Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

www.nice-doggy.xyz/run/updater.exe


  • This topic is locked This topic is locked
7 replies to this topic

#1 maheah

maheah

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 September 2015 - 02:56 AM

sir kindly replay how to remove

www.nice-doggy.xyz/run/updater.exe

 

farbar scan results her

 

FRST.TXT

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by dell (administrator) on DELL-PC (24-09-2015 13:13:22)
Running from C:\Users\dell\Desktop\Old Firefox Data
Loaded Profiles: dell (Available Profiles: dell)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ARWSRVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCPROXYSRV.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCSECSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\sapissvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ONLINENT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\airtel 3G\UIExec.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\BDSSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE
(Google Inc) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QUHLPSVC.EXE
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
() C:\Program Files (x86)\airtel 3G\AssistantServices.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scanwscs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-30] (Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\strtupap.exe [207984 2014-07-31] (Quick Heal Technologies (P) Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4226048 2012-09-21] ()
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\airtel 3G\UIExec.exe [157952 2014-04-18] ()
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Lsa: [Notification Packages] scecli ScSecAuth
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2014-11-21]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E600058B-E6B6-4A6B-96EF-87B54DFC5EA9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F7B4169B-CF80-416E-99B2-25D9E28A002C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F7B4169B-CF80-416E-99B2-25D9E28A002C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-646295911-1499505637-1923475606-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-646295911-1499505637-1923475606-1000 -> DefaultScope {59EBCBC3-61E3-44FE-A6EF-BFE732461467} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-06] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-06] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\lb52xyzl.default-1442996344447
FF Homepage: hxxp://172.16.170.1/login
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-22] ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-06] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-22] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-22] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2005-07-16] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2015-09-21]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2015-09-21]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\inspector.js [2015-09-21]

