Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installation of some unknown software starts after every boot


  • This topic is locked This topic is locked
38 replies to this topic

#1 Narendra Kumar

Narendra Kumar

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 28 December 2015 - 07:22 AM

Hi,
 
Every time I boot my system, some unknown application tries to install/uninstall something.
When I try to find the location of the exe file, it leads me to a directory under tmp folder. Every time it will be a new directory!
And the process is started by a file which has the name: prsetup.tmp.
Last time, the name of the directory under tmp was: is-MF9S3.tmp
(I have saved this folder for reference under C:\, so that we can analyze the file later. If you want to see the file, I can share it)
I don't know what it is trying to install or uninstall and why it is starting with every boot.
I am afraid, this could be some malware or Trojan.
I need your assistance in analyzing this.
 
Contents of FRST,txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by dell (administrator) on DELL-PC (28-12-2015 17:38:33)
Running from C:\Users\dell\Documents\MalwareBytes
Loaded Profiles: dell (Available Profiles: dell)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ARWSRVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCPROXYSRV.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCSECSVC.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\dell\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ONLINENT.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
(LivePerson Inc.) C:\Program Files (x86)\LivePerson\Expert\LPExpertMessenger.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
() C:\Program Files (x86)\Reliance Wi-Pod\CheckNDISPort.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\BDSSVC.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QUHLPSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scanwscs.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\sapissvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-10-14] (IDT, Inc.)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\strtupap.exe [207984 2014-07-31] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-31] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CheckNDISPort] => C:\Program Files (x86)\Reliance Wi-Pod\CheckNDISPort.exe [454656 2015-03-11] ()
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Run: [TouchFreeze] => C:\Users\dell\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4110992 2014-07-16] (Speedbit Ltd.)
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Run: [Dropbox Update] => C:\Users\dell\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-09] (Piriform Ltd)
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Run: [GoogleChromeAutoLaunch_9FD5ED0742D873E78F8A54709BF48770] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
Lsa: [Notification Packages] scecli ScSecAuth
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LivePerson Expert Messenger.lnk [2014-07-16]
ShortcutTarget: LivePerson Expert Messenger.lnk -> C:\Program Files (x86)\LivePerson\Expert\LPExpertMessenger.exe (LivePerson Inc.)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{052D83F6-EA3B-41C4-8D60-5FD200DBBEAE}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2696FC45-D665-4D38-923A-5C84289290EA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33D21299-2C4D-4566-9631-5842723DC298}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=2211&b=3&installkey=vspTh9TnfnTnYpxFBHts
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=2211&b=3&installkey=vspTh9TnfnTnYpxFBHts
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4066911824-3430331604-603341618-1000 -> DefaultScope {A4B07754-42EB-4A65-B14E-2B1FFAFE796C} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4066911824-3430331604-603341618-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4066911824-3430331604-603341618-1000 -> {A4B07754-42EB-4A65-B14E-2B1FFAFE796C} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-06-11] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-11] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-30] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-16] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll [2014-07-16] (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-30] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-16] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\j7ws9q8w.default
