-87E3-42B5-A518-04747B7A8F57}C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe] => (Allow) C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe
FirewallRules: [{2F5C16D4-C08B-4A88-B991-C7594413DD87}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D7278B61-E09F-49EB-8C2A-BF05485961B1}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9246AF57-8303-41BA-B32F-7CC302E8D188}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{21A4EB66-0D1C-4348-8870-674E1B3ECE9D}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{DEDB0A0D-2547-4CA0-B545-2B342095FF75}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{54EB340F-1A8D-4E99-8710-E20251C80B75}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [TCP Query User{769BD7F0-AAC5-43DE-A58F-865983A21312}F:\gamesl\motogp2\motogp2.exe] => (Allow) F:\gamesl\motogp2\motogp2.exe
FirewallRules: [UDP Query User{83C63004-D956-4C3C-B145-AE6348ED8548}F:\gamesl\motogp2\motogp2.exe] => (Allow) F:\gamesl\motogp2\motogp2.exe
FirewallRules: [TCP Query User{58995B21-C53E-4451-ADD4-6C9F42190EFB}F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe] => (Allow) F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe
FirewallRules: [UDP Query User{16C963CA-E508-4B29-856E-2C577FC3B199}F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe] => (Allow) F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe
FirewallRules: [TCP Query User{B33C8E0F-9D47-4F7B-95C4-851B1D49A288}F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe] => (Allow) F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe
FirewallRules: [UDP Query User{1FE613F0-E624-4AD7-AE61-F34882BCC7E2}F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe] => (Allow) F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe
FirewallRules: [TCP Query User{F39EC1BE-8B47-45AC-A0A4-C0EEA8DE85C7}F:\gamesl\call of duty - black ops\blackops.exe] => (Allow) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{27497AFD-D37B-4F99-ADD4-7A959B115927}F:\gamesl\call of duty - black ops\blackops.exe] => (Allow) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [{A7B25883-2298-4B9F-BD62-3A94845EBA49}] => (Allow) F:\gamesl\fifa 13\FIFA 13\Game\fifa13.exe
FirewallRules: [{0D25B5D4-E1D3-4F02-8C76-8D08494987C2}] => (Allow) F:\gamesl\fifa 13\FIFA 13\Game\fifa13.exe
FirewallRules: [TCP Query User{70C68F95-939B-4A27-A83C-F845D3EE576E}F:\gamesl\call of duty - black ops\blackops.exe] => (Block) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{069B1851-2671-4D3C-8C0F-AA5731554248}F:\gamesl\call of duty - black ops\blackops.exe] => (Block) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{DDB0B91E-37A7-4BB3-9373-E84A1B401851}C:\tally\tally9.exe] => (Allow) C:\tally\tally9.exe
FirewallRules: [UDP Query User{854E35D5-3229-460B-877D-70E0A4D2B1A8}C:\tally\tally9.exe] => (Allow) C:\tally\tally9.exe
FirewallRules: [TCP Query User{DA8E7B20-4686-4F8D-BA63-016C2E69F345}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [UDP Query User{A6CD3920-4E37-4878-81FF-54F21F742826}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [TCP Query User{0B8903B0-C172-4AE6-9A1D-6340A190B6DD}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [UDP Query User{E715AA68-D4E5-44CE-922F-40A829480DA5}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [TCP Query User{3382F8EE-77AC-4B48-ABF0-F86792BDAC1D}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [UDP Query User{27FEDDBC-C4A0-4162-8B89-CA5CDC99BCA6}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [TCP Query User{592451A0-7661-4D7C-A544-EB57A9E0AD56}F:\gamesl\assassins creed iii\ac3sp.exe] => (Allow) F:\gamesl\assassins creed iii\ac3sp.exe
FirewallRules: [UDP Query User{21188417-D2ED-43DC-A7FB-6183E879FC8B}F:\gamesl\assassins creed iii\ac3sp.exe] => (Allow) F:\gamesl\assassins creed iii\ac3sp.exe
FirewallRules: [TCP Query User{242C3C07-AD29-4084-A67C-F802BAB444A7}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [UDP Query User{4C6E8C5C-2F40-4379-A606-1166B3C77767}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [{FF8C992B-82EB-49D4-90E2-A54F74BCDBB9}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{89B017F7-6FCF-4362-A3F4-AC135942E06A}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{D676A8A2-24AF-4B20-BEC6-FCCC84FAACEC}] => (Allow) C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe
FirewallRules: [{DCB12F85-C18C-4126-A5AE-BB50027E0214}] => (Allow) C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe
FirewallRules: [TCP Query User{03467310-9FDD-44A4-A07C-FA5B4169E87F}F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe] => (Allow) F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [UDP Query User{A9196915-4894-4B3B-8398-D85F642922F1}F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe] => (Allow) F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [TCP Query User{5EA12EA7-C444-4B19-B5FC-1C57E2DE8370}F:\gamesl\farcry 3\bin\farcry3.exe] => (Allow) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{8D1542C3-0721-4729-A491-348C2BAE50F2}F:\gamesl\farcry 3\bin\farcry3.exe] => (Allow) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{2BDBAA9D-DE79-478E-9F6E-20CE1C7A0000}F:\gamesl\myprog\binaries\wargame-g4wlive.exe] => (Allow) F:\gamesl\myprog\binaries\wargame-g4wlive.exe
FirewallRules: [UDP Query User{ED14DB75-7E5B-4984-BE05-2F73085A9B0D}F:\gamesl\myprog\binaries\wargame-g4wlive.exe] => (Allow) F:\gamesl\myprog\binaries\wargame-g4wlive.exe
FirewallRules: [TCP Query User{84401AC2-461A-4FCA-B9C5-0AAEBCDCAC2B}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [UDP Query User{4BBC33A8-EBF5-4326-9C32-E4B72FD49316}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [TCP Query User{6734D8DC-4E3B-4CDC-A1B5-59EF4F8EAC28}F:\gamesl\farcry 3\bin\farcry3.exe] => (Block) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{2EB44913-759E-424F-8012-216B6B464563}F:\gamesl\farcry 3\bin\farcry3.exe] => (Block) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{B963899E-CA02-428D-B6A3-2C3DECC864F1}C:\program files\torntv.com\torntv downloader.exe] => (Block) C:\program files\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{4C85642D-48C6-4A5F-B3E7-F3DD3B557B1D}C:\program files\torntv.com\torntv downloader.exe] => (Block) C:\program files\torntv.com\torntv downloader.exe
FirewallRules: [TCP Query User{AB3E260C-62EA-492B-A189-0740F67A6BBF}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Allow) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [UDP Query User{23AAE472-E7AC-45CC-9EA4-AC6890CF8F17}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Allow) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [TCP Query User{92C533CD-9E01-46A7-9880-CA282F66F0F0}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Block) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [UDP Query User{E419D2C9-81D5-4180-A729-7265396B70ED}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Block) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [TCP Query User{BAEAFE8D-ABF0-4ACC-90B5-3D1EBBDA97DF}C:\program files\opera\17.0.1241.45\opera.exe] => (Block) C:\program files\opera\17.0.1241.45\opera.exe
FirewallRules: [UDP Query User{04CF6066-0916-4530-ACD8-F737827D348D}C:\program files\opera\17.0.1241.45\opera.exe] => (Block) C:\program files\opera\17.0.1241.45\opera.exe
FirewallRules: [TCP Query User{BCADED1B-AEED-43A8-BC87-BC2958E9C4E0}F:\gamesl\need for speed most wanted\speed.exe] => (Allow) F:\gamesl\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{6B19135C-B638-4795-886D-07ED3A4F076F}F:\gamesl\need for speed most wanted\speed.exe] => (Allow) F:\gamesl\need for speed most wanted\speed.exe
FirewallRules: [{DAA4D279-37B2-435C-90C4-0F13F146632B}] => (Allow) C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B30586AC-D199-4908-9990-F816484D02EF}] => (Allow) C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0B88437C-94E5-4BDE-A4EB-E296BDFD3039}] => (Allow) C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{1C2D2614-0BE2-4052-8556-2E6333B0F5D5}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [UDP Query User{21DE8BD7-78ED-459A-AF56-79B4F68D3718}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [TCP Query User{F9717E17-4F9A-4FEE-AD02-57BC0CD3A9D5}C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{5702389B-39F1-4D3F-A9C3-FCCD8E8FA079}C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{915C3892-1C22-4608-975C-DB9128962458}] => (Block) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{F5D79840-D9C1-4A73-929B-49726EC2BD17}] => (Block) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{1877353B-6EEA-42DB-9061-E255004010B8}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{E8AEA81F-7417-4AE2-9B6E-2D06643CF98C}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{1119A956-32EA-424B-BF0F-C14C81A39AAE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{46B0A5EC-F086-461F-8C7F-3F1D715A50AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{337BD5B6-E011-4A37-AE07-FDAA6D6185BC}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{E38E8AF8-6BFE-4DC6-841A-4B6961EB17EF}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{8EB3E97C-FC45-43D0-9113-D97667C0A944}] => (Allow) C:\Program Files\Connectify\Connectify.exe
FirewallRules: [{D9FED77A-60C7-4576-9946-F42369390B54}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{8A39AAE8-15A0-4D49-88C8-FCE46EA2CE81}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{12255AAA-B804-4A8C-A8AB-8443495DBFDD}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{F80DA935-F14A-4F80-AE8E-8A9774D3D5F8}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{2DDAA6C1-39C4-4720-A0C0-2721A87C553D}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{3B4963EB-EF60-4CE9-89B7-99F8C5B84D47}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{91E2AE7A-8533-4C1F-A403-7D0369734999}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [TCP Query User{FC26720C-ED5F-4C9A-AB0C-9BD01FE21397}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Allow) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
FirewallRules: [UDP Query User{7FB20DB2-177A-4447-8830-1AD3759DEBF1}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Allow) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
FirewallRules: [TCP Query User{907C9B86-64FD-45CC-9FFE-4F10ECE3E109}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Block) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
FirewallRules: [UDP Query User{D7072858-7282-4D3D-9AEF-A23DEB7045AB}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Block) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
StandardProfile\AuthorizedApplications: [C:\Users\Gaurav\AppData\Local\Temp\x596d1qPK.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Users\Gaurav\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/08/2015 00:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2015 11:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2015 10:25:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2015 10:24:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sbu.exe, version: 2.1.0.61, time stamp: 0x53159061
Faulting module name: fastprox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7b809
Exception code: 0xc0000005
Fault offset: 0x6f89a2d4
Faulting process id: 0x774
Faulting application start time: 0xsbu.exe0
Faulting application path: sbu.exe1
Faulting module path: sbu.exe2
Report Id: sbu.exe3
 
Error: (05/06/2015 10:18:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 00:08:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 07:28:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 00:03:52 PM) (Source: Google Update) (EventID: 20) (User: Gaurav-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
 
Error: (05/03/2015 08:11:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 07:55:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/08/2015 00:04:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iSafeKrnlMon
 
Error: (05/07/2015 06:59:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (05/07/2015 11:37:05 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.4.1192.168.173.0255.255.255.0
 
Error: (05/07/2015 11:36:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iSafeKrnlMon
 
Error: (05/06/2015 10:24:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SpeedBit Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/06/2015 10:24:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iSafeKrnlMon
 
Error: (05/06/2015 10:17:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iSafeKrnlMon
 
Error: (05/04/2015 00:07:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iSafeKrnlMon
 
Error: (05/04/2015 09:51:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (05/04/2015 07:33:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WinZiper service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (08/27/2013 09:34:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 923 seconds with 600 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-02 11:42:06.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.190
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:37.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:37.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 79%
Total physical RAM: 1950.27 MB
Available physical RAM: 400.17 MB
Total Pagefile: 3900.54 MB
Available Pagefile: 2012.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.92 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.66 GB) (Free:18.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.04 GB) (Free:0.02 GB) NTFS
Drive e: (OS) (Fixed) (Total:4.99 GB) (Free:3.84 GB) FAT32
Drive f: (Data) (Fixed) (Total:292.97 GB) (Free:26.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BAF0215)
Partition 1: (Not Active) - (Size=39 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=0B)
Partition 3: (Active) - (Size=167.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 AM

Posted 08 May 2015 - 03:37 AM

Hi there,

Step 1

I want you to do following:

Please upload those files to my channel.