Chrome:
=======
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-25]
CHR Extension: (IDM Integration Module) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\arwsrvc.exe [322664 2015-09-09] (Quick Heal Technologies (P) Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bdssvc.exe [29296 2014-06-06] (Quick Heal Technologies (P) Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE [44144 2014-12-16] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [264296 2015-08-26] (Quick Heal Technologies (P) Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [264296 2015-08-26] (Quick Heal Technologies (P) Ltd.)
R2 GoogleInputService; C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [164888 2015-04-15] (Google Inc)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-22] (Intel Corporation)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe [56936 2015-09-09] (Quick Heal Technologies (P) Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\quhlpsvc.exe [156784 2014-08-30] (Quick Heal Technologies (P) Ltd.)
R2 RealtekCU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE [331472 2015-09-09] (Quick Heal Technologies (P) Ltd.)
R2 ScProxySrv; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ScProxySrv.exe [103024 2015-08-26] (Quick Heal Technologies (P) Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ScSecSvc.exe [572016 2015-08-26] (Quick Heal Technologies (P) Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
R2 UI Assistant Service; C:\Program Files (x86)\airtel 3G\AssistantServices.exe [277248 2014-04-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [47848 2015-09-09] (Quick Heal Technologies (P) Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [271592 2015-08-26] (Quick Heal Technologies (P) Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [26344 2015-08-26] (Quick Heal Technologies (P) Ltd.)
R1 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [49288 2015-08-26] (Quick Heal Technologies (P) Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [80104 2014-09-12] (Quick Heal Technologies (P) Ltd.)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [19176 2014-06-06] (Quick Heal Technologies (P) Ltd.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2010-01-05] (Huawei Technologies Co., Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [74472 2014-08-27] (Quick Heal Technologies (P) Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-05] (Huawei Technologies Co., Ltd.)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2192088 2013-08-24] (Realtek Semiconductor Corp.)
S3 intelide; C:\Windows\system32\drivers\intelide.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [68840 2015-09-01] (Quick Heal Technologies (P) Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-22] (Intel Corporation)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [40680 2014-09-12] (Quick Heal Technologies (P) Ltd.)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2014-02-20] (Realtek Semiconductor Corporation                           )
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (Windows ® Codename Longhorn DDK provider)
S3 TplinkUDSTcpBus; C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [181024 2012-09-21] (Windows ® Codename Longhorn DDK provider)
R2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [55528 2014-10-16] (Quick Heal Technologies (P) Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [78568 2015-01-05] (Quick Heal Technologies (P) Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-24 13:09 - 2015-09-24 13:13 - 00000000 ____D C:\FRST
2015-09-24 12:38 - 2015-09-24 12:41 - 00000000 ___HD C:\Users\dell\ScStore
2015-09-24 12:00 - 2015-09-24 12:00 - 00000000 _____ C:\Users\dell\Desktop\New Text Document (2).txt
2015-09-24 11:36 - 2015-09-24 11:36 - 00448217 _____ C:\Info.qhc