FF NewTab: hxxp://www.globasearch.com/?serie=2211&b=2&installkey=vspTh9TnfnTnYpxFBHts&newtab
FF Homepage: hxxp://www.globasearch.com/?serie=2211&b=2&installkey=vspTh9TnfnTnYpxFBHts
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-16] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-07-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-07-18] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-07-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2014-07-16] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2015-12-28]
CHR Extension: (RealPlayer Downloader) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-12-28]
CHR Extension: (Skype) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-28]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\arwsrvc.exe [322664 2015-12-16] (Quick Heal Technologies (P) Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bdssvc.exe [29296 2014-06-06] (Quick Heal Technologies (P) Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE [44144 2014-12-16] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [264296 2015-08-21] (Quick Heal Technologies (P) Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [264296 2015-08-21] (Quick Heal Technologies (P) Ltd.)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
S3 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-07-15] () [File not signed]
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe [57416 2015-12-16] (Quick Heal Technologies (P) Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\quhlpsvc.exe [156784 2014-08-30] (Quick Heal Technologies (P) Ltd.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-11] ()
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-18] (RealNetworks, Inc.)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-11] () [File not signed]
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE [333584 2015-12-16] (Quick Heal Technologies (P) Ltd.)
R2 ScProxySrv; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ScProxySrv.exe [103024 2015-08-21] (Quick Heal Technologies (P) Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ScSecSvc.exe [572016 2015-08-21] (Quick Heal Technologies (P) Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [51872 2015-12-16] (Quick Heal Technologies (P) Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [271592 2015-08-21] (Quick Heal Technologies (P) Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [26344 2015-08-21] (Quick Heal Technologies (P) Ltd.)
R1 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [49288 2015-08-21] (Quick Heal Technologies (P) Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [80104 2014-09-12] (Quick Heal Technologies (P) Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [19176 2014-06-06] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [74472 2014-08-27] (Quick Heal Technologies (P) Ltd.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [68840 2015-11-08] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [40680 2014-09-12] (Quick Heal Technologies (P) Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-17] (Oracle Corporation)
R2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [55528 2014-10-16] (Quick Heal Technologies (P) Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [78056 2014-08-19] (Quick Heal Technologies (P) Ltd.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 17:38 - 2015-12-28 17:38 - 00000000 ____D C:\Users\dell\Documents\MalwareBytes
2015-12-28 17:37 - 2015-12-28 17:37 - 00021368 _____ C:\Users\dell\Downloads\FRST.txt
2015-12-28 17:36 - 2015-12-28 17:38 - 00000000 ____D C:\FRST
2015-12-28 14:11 - 2015-12-28 14:11 - 00839768 _____ C:\Users\dell\Downloads\Religare-Stock-Picks-2016.pdf
2015-12-28 13:31 - 2015-12-28 13:31 - 02026456 _____ C:\Users\dell\Downloads\dixmlsetup.exe
2015-12-28 13:31 - 2015-12-28 13:31 - 00001107 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2015-12-28 13:31 - 2015-12-28 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2015-12-28 13:31 - 2015-12-28 13:31 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2015-12-28 13:24 - 2015-12-28 13:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-28 13:23 - 2015-12-28 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-28 13:23 - 2015-12-28 13:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-28 13:19 - 2015-12-28 13:19 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-28 13:19 - 2015-12-28 13:19 - 00000000 ____D C:\Users\dell\Desktop\rootkit