 C:\Users\Gaurav\AppData\Roaming\aiasfacoafiasksf.vbs
 C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe

Thank you!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 gauravit6

gauravit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 May 2015 - 03:55 AM

I have posted the requested files on your channel. Please review and let me know if you didn't got it.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 AM

Posted 08 May 2015 - 04:00 AM

Thank you. Upload was successful.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 AM

Posted 08 May 2015 - 04:10 AM

First we need to remove some adware:

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    WinZipper
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 gauravit6

gauravit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 May 2015 - 07:20 AM

AdwCleaner Log

 

# AdwCleaner v4.203 - Logfile created 08/05/2015 at 15:11:13

# Updated 30/04/2015 by Xplode
# Database : 2015-05-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Gaurav - GAURAV-PC
# Running from : C:\Users\Gaurav\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : iSafeKrnlMon
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\GoSave
Folder Deleted : C:\ProgramData\dtdata
Folder Deleted : C:\ProgramData\eb0a3ef3965ffe0d
Folder Deleted : C:\Program Files\Desk 365
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\GoSave
Folder Deleted : C:\Users\Gaurav\AppData\Local\Temp\surf slide
Folder Deleted : C:\Users\Gaurav\AppData\Local\Temp\BitTorrentControl_v12
Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\defaulttab
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Gaurav\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Gaurav\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Gaurav\AppData\Local\Conduit
Folder Deleted : C:\Users\Gaurav\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Gaurav\AppData\Local\iLivid
Folder Deleted : C:\Users\Gaurav\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Gaurav\AppData\Local\torch
Folder Deleted : C:\Users\Gaurav\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gaurav\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Gaurav\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\337
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Gaurav\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Gaurav\Documents\Mobogenie
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Gaurav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Gaurav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pncoakihloecgbbcjlghofkhmamooohc
File Deleted : C:\END
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Users\Gaurav\daemonprocess.txt
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
File Deleted : C:\Users\Gaurav\AppData\Roaming\Mozilla\Firefox\Profiles\bvbvr78w.default-1421814510690\searchplugins\v9.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : DefaultCheck
Task Deleted : DefaultReg
Task Deleted : Desk 365 RunAsStdUser
Task Deleted : FoxTab
Task Deleted : LaunchSignup
Task Deleted : Omiga Plus RunAsStdUser
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\f0dbdcb035eb42
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3A2B93D8-CF94-45ED-BBF8-8F95AADAA1F7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E53BB1EE-0428-4CD1-ABC7-F4CB447F22D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\TornTv Downloader
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\omigaplusSvc
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\qvo6Software
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKU\.DEFAULT\Software\Default Tab
Key Deleted : HKU\.DEFAULT\Software\DefaultTab
Key Deleted : HKU\.DEFAULT\Software\TornTv Downloader
Key Deleted : HKU\.DEFAULT\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getwebcake.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qvo6.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\speedbit.com
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[kvto4sk2.default-1422072188285\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "%7BF17C1572-C9EC-4e5c-A542-D05CBB5C5A08%7D:10.0.5.1,daplinkchecker%40speedbit.com:1.0.1.8,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1");
[kvto4sk2.default-1422072188285\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"winreg-app-user\":{\"{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}\":{\"d\":\"C:\\\\Program Files\\\\DAP\\\\DAPFireFox\",\"e\":true,\"v\":\"10.0.5.1\",\"st\":138159979400[...]
 
-\\ Google Chrome v
 
 
-\\ Comodo Dragon v
 
 
-\\ Opera v29.0.1795.47
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [26236 bytes] - [08/05/2015 15:09:08]
AdwCleaner[S0].txt - [22897 bytes] - [08/05/2015 15:11:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22957  bytes] ##########
 
 
 
 
Anti Malware Software Log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/8/2015
Scan Time: 3:29:50 PM
Logfile: anti malware.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.08.02
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Gaurav
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446252
Time Elapsed: 1 hr, 50 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.GlobalUpdate.A, C:\Users\Gaurav\AppData\Local\Temp\comh.376405, Quarantined, [df53c7ca6624cc6ad22da60a24dff30d], 
PUP.Optional.GlobalUpdate.A, C:\Users\Gaurav\AppData\Local\Temp\comh.46642, Quarantined, [8da50190a3e7c3738c734a6634cfc937], 
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
After Finishing Scan FRST.exe it shows 3 documents :-
 
1. Frst
 
 
 
 
LastRegBack: 2015-05-04 10:44
 
==================== End Of Log ============================
 
 
2. Addition.txt
 
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-02 11:42:06.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.190
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:37.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:37.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 92%
Total physical RAM: 1950.27 MB
Available physical RAM: 152.04 MB
Total Pagefile: 3900.54 MB
Available Pagefile: 1697.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.66 GB) (Free:18.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.04 GB) (Free:0.02 GB) NTFS
Drive e: (OS) (Fixed) (Total:4.99 GB) (Free:3.84 GB) FAT32
Drive f: (Data) (Fixed) (Total:292.97 GB) (Free:27.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BAF0215)
Partition 1: (Not Active) - (Size=39 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=0B)
Partition 3: (Active) - (Size=167.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
3. Shortcut
 