2015-09-24 11:31 - 2015-09-24 11:33 - 00373846 _____ C:\RptAdvscn_24.09.15_11.31.22_.log
2015-09-24 10:31 - 2015-09-24 10:31 - 00012924 _____ C:\Users\dell\Desktop\config bin.rar
2015-09-24 10:03 - 2015-09-24 10:03 - 00000077 _____ C:\Users\dell\Desktop\New Text Document.txt
2015-09-24 09:44 - 2015-09-24 09:44 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-24 09:44 - 2015-09-24 09:44 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-23 19:16 - 2015-09-24 12:38 - 00000392 _____ C:\Windows\setupact.log
2015-09-23 19:16 - 2015-09-24 10:51 - 00005170 _____ C:\Windows\PFRO.log
2015-09-23 19:16 - 2015-09-23 19:16 - 00000000 _____ C:\Windows\setuperr.log
2015-09-23 17:08 - 2015-09-23 17:08 - 00002404 _____ C:\Users\dell\Documents\cc_20150923_170808.reg
2015-09-23 14:24 - 2015-09-23 14:24 - 00000000 _____ C:\autoexec.bat
2015-09-23 13:39 - 2015-09-24 13:00 - 00000000 ____D C:\Users\dell\Desktop\QHTEMP
2015-09-23 13:37 - 2015-09-23 13:31 - 00000653 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-09-23 12:56 - 2015-09-23 12:56 - 00000000 ____D C:\Users\dell\temp
2015-09-23 12:56 - 2015-09-23 12:56 - 00000000 ____D C:\Users\dell\AppData\Roaming\TeamViewer
2015-09-23 12:43 - 2015-09-23 12:43 - 00060854 _____ C:\Users\dell\Downloads\remfakealert.zip
2015-09-23 11:48 - 2015-09-23 11:49 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\dell\Downloads\SpyHunter-Installer.exe
2015-09-22 22:17 - 2015-09-24 13:10 - 00000000 ____D C:\Users\dell\Desktop\Old Firefox Data
2015-09-22 21:44 - 2015-09-22 21:46 - 00000000 ____D C:\AdwCleaner
2015-09-21 11:53 - 2015-09-24 09:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-10 09:37 - 2015-09-23 01:24 - 00000000 ____D C:\Users\dell\Downloads\Compressed
2015-09-09 09:37 - 2015-09-09 11:43 - 00000000 ____D C:\Program Files (x86)\Tensons
2015-09-05 07:21 - 2015-09-05 07:21 - 00005208 _____ C:\Users\dell\Documents\cc_20150905_072150.reg
2015-09-05 07:06 - 2015-09-05 07:06 - 00000992 _____ C:\Users\dell\Documents\tr.txt
2015-09-05 06:58 - 2015-09-24 13:09 - 00314422 _____ C:\Windows\WindowsUpdate.log
2015-08-31 19:06 - 2015-08-31 19:06 - 00005884 _____ C:\Users\dell\Documents\BillDesk Payment Gateway.htm
2015-08-31 19:06 - 2015-08-31 19:06 - 00000000 ____D C:\Users\dell\Documents\BillDesk Payment Gateway_files
2015-08-29 23:51 - 2015-08-29 23:51 - 00000343 _____ C:\Users\dell\Documents\bz.txt
2015-08-28 09:17 - 2015-08-28 09:17 - 00013828 _____ C:\Users\dell\Documents\cc_20150828_091737.reg
2015-08-26 16:49 - 2015-08-26 16:43 - 00425256 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\SCDETOUR.DLL
2015-08-26 16:49 - 2015-08-26 16:43 - 00357992 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\SysWOW64\SCDETOUR.DLL
2015-08-26 16:49 - 2015-08-26 16:43 - 00267880 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\SCSANDBOXAPI.DLL
2015-08-26 16:49 - 2015-08-26 16:43 - 00226408 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\SysWOW64\SCSANDBOXAPI.DLL
2015-08-26 16:49 - 2015-08-26 16:43 - 00157800 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\SCSECAUTH.DLL
2015-08-26 16:43 - 2015-09-09 09:18 - 00047848 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\Arwflt.sys
2015-08-26 10:17 - 2015-09-24 10:17 - 00000460 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2015-08-26 10:17 - 2015-09-01 01:41 - 00068840 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\llio.sys
2015-08-26 10:17 - 2015-08-26 16:43 - 00271592 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2015-08-26 10:17 - 2015-08-26 16:43 - 00026344 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2015-08-26 10:17 - 2015-08-26 10:17 - 00006305 _____ C:\Windows\regact.dat
2015-08-26 10:17 - 2015-08-26 10:17 - 00003528 _____ C:\Windows\System32\Tasks\Quick Heal AntiMalware Scan