2015-12-28 13:17 - 2015-12-28 13:19 - 06392130 _____ C:\Users\dell\Downloads\mbam-chameleon-3.1.28.0.zip
2015-12-28 13:17 - 2015-12-28 13:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dell\Downloads\mbar-1.09.3.1001.exe
2015-12-28 13:17 - 2015-12-28 13:17 - 00204496 _____ (Malwarebytes) C:\Users\dell\Downloads\startuplite-setup-1.07.exe
2015-12-28 13:17 - 2015-12-28 13:17 - 00167034 _____ C:\Users\dell\Downloads\fileassassin-setup-1.06.exe
2015-12-28 13:17 - 2015-12-28 13:17 - 00065232 _____ (Malwarebytes) C:\Users\dell\Downloads\regassassin-setup-1.03.exe
2015-12-28 12:37 - 2015-12-28 12:37 - 00000000 ___HD C:\Users\dell\ScStore
2015-12-23 23:11 - 2015-12-23 23:12 - 00014123 _____ C:\Users\dell\Downloads\511512232514653.pdf
2015-12-17 21:00 - 2015-12-17 21:00 - 00037520 _____ C:\Users\dell\Downloads\excelproblem.zip
2015-12-16 09:23 - 2015-12-16 09:23 - 00000000 ____D C:\is-MF9S3.tmp
2015-12-13 13:29 - 2015-12-13 13:29 - 00000000 ____D C:\Users\dell\.android
2015-12-13 13:27 - 2015-12-13 13:27 - 00000000 ____D C:\Program Files (x86)\HTC
2015-12-13 13:24 - 2015-12-13 13:24 - 00000000 ____D C:\Users\dell\Downloads\OneDrivers_Fastboot
2015-12-13 13:18 - 2015-12-13 13:21 - 26910854 _____ C:\Users\dell\Downloads\OneDrivers_Fastboot.zip
2015-12-13 10:16 - 2015-12-13 10:16 - 00000000 ____D C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-05 23:26 - 2015-12-16 09:43 - 00000000 ____D C:\Users\dell\Documents\Personal
2015-12-04 19:17 - 2015-12-04 19:17 - 00000000 ____D C:\Users\dell\AppData\Local\TempTaskUpdateDetection0EDF3352-5DAA-4C3B-9FA4-613DB021C793
2015-12-01 22:54 - 2015-12-01 23:02 - 00002004 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-12-01 19:06 - 2015-12-01 19:07 - 04025984 _____ C:\Users\dell\Downloads\ZerodhaTD sep15 NEW forms.zip
2015-11-30 20:49 - 2015-11-30 20:49 - 00024398 _____ C:\Users\dell\Downloads\Payslip (1).pdf
2015-11-28 21:42 - 2015-11-28 21:43 - 22981558 _____ C:\Users\dell\Downloads\Kannada New Movies Full 2015 Kendasampige Trailer Full  Kannada New Movies Full 2015 New Releases.mp4
2015-11-28 21:34 - 2015-11-28 21:34 - 00027378 _____ C:\Users\dell\Downloads\Kendasampige.mkv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 17:37 - 2009-07-14 08:50 - 00000000 ____D C:\Windows
2015-12-28 17:36 - 2015-06-13 22:24 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4066911824-3430331604-603341618-1000UA.job
2015-12-28 17:36 - 2015-01-24 08:27 - 00000460 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2015-12-28 17:04 - 2015-03-05 17:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 17:03 - 2015-01-24 08:26 - 00000436 _____ C:\Windows\Tasks\Resume Quickup Download.job
2015-12-28 12:50 - 2015-01-24 08:23 - 00000000 ____D C:\Windows\system32\gprodat
2015-12-28 12:45 - 2009-07-14 10:15 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-28 12:45 - 2009-07-14 10:15 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-28 12:39 - 2014-07-15 11:08 - 00000000 ____D C:\Users\dell\AppData\Roaming\Dropbox
2015-12-28 12:37 - 2015-10-07 19:39 - 00000000 ____D C:\Program Files (x86)\Reliance Wi-Pod
2015-12-28 12:37 - 2015-03-05 17:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 12:37 - 2014-07-16 05:05 - 00000000 ____D C:\ProgramData\TEMP
2015-12-28 12:37 - 2014-07-15 02:30 - 00000000 ____D C:\Users\dell
2015-12-28 12:37 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-22 21:36 - 2015-06-13 22:24 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4066911824-3430331604-603341618-1000Core.job
2015-12-16 09:52 - 2015-06-16 23:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-16 09:52 - 2014-07-15 02:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-16 09:50 - 2015-06-16 22:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-16 09:33 - 2015-08-04 19:07 - 00051872 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\Arwflt.sys
2015-12-13 16:39 - 2009-07-14 10:43 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-13 16:39 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2015-12-05 08:49 - 2014-07-15 07:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 08:49 - 2014-07-15 07:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 23:05 - 2014-07-15 02:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
 