Users shortcut scan result (x86) Version: 06-05-2015 01
Ran by Gaurav at 2015-05-08 17:47:55
Running from C:\Users\Gaurav\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Angry Birds Rio.lnk -> C:\Program Files\Rovio\Angry Birds Rio\AngryBirdsRio.exe (Rovio Mobile Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk -> C:\Program Files\DAP\DAP.exe (Speedbit Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 8.2 (32-bit).lnk -> C:\Program Files\Tableau\Tableau 8.2\bin\tableau.exe (Tableau Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games\F.E.A.R. 3\F.E.A.R. 3.lnk -> F:\gamesl\F.E.A.R. 3\F.E.A.R. 3.exe (Day 1 Studios, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games\F.E.A.R. 3\Uninstall F.E.A.R. 3.lnk -> F:\gamesl\F.E.A.R. 3\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Player.lnk -> C:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament\Unreal Tournament.lnk -> F:\gamesl\unreal\System\unrealtournament.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Prince of Persia Warrior Within\Prince of Persia Warrior Within.lnk -> F:\gamesl\warrior\PrinceOfPersia.exe (UBISOFT)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Prince of Persia Warrior Within\View Lastest information (Readme.txt).lnk -> F:\gamesl\warrior\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Prince of Persia Warrior Within\View Manual (Adobe Acrobat Reader required).lnk -> F:\gamesl\warrior\Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypingMaster\TypingMaster Pro.lnk -> D:\TypingMaster\tmaster.exe (TypingMaster, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypingMaster\User Manual.lnk -> D:\TypingMaster\manual\user-manual.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformers Fall of Cybertron\Transformers Fall of Cybertron.lnk -> F:\gamesl\Transformers Fall of Cybertron\Binaries\TFOC.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformers Fall of Cybertron\Uninstall Transformers Fall of Cybertron.lnk -> F:\gamesl\Transformers Fall of Cybertron\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Overdose\TotalOverdose.lnk -> F:\gamesl\Total Overdose\TotalOverdose.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally.ERP 9\Tally Admin.lnk -> C:\Tally.ERP9\TallyAdmin.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally.ERP 9\Tally.ERP 9 Data Migration.lnk -> C:\Tally.ERP9\tally72migration.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally.ERP 9\Tally.ERP 9 Reference.lnk -> C:\Tally.ERP9\tallyerp9ref.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally.ERP 9\Tally.ERP 9.lnk -> C:\Tally.ERP9\tally.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally.ERP 9\Uninstall Tally.ERP 9.lnk -> C:\Tally.ERP9\uninstall.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally 9\Tally 9 Release 2.lnk -> C:\Tally\tally9.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally 9\TallyLicenseServer.lnk -> C:\Tally\tallylicserver.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally 9\TallyMigrateData.lnk -> C:\Tally\tally72migration.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tally 9\UninstallTally 9.lnk -> C:\Tally\uninstall.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Webcam Capture\Home of Simple Webcam Capture.lnk -> C:\Program Files\Simple Webcam Capture\www.mattcollinge.co.uk.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Webcam Capture\Simple Webcam Capture.lnk -> C:\Program Files\Simple Webcam Capture\simplecapture.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Webcam Capture\Uninstall Simple Webcam Capture.lnk -> C:\Program Files\Simple Webcam Capture\Uninst.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio\Angry Birds Rio\Angry Birds Rio.lnk -> C:\Program Files\Rovio\Angry Birds Rio\AngryBirdsRio.exe (Rovio Mobile Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Assassin's Creed Revelations\Play Assassin's Creed Revelations (MP).lnk -> F:\gamesl\Assassin's Creed Revelations\ACRMP.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Assassin's Creed Revelations\Play Assassin's Creed Revelations (PR).lnk -> F:\gamesl\Assassin's Creed Revelations\ACRPR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Assassin's Creed Revelations\Play Assassin's Creed Revelations (SP).lnk -> F:\gamesl\Assassin's Creed Revelations\ACRSP.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Assassin's Creed Revelations\Uninstall Assassin's Creed Revelations.lnk -> C:\Users\Gaurav\AppData\Roaming\Assassin's Creed Revelations\Uninstall\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed Most Wanted - Black Edition\Need for Speed Most Wanted - Black Edition.lnk -> F:\gamesl\Need for Speed Most Wanted\speed.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed Most Wanted - Black Edition\Óäàëåíèå èãðû.lnk -> F:\gamesl\Need for Speed Most Wanted\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar\Comet Player.lnk -> C:\Program Files\MpcStar\CometPlayer\cometplayer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar\MpcStar's Homepage.lnk -> C:\Program Files\MpcStar\mpcstar.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar\MpcStar.lnk -> C:\Program Files\MpcStar\mpcstar.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar\Settings\Uninstall MpcStar.lnk -> C:\Program Files\MpcStar\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotoGP2\MotoGP2.lnk -> F:\gamesl\MotoGP2\launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotoGP2\Uninstall MotoGP 2.lnk -> F:\gamesl\MotoGP2\unins000.exe (Jordan Russell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotoGP2\View the MotoGP 2 readme file.lnk -> F:\gamesl\MotoGP2\readme_en.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotoGP2\Visit the MotoGP 2 website.lnk -> F:\gamesl\MotoGP2\website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\London 2012 The Official Video Game of the Olympic Games\Uninstall London 2012 The Official Video Game of the Olympic Games.lnk -> F:\gamesl\London 2012 The Official Video Game of the Olympic Games\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\SB3 Wizzard.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3\SB3_Wizzard\SB3_wizzard.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\Sexy Beach 3 Gravure.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3PlusG\SB3G xmas.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\Sexy Beach 3 PLUS.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus xmas.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\Sexy Beach 3.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3\SB3 xmas.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\Docs\SB3 Wizzard Readme.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3\SB3_Wizzard\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\Docs\Sexy Beach 3 Gravure Readme.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3PlusG\Readme xmas.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\Docs\Sexy Beach 3 plus Readme.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3Plus\Readme xmas.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION\Sexy Beach 3\Docs\Sexy Beach 3 Readme.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3\Readme xmas.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarCry 3\FarCry 3.lnk -> F:\gamesl\FarCry 3\bin\farcry3.exe (Ubisoft Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarCry 3\Uninstall FarCry 3.lnk -> F:\gamesl\FarCry 3\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos\Hitman Blood Money\Configure Hitman Blood Money.lnk -> F:\gamesl\hitman blood money\Configure.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos\Hitman Blood Money\Launch Hitman Blood Money.lnk -> F:\gamesl\hitman blood money\HitmanBloodMoney.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edraw Max 7\Edraw Max 7.lnk -> C:\Program Files\Edraw Max\Edraw.exe (EdrawSoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edraw Max 7\Uninstall Edraw Max 7.lnk -> C:\Program Files\Edraw Max\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edraw Max 7\Visit Edraw Site.lnk -> C:\Program Files\Edraw Max\Edraw.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)\DAP Update.lnk -> C:\Program Files\DAP\dapupd.exe (Speedbit Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)\Download Accelerator Plus.lnk -> C:\Program Files\DAP\DAP.exe (Speedbit Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk -> C:\Program Files\DAEMON Tools Lite\DT.gadget ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk -> C:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe (Duplex Secure Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound\Rapture3D - Help.lnk -> C:\Program Files\BRS\rapture3dgame.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound\Rapture3D - Speaker Layout.lnk -> C:\Program Files\BRS\UserLayout.exe (Blue Ripple Sound Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed IV Black Flag\Óäàëèòü èãðó.lnk -> F:\gamesl\Assassins Creed IV Black Flag\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III\Assassins Creed III.lnk -> F:\gamesl\Assassins Creed III\AC3SP.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III\Uninstall Assassins Creed III.lnk -> F:\gamesl\Assassins Creed III\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft\Any Video Converter\Any Video Converter on the Web.lnk -> C:\Program Files\AnvSoft\Any Video Converter\AVCFree.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft\Any Video Converter\Any Video Converter.lnk -> C:\Program Files\AnvSoft\Any Video Converter\AVCFree.exe (AnvSoft Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft\Any Video Converter\Uninstall Any Video Converter.lnk -> C:\Program Files\AnvSoft\Any Video Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\ABBYY FineReader 9.0 Professional Edition.lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_FineReader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\ABBYY Screenshot Reader.lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_ScreenshotReader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\User's Guide.lnk -> C:\Program Files\ABBYY FineReader 9.0\Guide\Guide_English.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{4C114326-9F3A-421A-84F6-54328AF906C8}\PlayTasks\0\Play.lnk -> C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{13285207-FE1D-44B9-9D91-9629CA0EBF08}\PlayTasks\0\Play.lnk -> C:\Program Files\Rovio\Angry Birds Rio\AngryBirdsRio.exe (Rovio Mobile Ltd.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk -> C:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: C:\Users\Gaurav\Links\Desktop.lnk -> C:\Users\Gaurav\Desktop ()
Shortcut: C:\Users\Gaurav\Links\Downloads.lnk -> C:\Users\Gaurav\Downloads ()
Shortcut: C:\Users\Gaurav\Documents\My DAP Downloads\gm\SB3 Wizzard.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3\SB3_Wizzard\SB3_wizzard.exe ()
Shortcut: C:\Users\Gaurav\Documents\My DAP Downloads\gm\Sexy Beach 3 Gravure.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3PlusG\SB3G xmas.exe ()
Shortcut: C:\Users\Gaurav\Documents\My DAP Downloads\gm\Sexy Beach 3 PLUS.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3Plus\SB3Plus xmas.exe ()
Shortcut: C:\Users\Gaurav\Documents\My DAP Downloads\gm\Sexy Beach 3.lnk -> C:\ILLUSION\SexyBeach3\SexyBeach3\SB3 xmas.exe ()
Shortcut: C:\Users\Gaurav\Desktop\BitTorrent.lnk -> C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Gaurav\Desktop\IMVU.lnk -> C:\Users\Gaurav\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Shortcut: C:\Users\Gaurav\Desktop\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Gaurav\Desktop\sas.exe - Shortcut.lnk -> C:\Users\Gaurav\Desktop\SAS 9.1.3 Portable\sas.exe ()
Shortcut: C:\Users\Gaurav\Desktop\BHAWNA\tally. erp 9\Tally.ERP 9.lnk -> C:\Tally.ERP9\tally.exe ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk -> C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Rip DVD.lnk -> C:\Program Files\VirtualDJ\ripdvd.exe ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Rip Vinyl.lnk -> C:\Program Files\VirtualDJ\ripvinyl.exe (Atomix Productions)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Setup Audio.lnk -> C:\Users\Gaurav\Documents\VirtualDJ\VirtualDJ 7 - Audio Setup Guide.pdf ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Setup QuickStart.lnk -> C:\Users\Gaurav\Documents\VirtualDJ\VirtualDJ 7 - Getting Started.pdf ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\User Guide.lnk -> C:\Users\Gaurav\Documents\VirtualDJ\VirtualDJ 7 - User Guide.pdf ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\VirtualDJ Home FREE.lnk -> C:\Program Files\VirtualDJ\virtualdj_home.exe (Atomix Productions)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk -> C:\Users\Gaurav\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Uninstall.lnk -> C:\Users\Gaurav\AppData\Roaming\IMVUClient\Uninstall.exe ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot\Support Center - Get Help, Solve Problems.lnk -> C:\Program Files\Connectify\ConnectifySupportCenter.exe (Connectify)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tally 9.lnk -> C:\Tally\tally9.exe ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tally.ERP 9.lnk -> C:\Tally.ERP9\tally.exe ()
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk -> C:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BitTorrent.lnk -> C:\Users\Gaurav\Downloads\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{F92584CC-34BA-4CDB-9C17-30BB14D38CC7}\PlayTasks\0\Play.lnk -> F:\gamesl\Total Overdose\TotalOverdose.exe ()
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{ED7985AD-C45C-45FC-BD84-4CE5DE42FF5E}\PlayTasks\0\Play.lnk -> F:\gamesl\MotoGP2\launcher.exe ()
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{DF3F8EBC-7A38-430E-B883-35B580669FB0}\PlayTasks\0\Play.lnk -> F:\gamesl\unreal\System\unrealtournament.exe ()
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{B4D12087-3292-4FC8-B251-03F87D1C43B3}\PlayTasks\0\Play.lnk -> F:\gamesl\gta\GTA San Andreas\gta_sa.exe ()
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{60A8F302-5575-42ED-B9CD-F8690F06FCFE}\PlayTasks\0\Play.lnk -> F:\gamesl\stolen\StolenLauncher.exe ()
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{4C114326-9F3A-421A-84F6-54328AF906C8}\PlayTasks\0\Play.lnk -> C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe ()
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{28AF1035-A015-4205-88E7-9EEC6248B572}\PlayTasks\0\Play.lnk -> F:\gamesl\PROJIGI\PC\IGI.exe ()
Shortcut: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{27ACE07C-43BC-4D89-9A1F-ADED0A9695A2}\PlayTasks\0\Play.lnk -> F:\gamesl\hitman blood money\HitmanBloodMoney.exe ()
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Public\Desktop\Tableau 8.2 (32-bit).lnk -> C:\Program Files\Tableau\Tableau 8.2\bin\tableau.exe (Tableau Software)
Shortcut: C:\Users\Public\Desktop\TypingMaster.lnk -> D:\TypingMaster\tmaster.exe (TypingMaster, Inc.)
Shortcut: C:\Users\Public\Desktop\VMware Player.lnk -> C:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Prince of Persia Warrior Within\Uninstall Prince of Persia Warrior Within.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE5BC0BB-9EDA-423C-8276-48857B735D68}\setup.exe" -l0x9
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Overdose\Uninstall Total Overdose.lnk -> C:\Windows\Total Overdose\uninstall.exe () -> "/U:F:\gamesl\Total Overdose\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar\Settings\Configure ffdshow audio codecs.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar\Settings\Configure ffdshow video codecs.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos\Hitman Blood Money\Uninstall Hitman Blood Money.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9  -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\Quick Tasks\Convert PDF or Images to Microsoft Word .lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_Task.exe () -> -StartOpenConvert
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\Quick Tasks\Convert Photo to Microsoft Word .lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_Task.exe () -> -StartOpenConvert
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\Quick Tasks\Scan to Image File.lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_Task.exe () -> -ScanImages
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\Quick Tasks\Scan to Microsoft Excel.lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_Task.exe () -> -StartMenuScanToExcel
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\Quick Tasks\Scan to Microsoft Word .lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_Task.exe () -> -StartMenuScanToWord
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0\Quick Tasks\Scan to PDF.lnk -> C:\Windows\Installer\{F9000000-0001-0000-0000-074957833700}\ICON_Task.exe () -> -StartMenuScanToPdf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4C114326-9F3A-421A-84F6-54328AF906C8}\PlayTasks\1\Play in Safe Mode.lnk -> C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe () -> -safemode
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Gaurav\Downloads\mov\Armageddon.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c ren cfsdaacdfawd\*.vbss *.vbs &start \cfsdaacdfawd\aiasfacoafiasksf.vbs&start Armageddon.mkv&exit
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Uninstall VirtualDJ Home FREE.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {A6AC699F-8315-40CA-8F70-E917494978AB}
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot\Clear Settings - Clears all settings and temporary data and restarts Connectify Hotspot, Clear Settings.lnk -> C:\Program Files\Connectify\ConnectifyShutdown.exe () -> -clear -interactive
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot\Connectify Hotspot.lnk -> C:\Program Files\Connectify\Connectify.exe (Connectify) -> show
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot\Generate Log File - Zip your logs.lnk -> C:\Program Files\Connectify\ConnectifySupportCenter.exe (Connectify) -> loggen
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices\Gaurav Tiwari (GT-I908.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTWUIExt.exe (Broadcom) ->  /deviceAddr=64b310b8ccc3
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices\Gt.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTWUIExt.exe (Broadcom) ->  /deviceAddr=ac932f988ada
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices\Micromax X340.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTWUIExt.exe (Broadcom) ->  /deviceAddr=1067707e6250
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Gaurav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Gaurav\AppData\Local\Microsoft\Windows\GameExplorer\{4C114326-9F3A-421A-84F6-54328AF906C8}\PlayTasks\1\Play in Safe Mode.lnk -> C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe () -> -safemode
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Prince of Persia Warrior Within\Register Online.url -> https://secure.ubi.com/Login/Login.aspx?skin=productregistration&lang=en-GB&product=%202050
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Prince of Persia Warrior Within\Visit Prince of Persia Warrior Within.url -> hxxp://www.princeofpersiagame.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Prince of Persia Warrior Within\Visit Ubisoft.url -> hxxp://www.ubisoft.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Register Online.url -> hxxp://www.rockstargames.com/register/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Rockstar Games.url -> hxxp://www.rockstargames.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Rockstar North Ltd.url -> hxxp://www.RockstarNorth.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos\Hitman Blood Money\Web Links\Technical Support.url -> hxxp://www.eidos.com/support
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos\Hitman Blood Money\Web Links\www.eidos.com.url -> hxxp://www.eidos.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos\Hitman Blood Money\Web Links\www.hitman.com.url -> hxxp://www.hitman.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos\Hitman Blood Money\Web Links\www.ioi.dk.url -> hxxp://www.ioi.dk
InternetURL: C:\Users\Gaurav\Favorites\CRM.url -> https://bmpwas.honeywell.com/irj/portal
InternetURL: C:\Users\Gaurav\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Gaurav\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Gaurav\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Gaurav\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Gaurav\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Gaurav\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Gaurav\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Gaurav\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Gaurav\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Gaurav\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Gaurav\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Gaurav\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Gaurav\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Gaurav\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Gaurav\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Gaurav\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Gaurav\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Gaurav\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Gaurav\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Gaurav\Documents\My DAP Downloads\[www.300mbunited.me] 21.Jump.Street.2012.720p.scOrp\300mbunited.me - all the official releases by 300MBUNiTED.url -> hxxp://300mbunited.me/
InternetURL: C:\Users\Gaurav\Documents\My DAP Downloads\[www.300mbunited.me] 21.Jump.Street.2012.720p.scOrp\Rapidpremium-7.99$.for.13.file.hosts.url -> hxxp://rpnet.biz/
InternetURL: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\About IMVU.url -> hxxp://www.imvu.com/client.php?page=about
InternetURL: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Forgot my password.url -> hxxp://www.imvu.com/client.php?page=forgot_password
InternetURL: C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Help.url -> hxxp://www.imvu.com/client.php?page=help
InternetURL: C:\Users\Gaurav\AppData\Roaming\Microsoft\PowerPoint\My Slide Libraries\BHAWNA on C.url -> file:///C:/Users/Gaurav/Desktop/BHAWNA/bhawna.pptx
 