2015-08-26 10:17 - 2014-09-12 10:53 - 00040680 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\mscank.sys
2015-08-26 10:17 - 2014-06-06 12:29 - 00019176 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2015-08-26 10:16 - 2015-09-24 12:16 - 00000436 _____ C:\Windows\Tasks\Resume Quickup Download.job
2015-08-26 10:16 - 2015-08-26 16:43 - 00049288 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bsfs.sys
2015-08-26 10:16 - 2015-08-26 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal AntiVirus Pro
2015-08-26 10:16 - 2015-08-26 10:16 - 00003458 _____ C:\Windows\System32\Tasks\Resume Quickup Download
2015-08-26 10:16 - 2015-08-26 10:16 - 00001217 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk
2015-08-26 10:16 - 2015-01-05 19:41 - 00078568 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2015-08-26 10:16 - 2014-10-16 19:42 - 00055528 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\webssx.sys
2015-08-26 10:15 - 2015-08-26 10:16 - 00000000 ____D C:\Program Files\Common Files\Quick Heal
2015-08-26 10:14 - 2015-09-23 16:06 - 00000000 ____D C:\Windows\system32\gprodat
2015-08-26 10:14 - 2014-08-27 09:53 - 00074472 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\ggc.sys
2015-08-25 18:23 - 2015-08-25 18:23 - 00000000 ____D C:\Program Files\Quick Heal
2015-08-25 18:10 - 2015-08-25 18:27 - 00003310 _____ C:\inst.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-24 12:46 - 2014-06-20 00:12 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-09-24 12:46 - 2009-07-14 10:15 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-24 12:46 - 2009-07-14 10:15 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-24 12:43 - 2009-07-14 10:43 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-24 12:38 - 2014-07-06 04:13 - 00000000 ____D C:\Users\dell
2015-09-24 12:38 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 12:22 - 2015-08-23 07:38 - 00000000 ____D C:\Program Files (x86)\BandwidthMonitor
2015-09-24 10:48 - 2014-12-30 21:30 - 00000000 ____D C:\Windows\pss
2015-09-24 10:39 - 2015-08-22 13:27 - 00000000 ____D C:\Users\dell\AppData\Roaming\IDM
2015-09-24 10:39 - 2015-08-22 13:27 - 00000000 ____D C:\Users\dell\AppData\Roaming\DMCache
2015-09-24 10:39 - 2015-08-22 13:27 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-09-24 09:44 - 2015-04-14 03:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-23 18:19 - 2014-11-23 11:34 - 00007597 _____ C:\Users\dell\AppData\Local\Resmon.ResmonCfg
2015-09-23 17:07 - 2015-01-01 12:39 - 00000000 ____D C:\Users\dell\AppData\Local\CrashDumps
2015-09-23 16:58 - 2014-07-06 04:28 - 00000000 ____D C:\Users\dell\AppData\Roaming\vlc
2015-09-23 04:59 - 2015-01-18 08:21 - 00000546 _____ C:\Windows\system32\nvscnrpt.log
2015-09-23 04:59 - 2014-06-20 00:13 - 00000000 ____D C:\Temp
2015-09-22 21:46 - 2014-11-21 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-18 16:53 - 2014-07-06 04:27 - 00000000 ____D C:\Users\dell\AppData\Local\Google
2015-09-17 21:01 - 2009-07-14 10:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-17 15:23 - 2009-07-14 08:50 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-13 12:15 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2015-09-10 07:50 - 2009-07-14 10:38 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-04 07:34 - 2015-01-17 14:30 - 00000000 ____D C:\Users\dell\AppData\Roaming\dvdcss
2015-08-29 08:45 - 2014-12-27 18:32 - 00000000 ____D C:\Windows\system32\appmgmt
2015-08-28 07:01 - 2014-07-06 04:14 - 00000000 ____D C:\Users\dell\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-11-23 11:34 - 2015-09-23 18:19 - 0007597 _____ () C:\Users\dell\AppData\Local\Resmon.ResmonCfg
2014-11-21 08:55 - 2014-11-21 08:55 - 0000057 _____ () C:\ProgramData\Ament.ini