==================== Files in the root of some directories =======
 
2014-07-19 06:30 - 2014-07-19 06:30 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbu89ii.dll
C:\Users\dell\AppData\Local\Temp\HPPSdr.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-22 20:10
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by dell (2015-12-28 17:39:46)
Running from C:\Users\dell\Documents\MalwareBytes
Windows 7 Ultimate (X64) (2014-07-14 21:00:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4066911824-3430331604-603341618-500 - Administrator - Disabled)
dell (S-1-5-21-4066911824-3430331604-603341618-1000 - Administrator - Enabled) => C:\Users\dell
Guest (S-1-5-21-4066911824-3430331604-603341618-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4066911824-3430331604-603341618-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Quick Heal AntiVirus Pro (Enabled - Up to date) {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
AS: Quick Heal AntiVirus Pro (Enabled - Up to date) {DB8FBA10-1533-A429-00B0-F3F913340A5B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {58D5DAD1-7966-AAFF-115F-61BE9660079D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baraha 9.0 (HKLM-x32\...\Baraha 9.0_is1) (Version: - Baraha Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Dropbox (HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LivePerson Expert Messenger (HKLM-x32\...\LivePerson Expert Messenger) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
Nudi 4.0 (HKLM-x32\...\Nudi 4.0) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PodTrans 4.3.0 (HKLM-x32\...\{A5B89AC2-2FE2-4AFD-8CB4-2613E0BB85FF}}_is1) (Version: 4.3.0 - iMobie Inc.)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Quick Heal AntiVirus Pro (HKLM\...\Quick Heal AntiVirus Pro) (Version: 16.00 - Quick Heal Technologies Pvt. Ltd.)
Quick Heal AntiVirus Pro (Version: 16.00 - Quick Heal) Hidden
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sublime Text 2.0.2 (HKLM-x32\...\Sublime Text 2_is1) (Version: - )
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4066911824-3430331604-603341618-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\dell\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A82F35-EED6-4375-AA1C-333FF4B554A8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4066911824-3430331604-603341618-1000Core => C:\Users\dell\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {0D1C7931-70FA-4200-875F-06695CA2691A} - System32\Tasks\{D131D07A-B1D7-44D9-9B6F-0E017366069B} => pcalua.exe -a "C:\Users\dell\Documents\My DAP Downloads\VirtualBox-4.3.12-93733-Win.exe" -d "C:\Users\dell\Documents\My DAP Downloads"
Task: {146C9E57-141F-4EF8-8451-733F4AC0F55B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-16] (Microsoft Corporation)
Task: {15F315F4-87F7-4841-9A15-8C0BF6DB5799} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {265E8C67-6699-4BC7-9BF8-757F95E2814B} - System32\Tasks\SBWUpdateTask_Logon_7e155124-70F1A16EE98A => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2014-07-16] (Speedbit Ltd.) <==== ATTENTION
Task: {26E88D3A-8FFF-44AA-9E5C-70BC66D5826C} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {340012C8-F295-469A-A09D-BFD4500E3A8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-09] (Piriform Ltd)
Task: {348B76DE-AC41-4A18-8753-C960CA131842} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-26] (Microsoft Corporation)
Task: {40FE6759-15E1-4893-ABB1-5CE7B41C476B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {53AC832E-D338-441B-9BF2-740A369D9225} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-26] (Microsoft Corporation)
Task: {657E1BD8-6360-4D81-A41D-D3240AFC1321} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ASMAIN.EXE [2014-09-13] (Quick Heal Technologies (P) Ltd.)
Task: {7982AB4E-CDDE-4310-BB7C-1F1FE1C593E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {8A9ACB7B-0D4D-4E17-819A-9E4E186E97A2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4066911824-3430331604-603341618-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-11] (RealNetworks, Inc.)
Task: {92A1EEC5-3751-4B04-A8B1-7D7123487766} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4066911824-3430331604-603341618-1000UA => C:\Users\dell\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {B60550A0-F4A4-434C-BAD1-65B1CEB3ACA3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4066911824-3430331604-603341618-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-11] (RealNetworks, Inc.)
Task: {D47B17B3-A9A1-424A-B5CB-A5433DF65440} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ACAPPAA.EXE [2014-06-06] (Quick Heal Technologies (P) Ltd.)
Task: {D9981474-8A8F-4EA0-AE63-545AD05AB4B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {F9F0879B-7759-4F8C-B351-8624B1140531} - System32\Tasks\Format Factory => C:\Users\dell\AppData\Local\Temp\is-V1JBQ.tmp\prsetup.exe [2015-05-06] (Free Time ) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4066911824-3430331604-603341618-1000Core.job => C:\Users\dell\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4066911824-3430331604-603341618-1000UA.job => C:\Users\dell\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ACAPPAA.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Reliance Wi-Pod.lnk -> C:\Program Files (x86)\Reliance Wi-Pod\LaunchWebUI.exe () -> hxxp://www.Reliance.home