==================== End of log =============================
 
 
 
 
 
Please review and advice


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 AM

Posted 08 May 2015 - 08:09 AM

Please re-run FRST, something went wrong...

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 08 May 2015 - 08:10 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 gauravit6

gauravit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 May 2015 - 11:30 AM

FRST.TXT Log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01

Ran by Gaurav (administrator) on GAURAV-PC on 08-05-2015 21:57:47
Running from C:\Users\Gaurav\Desktop
Loaded Profiles: Gaurav (Available profiles: Gaurav)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
() C:\Tally.ERP9\tallylicserver.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\hqtray.exe
(BitTorrent Inc.) C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
() C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [501104 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [VMware hqtray] => C:\Program Files\VMware\VMware Player\hqtray.exe [64048 2008-10-28] (VMware, Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [RGSC] => F:\gamesl\gta4\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [Facebook Update] => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-11] (Facebook Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3865232 2013-10-12] (Speedbit Ltd.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [BitTorrent] => C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe [1443160 2015-04-30] (BitTorrent Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [Connectify] => C:\Program Files\Connectify\Connectify.exe [4007936 2012-11-10] (Connectify)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation)
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-10-12] (Speedbit Ltd.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\..\Interfaces\{DCF5E03F-E87E-461F-9B27-B7F0621BE9CA}: [NameServer] 59.179.243.70,203.94.243.70
 
FireFox:
========
FF ProfilePath: C:\Users\Gaurav\AppData\Roaming\Mozilla\Firefox\Profiles\kvto4sk2.default-1422072188285
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-23] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283987553-728366819-2836283039-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2013-10-12]
FF HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2013-10-12]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn [2014-11-12]
CHR Extension: (No Name) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-17]
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-10-06]
 
Opera: 
=======
OPR Extension: (Easy Youtube Video Downloader For Opera) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\acghaimmohdiildbgkbcjfmkdgglpofi [2013-10-05]
OPR Extension: (Youtube to mp3 converter) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2015-03-16]
OPR Extension: (YouTube Downloader) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-03-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2007-11-02] (ABBYY (BIT Software)) [File not signed]
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [65536 2012-11-10] () [File not signed]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1087792 2015-04-26] (Flexera Software LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1751672 2014-03-04] (Speedbit Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-27] (IDT, Inc.)
R2 Tally License Server 2.0; C:\Tally.ERP9\tallylicserver.exe [478208 2009-04-02] () [File not signed]
S3 ufad-ws60; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [113200 2008-10-28] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [326192 2008-10-28] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [399920 2008-10-28] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 GSService; "C:\Windows\system32\GSService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [302120 2011-02-08] (Broadcom Corporation.)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [27248 2015-01-09] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-05] (DT Soft Ltd)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2008-10-28] (VMware, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-03-04] ()
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2008-10-28] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2008-10-28] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2008-10-28] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2008-10-28] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [857392 2008-10-28] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2008-10-02] (VMware, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-08 21:57 - 2015-05-08 21:58 - 00013663 _____ () C:\Users\Gaurav\Desktop\FRST.txt
2015-05-08 21:52 - 2015-05-08 21:52 - 00078287 _____ () C:\Users\Gaurav\Downloads\e (1).htm
2015-05-08 17:33 - 2015-05-08 17:33 - 00023038 _____ () C:\Users\Gaurav\Desktop\AdwCleaner[S0].txt
2015-05-08 17:32 - 2015-05-08 17:32 - 00001292 _____ () C:\Users\Gaurav\Desktop\anti malware.txt
2015-05-08 15:25 - 2015-05-08 20:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 15:23 - 2015-05-08 15:23 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 15:23 - 2015-05-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 15:23 - 2015-05-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-08 15:23 - 2015-05-08 15:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 15:23 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-08 15:23 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-08 15:23 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-08 15:17 - 2015-05-08 15:23 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaurav\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 15:08 - 2015-05-08 15:12 - 00000000 ____D () C:\AdwCleaner
2015-05-08 15:06 - 2015-05-08 15:07 - 02204160 _____ () C:\Users\Gaurav\Downloads\adwcleaner_4.203.exe
2015-05-08 14:47 - 2015-05-08 14:47 - 00001222 _____ () C:\Users\Gaurav\Desktop\Revo Uninstaller.lnk
2015-05-08 14:47 - 2015-05-08 14:47 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-08 14:45 - 2015-05-08 14:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gaurav\Downloads\revosetup.exe
2015-05-08 12:10 - 2015-05-08 21:57 - 00000000 ____D () C:\FRST
2015-05-08 12:09 - 2015-05-08 12:08 - 01141248 _____ (Farbar) C:\Users\Gaurav\Desktop\FRST.exe
2015-05-08 12:08 - 2015-05-08 12:08 - 01141248 _____ (Farbar) C:\Users\Gaurav\Downloads\FRST.exe
2015-05-07 21:09 - 2015-05-08 21:53 - 02177024 _____ () C:\Users\Gaurav\Downloads\Daily Update of 8th May'15.xls
2015-05-07 21:08 - 2015-05-07 21:08 - 00078816 _____ () C:\Users\Gaurav\Downloads\e.htm
2015-05-07 13:39 - 2015-05-07 13:40 - 00243912 _____ () C:\Users\Gaurav\Downloads\report1430986187266.xls
2015-05-03 22:48 - 2015-05-04 07:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-03 22:48 - 2015-05-03 23:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-03 22:43 - 2015-05-03 22:48 - 16873560 _____ () C:\Users\Gaurav\Downloads\RogueKiller.exe
2015-05-03 22:22 - 2015-05-03 22:24 - 00000000 ____D () C:\Users\Gaurav\Downloads\mov
2015-05-02 20:43 - 2015-05-03 08:11 - 00000000 ____D () C:\Users\Gaurav\Downloads\Cloverfield (2008) 720p BLuRay x264 Dual Audio [Eng DD 5.1-Hindi 2.0] XdesiArsenal [ExD-XMR]
2015-05-02 20:42 - 2015-05-02 20:42 - 00019693 _____ () C:\Users\Gaurav\Downloads\MONOVA.ORG Cloverfield_(2008)_720p_BLuRay_x264_Dual_Audio_(Eng_DD_5.1-Hindi_2.0)_XdesiArsenal_(ExD-XMR).torrent
2015-04-26 12:01 - 2015-04-26 12:01 - 00001231 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 8.2 (32-bit).lnk
2015-04-26 12:01 - 2015-04-26 12:01 - 00001219 _____ () C:\Users\Public\Desktop\Tableau 8.2 (32-bit).lnk
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\Users\Gaurav\Documents\My Tableau Repository
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-26 12:00 - 2015-04-26 12:00 - 00000000 ____D () C:\Program Files\Tableau
2015-04-25 18:36 - 2015-04-25 19:02 - 00000000 ____D () C:\Users\Gaurav\Downloads\Unbroken (2014) 720p Blu-Ray x264 [Dual-Audio][English BD 5.1 + Hindi BD 5.1] - Mafiaking - M2Tv
2015-04-23 09:57 - 2015-04-23 09:57 - 17244848 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-04-20 21:37 - 2015-04-20 21:37 - 00001245 _____ () C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe
2015-04-18 10:08 - 2015-04-18 17:42 - 00000000 ____D () C:\Users\Gaurav\Downloads\Falcon Rising [2014] Blu-Ray 720p x264 Dual audio [Eng 5.1 +Hindi 2.0]...Hon3y
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-08 21:57 - 2012-10-04 11:44 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\BitTorrent
2015-05-08 21:39 - 2015-02-23 10:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 21:07 - 2010-11-21 02:31 - 00718036 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 21:02 - 2013-08-11 23:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000UA.job
2015-05-08 20:49 - 2012-10-03 07:03 - 01510727 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 17:42 - 2009-07-14 10:04 - 00021520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 17:42 - 2009-07-14 10:04 - 00021520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 17:40 - 2012-10-03 13:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-08 17:35 - 2014-12-16 11:20 - 00000000 ____D () C:\ProgramData\VMware
2015-05-08 17:35 - 2012-12-06 18:19 - 00000000 ____D () C:\Tally.ERP9
2015-05-08 17:35 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 17:35 - 2009-07-14 10:09 - 00153104 _____ () C:\Windows\setupact.log
2015-05-08 17:34 - 2010-11-21 03:18 - 00064180 _____ () C:\Windows\PFRO.log
2015-05-08 17:31 - 2015-01-09 09:04 - 00000000 ____D () C:\Program Files\Connectify
2015-05-08 16:27 - 2012-10-02 22:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-08 15:11 - 2012-10-03 07:10 - 00001144 _____ () C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-08 15:11 - 2012-10-03 07:09 - 00000000 ____D () C:\Users\Gaurav
2015-05-08 14:48 - 2015-01-18 13:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-08 12:04 - 2013-06-29 18:45 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\EQATEC Analytics
2015-05-06 22:24 - 2013-10-12 22:15 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2015-05-04 07:32 - 2013-09-30 21:08 - 00000000 ____D () C:\Program Files\Opera
2015-05-02 20:39 - 2015-02-23 10:10 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-30 09:51 - 2012-10-02 19:42 - 00000000 ____D () C:\Users\Gaurav\Documents\Bluetooth Exchange Folder
2015-04-28 09:09 - 2013-08-11 23:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000Core.job
2015-04-23 09:57 - 2012-10-02 19:27 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-23 09:57 - 2012-10-02 19:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-23 09:02 - 2012-10-03 07:53 - 00000000 ____D () C:\Windows.old
2015-04-21 10:14 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 15:13 - 2014-09-07 08:29 - 00002000 ____H () C:\Users\Gaurav\Documents\Default.rdp
2015-04-11 15:08 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-08 10:32 - 2012-10-06 10:24 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2015-04-20 21:37 - 2015-04-20 21:37 - 0001245 _____ () C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe
2012-12-02 17:33 - 2012-12-03 20:43 - 0155984 _____ () C:\Users\Gaurav\AppData\Roaming\icr-20-jan
2014-11-08 21:00 - 2014-11-08 21:00 - 0613012 _____ (CMI Limited) C:\Users\Gaurav\AppData\Local\nsuAF95.tmp
2014-11-08 21:55 - 2014-11-08 21:55 - 0613012 _____ (CMI Limited) C:\Users\Gaurav\AppData\Local\nsv9A4.tmp
2012-10-15 00:19 - 2013-02-23 00:41 - 0007606 _____ () C:\Users\Gaurav\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Gaurav\AppData\Local\Temp\8D81CD1A-6757-DFEC-EC64-82A4FEAE2EB9.dll
C:\Users\Gaurav\AppData\Local\Temp\8D81CD1A-6757-DFEC-EC64-82A4FEAE2EB9.exe
C:\Users\Gaurav\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Gaurav\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Gaurav\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.17.exe
C:\Users\Gaurav\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Gaurav\AppData\Local\Temp\InstallIMVU_507.0.exe
C:\Users\Gaurav\AppData\Local\Temp\install_flashplayer16x32pp_chra_dy_aaa_aih.exe
C:\Users\Gaurav\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Gaurav\AppData\Local\Temp\Quarantine.exe
C:\Users\Gaurav\AppData\Local\Temp\Runner2.exe
C:\Users\Gaurav\AppData\Local\Temp\Runner4.exe
C:\Users\Gaurav\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Gaurav\AppData\Local\Temp\sqlite3.dll
C:\Users\Gaurav\AppData\Local\Temp\Tsu0E92F319.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 10:44
 