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\intelide.sys

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 01:57

==================== End of FRST.txt ============================

 

ADDITON .TXT

 

 



BC AdBot (Login to Remove)

 


#2 maheah

maheah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 September 2015 - 02:57 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by dell (2015-09-24 13:12:09)
Running from C:\Users\dell\Desktop\Old Firefox Data
Windows 7 Professional Service Pack 1 (X64) (2014-07-05 22:43:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-646295911-1499505637-1923475606-500 - Administrator - Disabled)
dell (S-1-5-21-646295911-1499505637-1923475606-1000 - Administrator - Enabled) => C:\Users\dell
Guest (S-1-5-21-646295911-1499505637-1923475606-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Quick Heal AntiVirus Pro (Enabled - Up to date) {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
AS: Quick Heal AntiVirus Pro (Enabled - Up to date) {DB8FBA10-1533-A429-00B0-F3F913340A5B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {58D5DAD1-7966-AAFF-115F-61BE9660079D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
airtel 3G (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ZTE)
Apple Telugu Keyboard Layout (HKLM\...\{7B62F1B2-B724-4EC6-8261-45C728A07F77}) (Version: 1.0.3.40 - Veeven.Com)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Gaim (remove only) (HKLM-x32\...\Gaim) (Version:  - )
GIST-OT-Typing Tool(Telugu) (HKLM-x32\...\{08EAAA82-5B4B-4378-80FD-2BE160D6E74C}) (Version:  - )
GIST-TT-TypingTool(Telugu) (HKLM-x32\...\{B3F735BF-5B24-46FB-AEE8-E183139EE022}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Input Tools (HKLM\...\GoogleInputFramework) (Version:  - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GTK+ Runtime 2.6.9 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version:  - )
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C9064E5C-D5AB-4EEB-86A6-50756901038A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Icecream PDF Split and Merge version 1.06 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.06 - Icecream Apps)
Idea Net Setter (HKLM-x32\...\Idea Net Setter) (Version: 16.001.06.01.356 - Huawei Technologies Co.,Ltd)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
MeOCR 1.00 version 1.00 (HKLM-x32\...\{6AA802DE-467B-468D-AAEC-E794754B4692}_is1) (Version: 1.00 - MeOCR Software)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird (1.0.2) (HKLM-x32\...\Mozilla Thunderbird (1.0.2)) (Version: 1.0.2 (en) - Mozilla)
Quick Heal AntiVirus Pro (HKLM\...\Quick Heal AntiVirus Pro) (Version: 16.00 - Quick Heal Technologies Pvt. Ltd.)
Quick Heal AntiVirus Pro (Version: 16.00 - Quick Heal) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.87 (08-09-2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.77.00(24-10-2013) - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM-x32\...\Samsung M267x 287x Series) (Version: 1.24 (18-12-2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.01.12.00 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.17222 - TeamViewer GmbH)
TP-LINK USB Printer Controller (HKLM-x32\...\{3EC900B5-28EE-4472-A9FF-B11A879EC838}) (Version: 1.12.0927 - TP-LINK)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.30 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 4.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.2 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