==================== End Of Log ============================
 
 
 
Addition.Txt log
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Gaurav at 2015-05-08 21:58:45
Running from C:\Users\Gaurav\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2283987553-728366819-2836283039-500 - Administrator - Disabled)
Gaurav (S-1-5-21-2283987553-728366819-2836283039-1000 - Administrator - Enabled) => C:\Users\Gaurav
Guest (S-1-5-21-2283987553-728366819-2836283039-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2283987553-728366819-2836283039-1002 - Limited - Enabled)
__vmware_user__ (S-1-5-21-2283987553-728366819-2836283039-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Professional Edition (HKLM\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.662.5581 - ABBYY)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Angry Birds Rio (HKLM\...\{4933D2E2-B621-487F-A7E7-96DA7312BCFE}) (Version: 1.3.2 - Rovio)
Any Video Converter 5.0.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashes Cricket 2009 (HKLM\...\InstallShield_{8B39736E-7C8C-4A32-82C1-F94245F20D85}) (Version: 1.00.0000 - Codemasters)
Ashes Cricket 2009 (Version: 1.00.0000 - Codemasters) Hidden
Assassin's Creed ® III (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.00 - Ubisoft)
Assassins Creed III version 5.1 (HKLM\...\{B810D852-DFD6-ACIII-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Assassin's Creed Revelations (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations (HKLM\...\Assassin's Creed Revelations_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BitTorrent (HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\BitTorrent) (Version: 7.9.3.40101 - BitTorrent Inc.)
Connectify Hotspot (HKLM\...\Connectify) (Version: 3.7.1.25486 - Connectify)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10053 (Build 2558) - Speedbit Ltd.)
Edraw Max 7 (HKLM\...\Edraw Max_is1) (Version:  - EdrawSoft)
F.E.A.R. 3 (HKLM\...\F.E.A.R. 3_is1) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Far Cry 3 (HKLM\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
FarCry 3 version 5.1 (HKLM\...\{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts)
Gears of War (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Hitman Blood Money (HKLM\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IMVU Avatar Chat Software (HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
London 2012 The Official Video Game of the Olympic Games version 1.02 (HKLM\...\{75D84EF7-0D8C-4e70-LOND12-7B42A5D4E0EB}_is1) (Version: 1.02 - Black_Box)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MotoGP2 (HKLM\...\MotoGP2_is1) (Version:  - THQ)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
MpcStar 5.4 (HKLM\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
Need for Speed Most Wanted - Black Edition (HKLM\...\Need for Speed Most Wanted - Black Edition_is1) (Version:  - )
Need For Speed Most Wanted 2 1.00 (HKLM\...\Need For Speed Most Wanted 2 1.00) (Version:  - )
Netflix in Windows Media Center (HKLM\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Opera Stable 29.0.1795.47 (HKLM\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Prince of Persia Warrior Within (HKLM\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Rapture3D 2.4.8 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sexy Beach 3 Platinum Pack (HKLM\...\{BE43FDDD-F003-494F-952A-69731FF82197}) (Version: 1.00.0000 - ILLUSION)
Simple Webcam Capture v1.3 (remove only) (HKLM\...\Simple Webcam Capture) (Version:  - )
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tableau 8.2 (32-bit) (HKLM\...\{6CCDD8B4-7875-458E-A108-E75264225751}) (Version: 8.2.326 - Tableau Software)
Tally 9 (HKLM\...\{5574BC1C-4011-44B2-9981-FC49AB65F7A4}) (Version:  - ©Tally Solutions FZ-LLC, 1988-2008.)
Tally.ERP 9 (HKLM\...\{D2B2D8B6-92E3-4E7F-8947-B32885598F7E}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2009.)
Total Overdose (HKLM\...\Total Overdose) (Version:  - Edios)
Transformers Fall of Cybertron version 5.1 (HKLM\...\{B810D852-DFD6-TRANSFOC-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
TypingMaster Pro (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unreal Tournament (HKLM\...\Unreal Tournament) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VirtualDJ Home FREE (HKLM\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
VMware Player (HKLM\...\{A53A11EA-0095-493F-86FA-A15E8A86A405}) (Version: 2.5.1.5078 - VMware, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{5EABAB2E-57F1-60FA-98DE-FD71FC6AD9E3}\InprocServer32 -> C:\Windows\SYSTEM32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2283987553-728366819-2836283039-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Restore Points  =========================
 
26-04-2015 08:24:48 Scheduled Checkpoint
26-04-2015 11:59:22 Installed Tableau 8.2 (32-bit)
07-05-2015 15:27:48 Scheduled Checkpoint
08-05-2015 14:49:23 Revo Uninstaller's restore point - WinZipper
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {17B4CFA0-E84B-46E2-B515-E1E6D745B318} - System32\Tasks\{9B66BDEC-CB85-4440-BA73-8BA965AC9A99} => pcalua.exe -a "C:\Users\Gaurav\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe" -c /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {1C57715C-ACAD-4F9D-8C95-317138FDA636} - System32\Tasks\{0139A8BA-D476-4093-BC46-C049B73E2907} => pcalua.exe -a H:\Redist\vcredist_x86.exe -d H:\Redist
Task: {259B27B5-87D6-4299-85EF-5C23EF2CF505} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000Core => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-11] (Facebook Inc.)
Task: {3609B72C-EB1F-4D11-9B29-D3FA0D0C096C} - System32\Tasks\{098AC064-B887-4A90-A87E-BCDB7EA43A3D} => pcalua.exe -a H:\Installer.exe -d H:\
Task: {3D6A2B82-4AFE-48D1-B06F-F715DEF586DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-23] (Adobe Systems Incorporated)
Task: {470B63E2-2E9A-4F70-9858-D198EC44C2D5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe [2015-04-23] (Adobe Systems Incorporated)
Task: {51A0F1DA-6328-45E1-8312-F0A3FF6D4DB4} - System32\Tasks\{9CB098A8-93E0-447D-8C65-AABC23294371} => pcalua.exe -a F:\software\tekken\AUTOINST.EXE -d F:\software\tekken
Task: {5A3E5B6B-C420-4B02-AD3F-204C4B1A83E2} - System32\Tasks\{8C34AD1D-E986-484B-B537-AC198D2E3CBE} => pcalua.exe -a C:\PROGRA~1\DAP\DAPREMOVE.EXE
Task: {68F57CB9-E7D0-4200-9CE3-ACD77D3A8853} - System32\Tasks\{83F5A6E5-113D-4817-8E23-8C3F41744673} => pcalua.exe -a H:\OriginInstaller.exe -d H:\
Task: {6A29DEF9-1938-4D77-96C0-547998A8AF38} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {7F182478-353F-4F71-8E6F-1A378E51C90B} - System32\Tasks\SBWUpdateTask_Logon_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
Task: {8023753A-99FC-4138-81BE-BC8FD82390F0} - System32\Tasks\{A454E165-319A-466D-B901-41EB5EDB50D5} => F:\gamesl\dirt3\dirt3.exe
Task: {822871B6-D726-4D3B-AC9C-900FC9E108DD} - System32\Tasks\{E8FF531E-87DE-4354-80AC-D4FC2865DE37} => pcalua.exe -a C:\Users\Gaurav\Desktop\SetupSigmaFlowVSM.exe -d C:\Users\Gaurav\Desktop
Task: {879197F0-642C-4A56-B2F0-1AB8521B6FEA} - System32\Tasks\{AACC1216-FE00-4172-8A4C-7CDBE64FABC4} => pcalua.exe -a "C:\Program Files\SpeedBit Video Accelerator\VAUninstall.exe"
Task: {AA590423-A8EB-458C-BBA2-9C7FB78E09AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000UA => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-11] (Facebook Inc.)
Task: {AB3A60CD-C673-4B27-8F7E-B6BEA00EB9BB} - System32\Tasks\{C9B05901-5674-419A-B366-432E76BA8DFE} => F:\gamesl\dirt3\dirt3.exe
Task: {D5F50A10-4858-4431-9D6C-7C3A6241FA5B} - System32\Tasks\SBWUpdateTask_Time_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
Task: {DBDB7FE8-62DB-4A76-BCBB-1CF1B43344A3} - System32\Tasks\Opera scheduled Autoupdate 1380555538 => C:\Program Files\Opera\launcher.exe [2015-04-17] (Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000Core.job => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000UA.job => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-09 09:04 - 2012-11-10 01:00 - 00065536 _____ () C:\Program Files\Connectify\ConnectifyService.exe
2015-01-09 09:04 - 2012-11-10 01:00 - 00090472 _____ () C:\Program Files\Connectify\NativeLibrary.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00035176 _____ () C:\Program Files\Connectify\DriverLib.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 01068904 _____ () C:\Program Files\Connectify\ConnectifyNAT.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00185704 _____ () C:\Program Files\Connectify\LibDispatch.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00010240 _____ () C:\Program Files\Connectify\BuildProps.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00777064 _____ () C:\Program Files\Connectify\Vendors.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00024936 _____ () C:\Program Files\Connectify\gma.Windows.Firewall.dll
2012-12-06 18:22 - 2009-04-02 14:12 - 00478208 _____ () C:\Tally.ERP9\tallylicserver.exe
2008-10-28 23:01 - 2008-10-28 23:01 - 00970288 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2008-10-28 23:01 - 2008-10-28 23:01 - 00068656 _____ () C:\Program Files\VMware\VMware Player\zlib1.dll
2011-02-08 00:48 - 2011-02-08 00:48 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-10-02 19:12 - 2011-03-26 05:58 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-01-09 09:04 - 2012-11-10 01:00 - 00054120 _____ () C:\Program Files\Connectify\Scannify.dll
2015-04-30 09:58 - 2015-04-30 09:57 - 00479352 _____ () C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
2015-04-30 09:58 - 2015-04-30 09:57 - 01576568 _____ () C:\Program Files\Opera\29.0.1795.47\libglesv2.dll
2015-04-30 09:58 - 2015-04-30 09:57 - 00081016 _____ () C:\Program Files\Opera\29.0.1795.47\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 59.179.243.70 - 203.94.243.70
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5DAE25F3-A6CD-47EC-AF88-032073D28628}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{70E5417F-63E8-4BFC-8ADF-4927F25F3A01}C:\users\gaurav\downloads\bittorrent.exe] => (Allow) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [UDP Query User{0B2FC6B1-9C16-4F0B-9512-C0A151A6CFD7}C:\users\gaurav\downloads\bittorrent.exe] => (Allow) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [{89AC2C8E-483A-4BB9-AD6F-72B17BE675C5}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{971E0F57-CCD4-4D17-B268-0D9FDEF44465}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8640124A-C4C3-4575-8809-E883D2009F3F}C:\users\gaurav\downloads\bittorrent.exe] => (Block) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [UDP Query User{5EBB4859-96A6-406C-8F4E-A91733D5E338}C:\users\gaurav\downloads\bittorrent.exe] => (Block) C:\users\gaurav\downloads\bittorrent.exe
FirewallRules: [TCP Query User{49BB1B43-D24B-4170-85B4-CBCC395BE6E2}C:\program files\1clickdownload\1clickdownloader.exe] => (Block) C:\program files\1clickdownload\1clickdownloader.exe
FirewallRules: [UDP Query User{3BE53095-1BD9-4F80-A50B-12A53B789AFE}C:\program files\1clickdownload\1clickdownloader.exe] => (Block) C:\program files\1clickdownload\1clickdownloader.exe
FirewallRules: [{95E292CE-1EC6-42F1-9EC1-96B89EA6A6DD}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{0C9A457D-74B4-4FB5-A1D2-0C9DF7ADA7C7}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{3CF93BDA-AB0F-47EB-8D3E-23B225E3C4F0}C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe] => (Allow) C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe
FirewallRules: [UDP Query User{E37E6571-87E3-42B5-A518-04747B7A8F57}C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe] => (Allow) C:\users\gaurav\downloads\pc_prince.of.persia.the.forgotten.sands.full-rip.-tptb\prince of persia the forgotten sands\prince of persia.exe
FirewallRules: [{2F5C16D4-C08B-4A88-B991-C7594413DD87}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D7278B61-E09F-49EB-8C2A-BF05485961B1}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9246AF57-8303-41BA-B32F-7CC302E8D188}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{21A4EB66-0D1C-4348-8870-674E1B3ECE9D}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{DEDB0A0D-2547-4CA0-B545-2B342095FF75}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [{54EB340F-1A8D-4E99-8710-E20251C80B75}] => (Allow) C:\Program Files\YourFileDownloader\YourFile.exe
FirewallRules: [TCP Query User{769BD7F0-AAC5-43DE-A58F-865983A21312}F:\gamesl\motogp2\motogp2.exe] => (Allow) F:\gamesl\motogp2\motogp2.exe
FirewallRules: [UDP Query User{83C63004-D956-4C3C-B145-AE6348ED8548}F:\gamesl\motogp2\motogp2.exe] => (Allow) F:\gamesl\motogp2\motogp2.exe
FirewallRules: [TCP Query User{58995B21-C53E-4451-ADD4-6C9F42190EFB}F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe] => (Allow) F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe
FirewallRules: [UDP Query User{16C963CA-E508-4B29-856E-2C577FC3B199}F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe] => (Allow) F:\gamesl\gam setup\assassin's creed brotherhood\acbsp.exe
FirewallRules: [TCP Query User{B33C8E0F-9D47-4F7B-95C4-851B1D49A288}F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe] => (Allow) F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe
FirewallRules: [UDP Query User{1FE613F0-E624-4AD7-AE61-F34882BCC7E2}F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe] => (Allow) F:\gamesl\mw2\need for speed most wanted 2\nfs13.exe
FirewallRules: [TCP Query User{F39EC1BE-8B47-45AC-A0A4-C0EEA8DE85C7}F:\gamesl\call of duty - black ops\blackops.exe] => (Allow) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{27497AFD-D37B-4F99-ADD4-7A959B115927}F:\gamesl\call of duty - black ops\blackops.exe] => (Allow) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [{A7B25883-2298-4B9F-BD62-3A94845EBA49}] => (Allow) F:\gamesl\fifa 13\FIFA 13\Game\fifa13.exe
FirewallRules: [{0D25B5D4-E1D3-4F02-8C76-8D08494987C2}] => (Allow) F:\gamesl\fifa 13\FIFA 13\Game\fifa13.exe
FirewallRules: [TCP Query User{70C68F95-939B-4A27-A83C-F845D3EE576E}F:\gamesl\call of duty - black ops\blackops.exe] => (Block) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{069B1851-2671-4D3C-8C0F-AA5731554248}F:\gamesl\call of duty - black ops\blackops.exe] => (Block) F:\gamesl\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{DDB0B91E-37A7-4BB3-9373-E84A1B401851}C:\tally\tally9.exe] => (Allow) C:\tally\tally9.exe
FirewallRules: [UDP Query User{854E35D5-3229-460B-877D-70E0A4D2B1A8}C:\tally\tally9.exe] => (Allow) C:\tally\tally9.exe
FirewallRules: [TCP Query User{DA8E7B20-4686-4F8D-BA63-016C2E69F345}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [UDP Query User{A6CD3920-4E37-4878-81FF-54F21F742826}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [TCP Query User{0B8903B0-C172-4AE6-9A1D-6340A190B6DD}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [UDP Query User{E715AA68-D4E5-44CE-922F-40A829480DA5}C:\tally.erp9\tally.exe] => (Block) C:\tally.erp9\tally.exe
FirewallRules: [TCP Query User{3382F8EE-77AC-4B48-ABF0-F86792BDAC1D}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [UDP Query User{27FEDDBC-C4A0-4162-8B89-CA5CDC99BCA6}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [TCP Query User{592451A0-7661-4D7C-A544-EB57A9E0AD56}F:\gamesl\assassins creed iii\ac3sp.exe] => (Allow) F:\gamesl\assassins creed iii\ac3sp.exe
FirewallRules: [UDP Query User{21188417-D2ED-43DC-A7FB-6183E879FC8B}F:\gamesl\assassins creed iii\ac3sp.exe] => (Allow) F:\gamesl\assassins creed iii\ac3sp.exe
FirewallRules: [TCP Query User{242C3C07-AD29-4084-A67C-F802BAB444A7}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [UDP Query User{4C6E8C5C-2F40-4379-A606-1166B3C77767}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [{FF8C992B-82EB-49D4-90E2-A54F74BCDBB9}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{89B017F7-6FCF-4362-A3F4-AC135942E06A}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{D676A8A2-24AF-4B20-BEC6-FCCC84FAACEC}] => (Allow) C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe
FirewallRules: [{DCB12F85-C18C-4126-A5AE-BB50027E0214}] => (Allow) C:\Program Files\Codemasters\Ashes Cricket 2009\Cricket2009.exe
FirewallRules: [TCP Query User{03467310-9FDD-44A4-A07C-FA5B4169E87F}F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe] => (Allow) F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [UDP Query User{A9196915-4894-4B3B-8398-D85F642922F1}F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe] => (Allow) F:\gamesl\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [TCP Query User{5EA12EA7-C444-4B19-B5FC-1C57E2DE8370}F:\gamesl\farcry 3\bin\farcry3.exe] => (Allow) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{8D1542C3-0721-4729-A491-348C2BAE50F2}F:\gamesl\farcry 3\bin\farcry3.exe] => (Allow) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{2BDBAA9D-DE79-478E-9F6E-20CE1C7A0000}F:\gamesl\myprog\binaries\wargame-g4wlive.exe] => (Allow) F:\gamesl\myprog\binaries\wargame-g4wlive.exe
FirewallRules: [UDP Query User{ED14DB75-7E5B-4984-BE05-2F73085A9B0D}F:\gamesl\myprog\binaries\wargame-g4wlive.exe] => (Allow) F:\gamesl\myprog\binaries\wargame-g4wlive.exe
FirewallRules: [TCP Query User{84401AC2-461A-4FCA-B9C5-0AAEBCDCAC2B}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [UDP Query User{4BBC33A8-EBF5-4326-9C32-E4B72FD49316}F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe] => (Allow) F:\gamesl\london 2012 the official video game of the olympic games\london2012.exe
FirewallRules: [TCP Query User{6734D8DC-4E3B-4CDC-A1B5-59EF4F8EAC28}F:\gamesl\farcry 3\bin\farcry3.exe] => (Block) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{2EB44913-759E-424F-8012-216B6B464563}F:\gamesl\farcry 3\bin\farcry3.exe] => (Block) F:\gamesl\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{B963899E-CA02-428D-B6A3-2C3DECC864F1}C:\program files\torntv.com\torntv downloader.exe] => (Block) C:\program files\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{4C85642D-48C6-4A5F-B3E7-F3DD3B557B1D}C:\program files\torntv.com\torntv downloader.exe] => (Block) C:\program files\torntv.com\torntv downloader.exe
FirewallRules: [TCP Query User{AB3E260C-62EA-492B-A189-0740F67A6BBF}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Allow) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [UDP Query User{23AAE472-E7AC-45CC-9EA4-AC6890CF8F17}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Allow) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [TCP Query User{92C533CD-9E01-46A7-9880-CA282F66F0F0}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Block) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [UDP Query User{E419D2C9-81D5-4180-A729-7265396B70ED}F:\gamesl\assassin's creed revelations\acrsp.exe] => (Block) F:\gamesl\assassin's creed revelations\acrsp.exe
FirewallRules: [TCP Query User{BAEAFE8D-ABF0-4ACC-90B5-3D1EBBDA97DF}C:\program files\opera\17.0.1241.45\opera.exe] => (Block) C:\program files\opera\17.0.1241.45\opera.exe
FirewallRules: [UDP Query User{04CF6066-0916-4530-ACD8-F737827D348D}C:\program files\opera\17.0.1241.45\opera.exe] => (Block) C:\program files\opera\17.0.1241.45\opera.exe
FirewallRules: [TCP Query User{BCADED1B-AEED-43A8-BC87-BC2958E9C4E0}F:\gamesl\need for speed most wanted\speed.exe] => (Allow) F:\gamesl\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{6B19135C-B638-4795-886D-07ED3A4F076F}F:\gamesl\need for speed most wanted\speed.exe] => (Allow) F:\gamesl\need for speed most wanted\speed.exe
FirewallRules: [{DAA4D279-37B2-435C-90C4-0F13F146632B}] => (Allow) C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B30586AC-D199-4908-9990-F816484D02EF}] => (Allow) C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0B88437C-94E5-4BDE-A4EB-E296BDFD3039}] => (Allow) C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{1C2D2614-0BE2-4052-8556-2E6333B0F5D5}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [UDP Query User{21DE8BD7-78ED-459A-AF56-79B4F68D3718}F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe] => (Allow) F:\gamesl\transformers fall of cybertron\binaries\tfoc.exe
FirewallRules: [TCP Query User{F9717E17-4F9A-4FEE-AD02-57BC0CD3A9D5}C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{5702389B-39F1-4D3F-A9C3-FCCD8E8FA079}C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{915C3892-1C22-4608-975C-DB9128962458}] => (Block) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{F5D79840-D9C1-4A73-929B-49726EC2BD17}] => (Block) C:\users\gaurav\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{1877353B-6EEA-42DB-9061-E255004010B8}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{E8AEA81F-7417-4AE2-9B6E-2D06643CF98C}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{1119A956-32EA-424B-BF0F-C14C81A39AAE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{46B0A5EC-F086-461F-8C7F-3F1D715A50AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{337BD5B6-E011-4A37-AE07-FDAA6D6185BC}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{E38E8AF8-6BFE-4DC6-841A-4B6961EB17EF}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{8EB3E97C-FC45-43D0-9113-D97667C0A944}] => (Allow) C:\Program Files\Connectify\Connectify.exe
FirewallRules: [{D9FED77A-60C7-4576-9946-F42369390B54}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{8A39AAE8-15A0-4D49-88C8-FCE46EA2CE81}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{12255AAA-B804-4A8C-A8AB-8443495DBFDD}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{F80DA935-F14A-4F80-AE8E-8A9774D3D5F8}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{2DDAA6C1-39C4-4720-A0C0-2721A87C553D}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{3B4963EB-EF60-4CE9-89B7-99F8C5B84D47}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{91E2AE7A-8533-4C1F-A403-7D0369734999}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [TCP Query User{FC26720C-ED5F-4C9A-AB0C-9BD01FE21397}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Allow) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
FirewallRules: [UDP Query User{7FB20DB2-177A-4447-8830-1AD3759DEBF1}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Allow) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
FirewallRules: [TCP Query User{907C9B86-64FD-45CC-9FFE-4F10ECE3E109}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Block) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
FirewallRules: [UDP Query User{D7072858-7282-4D3D-9AEF-A23DEB7045AB}C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe] => (Block) C:\users\gaurav\appdata\roaming\bittorrent\updates\7.9.2_37755.exe
StandardProfile\AuthorizedApplications: [C:\Users\Gaurav\AppData\Local\Temp\x596d1qPK.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Users\Gaurav\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/08/2015 05:36:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2015 03:15:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2015 02:49:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dbb192ec-1fd3-4658-aa08-9483343b367d}
 