22-09-2015 19:09:08 Quick Heal AntiMalware Restore Point
22-09-2015 21:49:17 JRT Pre-Junkware Removal
23-09-2015 03:42:08 Removed Apple Telugu Keyboard Layout

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2015-09-24 12:48 - 00000442 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1  tonec.com
127.0.0.1  http://www.tonec.com
127.0.0.1  internetdownloadmanager.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4E314CD5-CCC7-471F-AC6F-5EE61618B36B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {4F11C7BC-A645-40B0-BF97-5FEBB4E2A938} - System32\Tasks\{145300FD-7100-40B6-A2F7-0803CE246724} => pcalua.exe -a "H:\Software\GIST-TT-Fonts Installer\Setup.exe" -d "H:\Software\GIST-TT-Fonts Installer"
Task: {7DF9E379-F495-4CEF-B604-50E6878022A2} - System32\Tasks\{6C858151-604A-4D8B-98A1-90B9209D57D5} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c C:\C-DAC\Telugu\GIST-OT-TypingTool\Gist-OT-TypingTool.exe
Task: {81B65949-25E4-40B0-B0A6-9FDBDD872AAE} - System32\Tasks\{D64C2E92-9667-41A0-B6D9-8FC1121267B1} => C:\C-DAC\Telugu\GIST-TT-TypingTool\Gist-TT-TypingTool.exe [2005-10-14] ()
Task: {84E8E287-E83F-45BE-B586-5530CD7DC2CC} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ASMAIN.EXE [2015-02-12] (Quick Heal Technologies (P) Ltd.)
Task: {86E86F76-2B6A-4BE3-AABA-7D558F4399FA} - System32\Tasks\{08B0BC5B-8A28-4B2B-ACCF-ED620638D4BB} => pcalua.exe -a "H:\Software\GIST - OT DRV\Setup.exe" -d "H:\Software\GIST - OT DRV"
Task: {94E36235-D58C-4F91-8801-3D687B105BC3} - System32\Tasks\{659A6B68-48E2-4C6A-AF01-2F809DAAA3F5} => C:\C-DAC\Telugu\GIST-TT-TypingTool\Gist-TT-TypingTool.exe [2005-10-14] ()
Task: {95EE0141-0B3B-4EBA-9742-E300A8E3E624} - System32\Tasks\{A0C3053A-80D3-4EBD-8FEB-0D53038F5FD5} => pcalua.exe -a C:\Users\dell\Desktop\BluetoothDriverInstaller.exe -d C:\Users\dell\Desktop
Task: {AF2B202E-86A0-4739-A8B6-E0400115D50D} - System32\Tasks\{3F22571E-A605-4A35-B66A-4DE658382100} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c C:\C-DAC\Telugu\GIST-TT-TypingTool\Gist-TT-TypingTool.exe
Task: {B5545CA2-8664-457A-A2B8-9878A8ED31C6} - System32\Tasks\{B6F6AEB9-8C54-4CD3-A86E-C65B593496CB} => C:\C-DAC\Telugu\GIST-OT-TypingTool\Gist-OT-TypingTool.exe [2005-10-05] ()
Task: {EAE8007C-5870-405B-B624-560F763A6153} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ACAPPAA.EXE [2014-06-06] (Quick Heal Technologies (P) Ltd.)
Task: {EB05ABB7-DD23-440F-AE48-F57BEA9B93E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ACAPPAA.EXE

==================== Loaded Modules (Whitelisted) ==============

2014-11-16 05:00 - 2012-11-14 22:13 - 00034304 _____ () C:\Windows\System32\ssa6mlm.dll
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scanapi.dll
2015-04-24 23:53 - 2015-09-18 19:29 - 01101312 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scansdk.dll
2015-03-26 16:30 - 2015-09-22 23:22 - 00503296 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\platform.dll
2014-11-10 13:57 - 2015-08-26 16:43 - 00038400 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\filesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00012800 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\DRVCOMM.DLL
2014-10-20 12:19 - 2015-08-26 16:43 - 00037888 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\mbfswrap.dll
2015-01-07 22:09 - 2015-08-26 16:43 - 00235008 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\disasm.dll
2015-04-20 15:07 - 2015-09-18 19:29 - 00297472 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scan.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00007680 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\VIRLIST.DLL
2015-03-31 22:31 - 2015-08-26 16:43 - 00274944 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\boot.dll
2015-04-24 23:53 - 2015-09-18 19:29 - 00421376 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\mltiscan.dll
2015-04-22 21:57 - 2015-09-18 19:29 - 00847360 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\pescan.dll
2015-04-22 21:57 - 2015-09-22 23:22 - 04420608 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\pepoly.dll
2015-04-27 14:35 - 2015-08-26 16:43 - 00384512 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\arcvsdk.dll
2015-04-21 22:16 - 2015-09-18 19:29 - 01338368 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\lzesdk.dll
2015-04-25 17:29 - 2015-09-23 13:51 - 08792064 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\heurscan.dll
2014-09-02 19:11 - 2015-08-26 16:43 - 00312320 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bkdrscan.dll
2015-04-21 22:16 - 2015-09-18 19:29 - 00346112 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\dospoly.dll
2015-04-27 21:54 - 2015-09-22 23:22 - 00408576 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\vbsscan.dll
2015-04-22 14:20 - 2015-09-22 23:22 - 02543616 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\miscscan.dll
2015-04-15 18:56 - 2015-09-22 23:22 - 00186880 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\olesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00008192 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ARJSDK.DLL
2012-03-02 14:02 - 2015-08-26 16:43 - 00025088 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\unarj32.dll
2014-07-29 13:50 - 2015-08-26 16:43 - 00140288 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\rarsdk.dll
2014-06-20 00:13 - 2013-08-19 09:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-06-20 00:13 - 2013-08-19 09:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2015-01-12 07:33 - 2014-04-18 08:39 - 00157952 _____ () C:\Program Files (x86)\airtel 3G\UIExec.exe
2015-08-26 16:43 - 2015-08-26 16:43 - 00025192 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bdsres.dll
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANAPI.DLL
2015-01-12 07:33 - 2014-04-18 08:39 - 00277248 _____ () C:\Program Files (x86)\airtel 3G\AssistantServices.exe
2014-06-20 00:13 - 2013-11-21 17:22 - 00484880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-06-20 00:13 - 2013-08-19 09:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-11-18 08:07 - 2012-11-06 09:47 - 00114688 _____ () C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2014-06-20 00:04 - 2013-08-22 05:03 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-20 00:13 - 2013-11-21 15:00 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-06-20 00:13 - 2012-11-25 22:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-06-20 00:13 - 2012-11-25 22:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3272
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3373
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-646295911-1499505637-1923475606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BharateeyaOO.o 1.9ము.lnk => C:\Windows\pss\BharateeyaOO.o 1.9ము.lnk.Startup
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{685F4F1C-6508-4078-9077-5BA1135FB356}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{BCFD1DDC-21BF-4AD8-934D-A1E745874B76}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{C158882F-C8D1-4430-97F8-ACB7821FB026}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{48302363-14B2-4424-AC31-931EE3827F6A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{D61696B1-DFC1-495E-B418-54570B4B86B2}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{67A8E1C0-AB75-4773-9CAC-18F073E11B7A}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{19238193-B783-4D20-AC07-98CC94C3EA87}] => (Allow) LPort=1542
FirewallRules: [{7DBAFBCC-3EF8-4E21-A7FB-DC897FE50413}] => (Allow) LPort=1542
FirewallRules: [{BFEBAE1E-2229-4444-ABDE-87873EB6F9B5}] => (Allow) LPort=53
FirewallRules: [{51C102E0-F4BD-444F-873E-D12266C83202}] => (Allow) LPort=67
FirewallRules: [{832E43A0-BB92-4B79-A30A-B1034C02023C}] => (Allow) LPort=68
FirewallRules: [{0A58F3DF-ADE2-43C2-BBF4-92997914485D}] => (Allow) LPort=53
FirewallRules: [{1C534442-85FB-4B56-B174-409B8B604481}] => (Allow) LPort=53
FirewallRules: [{C87CF93D-DE84-4DC8-A1A4-2B50FC6C0DC8}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{E9F2EACB-76E7-438D-AF7F-96264990DB12}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{0443FFFE-F0B8-4149-AF6C-159D9E028C46}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5EEDCEA5-DFAE-4C39-A13C-EFD3A57312AF}] => (Allow) C:\Windows\twain_32\Samsung\SLM287X\SCNSearch\USDAgent.exe
FirewallRules: [{78F01649-4CA8-42DB-A898-0124BB0AD7A1}] => (Allow) C:\Windows\twain_32\Samsung\SLM287X\SCNSearch\USDAgent.exe
FirewallRules: [{42F20BA1-7073-421E-99C7-D306949486F5}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{16C28529-38E3-414F-ADDF-8B0AC17A4D88}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5707C7FA-309D-4EDA-9FD8-4906639B5EF2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7714B294-4CCB-4244-A3D5-D3B8D946BEE5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{5560384E-1976-423A-8D80-5DA3BB253BAD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{A42525BD-8145-4AB4-A4CC-6F159D91F446}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{EDD305D5-B590-4522-9CD3-ACE910D519F9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F77AA60E-7ADD-41D4-AD2E-EBF91C115415}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{B606E73A-C8CE-4904-9E79-31CA7F2BA311}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{2553FD6F-2F4C-4BED-A69E-7684CEF1F679}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{66C549B1-59A1-4688-9A99-90ED6F1C2DD9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{FF3251DE-C0A7-454A-816E-E3A1A1E7E773}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{528DCD5A-9758-4B40-B4A4-49B4518445A9}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{B60DF348-813D-422B-B6B5-CC37DE90F1DB}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F0F727C8-4D8E-4F7A-BB79-E47AEA6A4E34}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{0BD2DDDF-C084-48BA-9BEC-193C334EA836}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{E275EF96-A470-438B-ACD4-AAF25282F28E}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
FirewallRules: [{3F241060-3539-4AE6-96C8-B1DDE85BB50F}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
FirewallRules: [{E88551C2-E63E-4DF9-93E1-C8D134B3C97B}] => (Allow) LPort=7437
FirewallRules: [TCP Query User{679E4298-B065-4669-9B74-F11035F6D528}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{FEE1B3D0-0502-4FB0-8736-BAD0E1819B2B}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{4728D3FA-E6A0-4417-B9FB-4935E76B5457}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F553DF4-E47E-4E84-B860-493CDB58CA2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2015 12:38:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2015 10:51:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2015 08:11:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2015 08:06:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2015 07:31:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2015 07:27:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2015 07:17:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2015 04:07:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2015 02:24:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.20.9.4533 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11c0