Error: (05/08/2015 00:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2015 11:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2015 10:25:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/06/2015 10:24:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sbu.exe, version: 2.1.0.61, time stamp: 0x53159061
Faulting module name: fastprox.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7b809
Exception code: 0xc0000005
Fault offset: 0x6f89a2d4
Faulting process id: 0x774
Faulting application start time: 0xsbu.exe0
Faulting application path: sbu.exe1
Faulting module path: sbu.exe2
Report Id: sbu.exe3
 
Error: (05/06/2015 10:18:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 00:08:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 07:28:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/08/2015 08:49:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (05/08/2015 05:33:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
 
Error: (05/08/2015 05:33:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (05/08/2015 03:11:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/08/2015 03:11:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/08/2015 03:11:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Connectify service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/08/2015 03:11:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (05/08/2015 03:11:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/08/2015 03:11:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/08/2015 03:11:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Authorization Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (08/27/2013 09:34:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 923 seconds with 600 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-02 11:42:06.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.190
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:42:06.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:51.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:37.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-02 11:41:37.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 88%
Total physical RAM: 1950.27 MB
Available physical RAM: 220.93 MB
Total Pagefile: 3900.54 MB
Available Pagefile: 1420.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.66 GB) (Free:18.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.04 GB) (Free:0.02 GB) NTFS
Drive e: (OS) (Fixed) (Total:4.99 GB) (Free:3.84 GB) FAT32
Drive f: (Data) (Fixed) (Total:292.97 GB) (Free:27.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BAF0215)
Partition 1: (Not Active) - (Size=39 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=0B)
Partition 3: (Active) - (Size=167.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 AM

Posted 08 May 2015 - 11:47 AM

Did you remove some entries?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 gauravit6

gauravit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 May 2015 - 11:50 AM

no i haven't deleted any entries



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 AM

Posted 08 May 2015 - 11:56 AM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected 
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-10-12] (Speedbit Ltd.)
    Tcpip\..\Interfaces\{DCF5E03F-E87E-461F-9B27-B7F0621BE9CA}: [NameServer] 59.179.243.70,203.94.243.70
    R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1751672 2014-03-04] (Speedbit Ltd.)
    2015-04-20 21:37 - 2015-04-20 21:37 - 0001245 _____ () C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe
    Task: {17B4CFA0-E84B-46E2-B515-E1E6D745B318} - System32\Tasks\{9B66BDEC-CB85-4440-BA73-8BA965AC9A99} => pcalua.exe -a "C:\Users\Gaurav\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe" -c /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
    Task: {6A29DEF9-1938-4D77-96C0-547998A8AF38} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe 
    Task: {7F182478-353F-4F71-8E6F-1A378E51C90B} - System32\Tasks\SBWUpdateTask_Logon_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) 
    Task: {D5F50A10-4858-4431-9D6C-7C3A6241FA5B} - System32\Tasks\SBWUpdateTask_Time_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) 
    C:\Program Files\Common Files\Speedbit
    C:\Program Files\YourFileDownloader
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 gauravit6

gauravit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 May 2015 - 09:54 PM

Fixlog.txt 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by Gaurav at 2015-05-08 22:31:12 Run:1
Running from C:\Users\Gaurav\Desktop
Loaded Profiles: Gaurav (Available profiles: Gaurav)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-10-12] (Speedbit Ltd.)
Tcpip\..\Interfaces\{DCF5E03F-E87E-461F-9B27-B7F0621BE9CA}: [NameServer] 59.179.243.70,203.94.243.70
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1751672 2014-03-04] (Speedbit Ltd.)
2015-04-20 21:37 - 2015-04-20 21:37 - 0001245 _____ () C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe
Task: {17B4CFA0-E84B-46E2-B515-E1E6D745B318} - System32\Tasks\{9B66BDEC-CB85-4440-BA73-8BA965AC9A99} => pcalua.exe -a "C:\Users\Gaurav\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe" -c /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {6A29DEF9-1938-4D77-96C0-547998A8AF38} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe 
Task: {7F182478-353F-4F71-8E6F-1A378E51C90B} - System32\Tasks\SBWUpdateTask_Logon_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) 
Task: {D5F50A10-4858-4431-9D6C-7C3A6241FA5B} - System32\Tasks\SBWUpdateTask_Time_d6554973-24B6FD515382 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) 
C:\Program Files\Common Files\Speedbit
C:\Program Files\YourFileDownloader
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => Key deleted successfully.
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => Key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}" => Key deleted successfully.
"HKCR\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}" => Key deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DCF5E03F-E87E-461F-9B27-B7F0621BE9CA}\\NameServer => value deleted successfully.
SBUpd => Service deleted successfully.
C:\Users\Gaurav\AppData\Roaming\aswrgeathwasrga.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17B4CFA0-E84B-46E2-B515-E1E6D745B318}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17B4CFA0-E84B-46E2-B515-E1E6D745B318}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9B66BDEC-CB85-4440-BA73-8BA965AC9A99} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9B66BDEC-CB85-4440-BA73-8BA965AC9A99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A29DEF9-1938-4D77-96C0-547998A8AF38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A29DEF9-1938-4D77-96C0-547998A8AF38}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F182478-353F-4F71-8E6F-1A378E51C90B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F182478-353F-4F71-8E6F-1A378E51C90B}" => Key deleted successfully.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_d6554973-24B6FD515382 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_d6554973-24B6FD515382" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5F50A10-4858-4431-9D6C-7C3A6241FA5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5F50A10-4858-4431-9D6C-7C3A6241FA5B}" => Key deleted successfully.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_d6554973-24B6FD515382 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_d6554973-24B6FD515382" => Key deleted successfully.
C:\Program Files\Common Files\Speedbit => Moved successfully.
"C:\Program Files\YourFileDownloader" => File/Directory not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":862BDB1A" ADS removed successfully.
EmptyTemp: => Removed 10.9 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:39:08 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Gaurav (administrator) on GAURAV-PC on 09-05-2015 07:54:58
Running from C:\Users\Gaurav\Desktop
Loaded Profiles: Gaurav (Available profiles: Gaurav)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Connectify\ConnectifyService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Tally.ERP9\tallylicserver.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\hqtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(BitTorrent Inc.) C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
() C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
(Opera Software) C:\Program Files\Opera\29.0.1795.47\opera.exe
() C:\Program Files\Connectify\ConnectifyNetServices.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [501104 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [VMware hqtray] => C:\Program Files\VMware\VMware Player\hqtray.exe [64048 2008-10-28] (VMware, Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [RGSC] => F:\gamesl\gta4\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [Facebook Update] => C:\Users\Gaurav\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-11] (Facebook Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3865232 2013-10-12] (Speedbit Ltd.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [BitTorrent] => C:\Users\Gaurav\AppData\Roaming\BitTorrent\BitTorrent.exe [1443160 2015-04-30] (BitTorrent Inc.)
HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Run: [Connectify] => C:\Program Files\Connectify\Connectify.exe [4007936 2012-11-10] (Connectify)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\..\Interfaces\{526A6C37-9AF0-4E90-9F76-C6723E979C4E}: [NameServer] 192.168.4.1
 
FireFox:
========
FF ProfilePath: C:\Users\Gaurav\AppData\Roaming\Mozilla\Firefox\Profiles\kvto4sk2.default-1422072188285
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-23] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283987553-728366819-2836283039-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Gaurav\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2013-10-12]
FF HKU\S-1-5-21-2283987553-728366819-2836283039-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2013-10-12]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn [2014-11-12]
CHR Extension: (No Name) - C:\Users\Gaurav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-17]
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [Not Found]
 
Opera: 
=======
OPR Extension: (Easy Youtube Video Downloader For Opera) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\acghaimmohdiildbgkbcjfmkdgglpofi [2013-10-05]
OPR Extension: (Youtube to mp3 converter) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\geioidjhliialbjcekeejcodiahfplgb [2015-03-16]
OPR Extension: (YouTube Downloader) - C:\Users\Gaurav\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-03-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2007-11-02] (ABBYY (BIT Software)) [File not signed]
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [65536 2012-11-10] () [File not signed]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1087792 2015-04-26] (Flexera Software LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-27] (IDT, Inc.)
R2 Tally License Server 2.0; C:\Tally.ERP9\tallylicserver.exe [478208 2009-04-02] () [File not signed]
S3 ufad-ws60; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [113200 2008-10-28] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [326192 2008-10-28] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [399920 2008-10-28] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 GSService; "C:\Windows\system32\GSService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [302120 2011-02-08] (Broadcom Corporation.)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [27248 2015-01-09] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-05] (DT Soft Ltd)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2008-10-28] (VMware, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2008-10-28] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2008-10-28] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2008-10-28] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2008-10-28] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [857392 2008-10-28] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2008-10-02] (VMware, Inc.)
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-08 21:58 - 2015-05-08 21:59 - 00045922 _____ () C:\Users\Gaurav\Desktop\Addition.txt
2015-05-08 21:57 - 2015-05-09 07:54 - 00012509 _____ () C:\Users\Gaurav\Desktop\FRST.txt
2015-05-08 21:52 - 2015-05-08 21:52 - 00078287 _____ () C:\Users\Gaurav\Downloads\e (1).htm
2015-05-08 17:33 - 2015-05-08 17:33 - 00023038 _____ () C:\Users\Gaurav\Desktop\AdwCleaner[S0].txt
2015-05-08 17:32 - 2015-05-08 17:32 - 00001292 _____ () C:\Users\Gaurav\Desktop\anti malware.txt
2015-05-08 15:25 - 2015-05-09 07:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 15:23 - 2015-05-08 15:23 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 15:23 - 2015-05-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 15:23 - 2015-05-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-08 15:23 - 2015-05-08 15:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 15:23 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-08 15:23 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-08 15:23 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-08 15:17 - 2015-05-08 15:23 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gaurav\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 15:08 - 2015-05-08 15:12 - 00000000 ____D () C:\AdwCleaner
2015-05-08 15:06 - 2015-05-08 15:07 - 02204160 _____ () C:\Users\Gaurav\Downloads\adwcleaner_4.203.exe
2015-05-08 14:47 - 2015-05-08 14:47 - 00001222 _____ () C:\Users\Gaurav\Desktop\Revo Uninstaller.lnk
2015-05-08 14:47 - 2015-05-08 14:47 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-08 14:45 - 2015-05-08 14:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gaurav\Downloads\revosetup.exe
2015-05-08 12:10 - 2015-05-09 07:55 - 00000000 ____D () C:\FRST
2015-05-08 12:09 - 2015-05-08 12:08 - 01141248 _____ (Farbar) C:\Users\Gaurav\Desktop\FRST.exe
2015-05-08 12:08 - 2015-05-08 12:08 - 01141248 _____ (Farbar) C:\Users\Gaurav\Downloads\FRST.exe
2015-05-07 21:09 - 2015-05-08 21:53 - 02177024 _____ () C:\Users\Gaurav\Downloads\Daily Update of 8th May'15.xls
2015-05-07 21:08 - 2015-05-07 21:08 - 00078816 _____ () C:\Users\Gaurav\Downloads\e.htm
2015-05-07 13:39 - 2015-05-07 13:40 - 00243912 _____ () C:\Users\Gaurav\Downloads\report1430986187266.xls
2015-05-03 22:48 - 2015-05-04 07:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-03 22:48 - 2015-05-03 23:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-03 22:43 - 2015-05-03 22:48 - 16873560 _____ () C:\Users\Gaurav\Downloads\RogueKiller.exe
2015-05-03 22:22 - 2015-05-03 22:24 - 00000000 ____D () C:\Users\Gaurav\Downloads\mov
2015-05-02 20:43 - 2015-05-03 08:11 - 00000000 ____D () C:\Users\Gaurav\Downloads\Cloverfield (2008) 720p BLuRay x264 Dual Audio [Eng DD 5.1-Hindi 2.0] XdesiArsenal [ExD-XMR]
2015-05-02 20:42 - 2015-05-02 20:42 - 00019693 _____ () C:\Users\Gaurav\Downloads\MONOVA.ORG Cloverfield_(2008)_720p_BLuRay_x264_Dual_Audio_(Eng_DD_5.1-Hindi_2.0)_XdesiArsenal_(ExD-XMR).torrent
2015-04-26 12:01 - 2015-04-26 12:01 - 00001231 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 8.2 (32-bit).lnk
2015-04-26 12:01 - 2015-04-26 12:01 - 00001219 _____ () C:\Users\Public\Desktop\Tableau 8.2 (32-bit).lnk
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\Users\Gaurav\Documents\My Tableau Repository
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-26 12:01 - 2015-04-26 12:01 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-26 12:00 - 2015-04-26 12:00 - 00000000 ____D () C:\Program Files\Tableau
2015-04-25 18:36 - 2015-04-25 19:02 - 00000000 ____D () C:\Users\Gaurav\Downloads\Unbroken (2014) 720p Blu-Ray x264 [Dual-Audio][English BD 5.1 + Hindi BD 5.1] - Mafiaking - M2Tv
2015-04-23 09:57 - 2015-04-23 09:57 - 17244848 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-04-18 10:08 - 2015-04-18 17:42 - 00000000 ____D () C:\Users\Gaurav\Downloads\Falcon Rising [2014] Blu-Ray 720p x264 Dual audio [Eng 5.1 +Hindi 2.0]...Hon3y
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-09 07:52 - 2009-07-14 10:04 - 00021520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-09 07:52 - 2009-07-14 10:04 - 00021520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-09 07:51 - 2013-09-30 21:08 - 00000000 ____D () C:\Program Files\Opera
2015-05-09 07:51 - 2012-10-04 11:44 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\BitTorrent
2015-05-09 07:50 - 2010-11-21 02:31 - 00718036 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-09 07:46 - 2012-10-03 13:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-09 07:45 - 2014-12-16 11:20 - 00000000 ____D () C:\ProgramData\VMware
2015-05-09 07:45 - 2012-12-06 18:19 - 00000000 ____D () C:\Tally.ERP9
2015-05-09 07:45 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-09 07:45 - 2009-07-14 10:09 - 00153216 _____ () C:\Windows\setupact.log
2015-05-08 22:51 - 2012-10-03 07:03 - 01518135 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 22:40 - 2013-12-02 15:48 - 00000008 __RSH () C:\Users\Gaurav\ntuser.pol
2015-05-08 22:40 - 2013-10-12 22:15 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-08 22:40 - 2012-10-03 07:09 - 00000000 ____D () C:\Users\Gaurav
2015-05-08 22:40 - 2010-11-21 03:18 - 00064526 _____ () C:\Windows\PFRO.log
2015-05-08 22:39 - 2015-02-23 10:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 22:31 - 2009-07-14 08:07 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-08 21:02 - 2013-08-11 23:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000UA.job
2015-05-08 17:31 - 2015-01-09 09:04 - 00000000 ____D () C:\Program Files\Connectify
2015-05-08 16:27 - 2012-10-02 22:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-08 15:11 - 2012-10-03 07:10 - 00001144 _____ () C:\Users\Gaurav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-08 14:48 - 2015-01-18 13:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-08 12:04 - 2013-06-29 18:45 - 00000000 ____D () C:\Users\Gaurav\AppData\Roaming\EQATEC Analytics
2015-05-02 20:39 - 2015-02-23 10:10 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-30 09:51 - 2012-10-02 19:42 - 00000000 ____D () C:\Users\Gaurav\Documents\Bluetooth Exchange Folder
2015-04-28 09:09 - 2013-08-11 23:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2283987553-728366819-2836283039-1000Core.job
2015-04-23 09:57 - 2012-10-02 19:27 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-23 09:57 - 2012-10-02 19:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-23 09:02 - 2012-10-03 07:53 - 00000000 ____D () C:\Windows.old
2015-04-21 10:14 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 15:13 - 2014-09-07 08:29 - 00002000 ____H () C:\Users\Gaurav\Documents\Default.rdp
2015-04-11 15:08 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\system32\FxsTmp
 
==================== Files in the root of some directories =======
 
2012-12-02 17:33 - 2012-12-03 20:43 - 0155984 _____ () C:\Users\Gaurav\AppData\Roaming\icr-20-jan
2014-11-08 21:00 - 2014-11-08 21:00 - 0613012 _____ (CMI Limited) C:\Users\Gaurav\AppData\Local\nsuAF95.tmp
2014-11-08 21:55 - 2014-11-08 21:55 - 0613012 _____ (CMI Limited) C:\Users\Gaurav\AppData\Local\nsv9A4.tmp
2012-10-15 00:19 - 2013-02-23 00:41 - 0007606 _____ () C:\Users\Gaurav\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 10:44
 
==================== End Of Log ============================
 
 
 
After running your last steps my any of the browsers is not opening any website. I have to use my mobile internet. Please help to resolve this issue.


#15 gauravit6

gauravit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 May 2015 - 10:04 PM

it is giving me error "

This webpage is not available whenever i am opening any website. please helppppppppppp




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users