Start Time: 01d0f5dd5918137e

Termination Time: 0

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

Report Id: 9d069c77-61d0-11e5-9e5d-f8bc1276c8b9

Error: (09/23/2015 05:30:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/24/2015 12:37:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The TeamViewer 3 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/24/2015 10:50:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The TeamViewer 3 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/23/2015 07:28:19 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/23/2015 07:28:18 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/23/2015 07:28:18 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/23/2015 07:28:18 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/23/2015 07:28:12 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/23/2015 07:28:12 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/23/2015 07:28:12 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/23/2015 07:28:11 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 63%
Total physical RAM: 1966.76 MB
Available physical RAM: 711.29 MB
Total Virtual: 3933.52 MB
Available Virtual: 2188.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:58.65 GB) (Free:23.88 GB) NTFS
Drive f: () (Fixed) (Total:58.59 GB) (Free:37.44 GB) NTFS
Drive g: (Songs) (Fixed) (Total:39.06 GB) (Free:4.62 GB) NTFS
Drive h: () (Fixed) (Total:58.59 GB) (Free:20.03 GB) NTFS
Drive i: () (Fixed) (Total:76.63 GB) (Free:5.2 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:4.67 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 2D622D62)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=193.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F1D2064A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=197.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

 

WAITING FOR REPLAY THANKYOU SIR



#3 maheah

maheah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 September 2015 - 09:41 AM

i am recently download adwcleaner and cleaned my system

below is my reports

# AdwCleaner v5.008 - Logfile created 22/09/2015 at 21:46:18
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : dell - DELL-PC
# Running from : F:\New Folder\adwcleaner_5.008.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : SSFK
[-] Service Deleted : WdsManPro

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\Extensions\deskCutv2@gmail.com
[-] Folder Deleted : C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\Extensions\defsearchp@gmail.com

***** [ Files ] *****

[-] File Deleted : C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\searchplugins\oursurfing.xml

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox Telugu.lnk
[-] Shortcut Disinfected : C:\Users\dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}

***** [ Web browsers ] *****

[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "oursurfing");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.alias", "oursurfing");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/favicon.ico");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.name", "oursurfing");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.ptid", "amt");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.uid", "ST3250318AS_6VY5MHXNXXXX6VY5MHXN");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=ds&ts=1442924962&z=16d01e19ed7b7da42996cf6gcz0zeo6tfoaz3t9qeg&from=amt&uid=ST3250318AS_6VY5MHXNXXXX6VY5MHXN&q={searchT[...]
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "oursurfing");
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1atgepnk.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.oursurfing.com/?type=hp&ts=1442924962&z=16d01e19ed7b7da42996cf6gcz0zeo6tfoaz3t9qeg&from=amt&uid=ST3250318AS_6VY5MHXNXXXX6VY5MHXN
[-] [C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.oursurfing.com/webfavicon.ico
[-] [C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.oursurfing.com/?type=hp&ts=1442924962&z=16d01e19ed7b7da42996cf6gcz0zeo6tfoaz3t9qeg&from=amt&uid=ST3250318AS_6VY5MHXNXXXX6VY5MHXN

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5197 bytes] ##########
 

now scan again n

and no Threats found

 

than i am downloaded malwarebytes root kit  and update and scanned

scan is complete

but no threats found

 

my Quick heal Antivirus show harmfull website nice dooggy.xyz/run/updater.exe blocked

 

how to remove this virus ..my pc

i need help ..

kindly Replay me...

Thankyou sir



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 25 September 2015 - 01:01 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 intelide; C:\Windows\system32\drivers\intelide.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3272
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3373
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8
C:\Windows\system32\drivers\intelide.sys
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#5 maheah

maheah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 25 September 2015 - 10:21 PM

sir 

 i do every step..

below is my results

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by dell (2015-09-26 08:27:11) Run:1
Running from C:\Users\dell\Desktop\Old Firefox Data
Loaded Profiles: dell (Available Profiles: dell)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 intelide; C:\Windows\system32\drivers\intelide.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3272
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3373
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8
C:\Windows\system32\drivers\intelide.sys
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
intelide => service removed successfully
C:\Windows\SysWOW64\MSIHANDLE => ":3229" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3272" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3373" ADS removed successfully.
C:\ProgramData\TEMP => ":DBC416F8" ADS removed successfully.
C:\Windows\system32\drivers\intelide.sys => moved successfully
EmptyTemp: => 63.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 08:27:38 ====

 

 

firefox  chrome and internet explorer..reseted..

 

i am purchsed quickheal antivirus pro and regularly updating... since 2 years

but i got this virus...

 

 i see no notification by Quick heal antivirus pro..

 

now my system is safe sir?

ThankYou...



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 26 September 2015 - 07:42 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 maheah

maheah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 26 September 2015 - 07:56 AM

Thank you sir ..!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 26 September 2015 - 12:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users