==================== Loaded Modules (Whitelisted) ==============

2015-11-08 21:17 - 2015-11-26 21:14 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-15 02:56 - 2012-02-18 09:25 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-07-15 02:40 - 2013-02-19 15:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 00040960 _____ () C:\Users\dell\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
2015-10-07 19:39 - 2015-03-11 06:59 - 00454656 _____ () C:\Program Files (x86)\Reliance Wi-Pod\CheckNDISPort.exe
2015-08-21 11:12 - 2015-08-21 11:12 - 00025192 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bdsres.dll
2015-06-16 22:52 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANAPI.DLL
2014-11-04 20:42 - 2015-12-25 18:41 - 01102848 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scansdk.dll
2015-01-06 22:14 - 2015-12-25 18:41 - 00499712 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\platform.dll
2014-11-10 13:57 - 2015-12-25 18:41 - 00038400 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\filesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00012800 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\DRVCOMM.DLL
2014-10-20 12:19 - 2015-12-25 18:41 - 00037888 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\mbfswrap.dll
2015-01-07 22:09 - 2015-12-25 18:41 - 00235008 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\disasm.dll
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scanapi.dll
2015-01-06 22:14 - 2015-12-25 18:41 - 00297472 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\scan.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00007680 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\VIRLIST.DLL
2015-01-15 14:39 - 2015-12-25 18:41 - 00274944 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\boot.dll
2015-01-14 15:02 - 2015-12-25 18:41 - 00423424 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\mltiscan.dll
2015-01-07 15:05 - 2015-12-28 12:48 - 00976384 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\pescan.dll
2015-10-20 20:40 - 2015-12-28 12:48 - 00627712 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\pepoly1.dll
2015-01-15 14:39 - 2015-12-25 18:41 - 01353728 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\lzesdk.dll
2014-12-23 16:27 - 2015-12-25 18:41 - 00385024 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\arcvsdk.dll
2015-01-16 23:58 - 2015-12-28 12:48 - 04185600 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\pepoly.dll
2015-10-20 20:40 - 2015-12-28 12:48 - 00391680 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\pepoly2.dll
2015-10-20 20:40 - 2015-12-28 12:48 - 00849408 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\heurscn1.dll
2015-01-17 21:04 - 2015-12-28 12:48 - 09131008 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\heurscan.dll
2015-10-20 20:40 - 2015-12-28 12:48 - 00773632 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\heurscn2.dll
2014-09-02 19:11 - 2015-12-25 18:41 - 00312320 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bkdrscan.dll
2015-01-16 23:58 - 2015-12-25 18:41 - 00354304 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\dospoly.dll
2014-12-29 22:19 - 2015-12-25 18:41 - 00412160 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\vbsscan.dll
2015-01-14 10:10 - 2015-12-28 12:48 - 02724864 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\miscscan.dll
2015-01-08 23:27 - 2015-12-25 18:41 - 00186880 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\olesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00008192 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ARJSDK.DLL
2012-03-02 14:02 - 2015-12-25 18:41 - 00025088 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\unarj32.dll
2014-07-29 13:50 - 2015-12-25 18:41 - 00140288 _____ () C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\rarsdk.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 00034304 _____ () C:\Users\dell\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
2014-07-16 05:09 - 2015-01-29 20:15 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2014-07-16 05:09 - 2015-01-29 20:15 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2014-07-16 05:09 - 2015-01-29 20:15 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2014-07-16 05:09 - 2015-01-29 20:16 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2014-07-16 05:09 - 2015-01-29 20:16 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2014-07-16 05:08 - 2014-07-16 05:08 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2015-12-13 10:03 - 2015-10-31 06:29 - 00034768 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-13 10:16 - 2015-10-31 06:30 - 00019408 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00022848 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00023352 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00042296 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-13 10:03 - 2015-10-31 06:29 - 00116688 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-13 10:03 - 2015-10-31 06:29 - 00093640 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-13 10:03 - 2015-10-31 06:29 - 00018376 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00019760 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00105928 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-13 10:03 - 2015-10-31 06:29 - 00392144 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-13 10:03 - 2015-12-09 03:06 - 00381752 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-13 10:03 - 2015-10-31 06:29 - 00692688 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00020816 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00109520 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 01737032 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00020808 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00020800 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00021840 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00038696 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00024528 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00020936 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00114640 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00021320 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00124880 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00030160 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00043472 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00175560 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00028616 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00024016 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00048592 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00024392 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-13 10:16 - 2015-10-31 06:30 - 00036296 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-13 10:03 - 2015-10-31 06:30 - 00024016 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00117056 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00023376 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-13 10:03 - 2015-10-31 06:29 - 00134608 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-13 10:03 - 2015-10-31 06:29 - 00134088 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-13 10:16 - 2015-10-31 06:30 - 00240584 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00020280 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00052024 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00021304 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00350152 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-13 10:16 - 2015-12-09 03:06 - 00084792 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-13 10:03 - 2015-12-09 03:06 - 01826608 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-13 10:03 - 2015-10-31 06:30 - 00083912 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 03891504 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 01950000 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00519984 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00133936 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00225080 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00207672 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00024904 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00486704 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-13 10:03 - 2015-12-09 03:06 - 00357680 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-05 03:15 - 2015-10-31 06:31 - 00019920 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 03:15 - 2015-10-31 06:30 - 00786904 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 22:44 - 2015-10-31 06:30 - 00063448 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-05 03:15 - 2015-10-31 06:30 - 00019408 _____ () C:\Users\dell\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-06-16 22:53 - 2015-06-16 22:53 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-10-07 19:39 - 2015-03-11 06:58 - 00335872 _____ () C:\Program Files (x86)\Reliance Wi-Pod\Helper.dll
2015-10-07 19:39 - 2015-03-04 12:17 - 00971776 _____ () C:\Program Files (x86)\Reliance Wi-Pod\libxml2.dll
2015-10-07 19:39 - 2015-03-04 12:17 - 00073728 _____ () C:\Program Files (x86)\Reliance Wi-Pod\zlib1.dll
2015-10-07 19:39 - 2015-03-04 12:17 - 00290904 _____ () C:\Program Files (x86)\Reliance Wi-Pod\libxslt.dll
2015-10-07 19:39 - 2015-03-11 06:58 - 00851968 _____ () C:\Program Files (x86)\Reliance Wi-Pod\Runtime.dll
2015-10-07 19:39 - 2015-03-11 06:58 - 00026624 _____ () C:\Program Files (x86)\Reliance Wi-Pod\Threading.dll
2015-11-26 21:14 - 2015-11-26 21:14 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-07-21 09:30 - 2014-02-11 02:14 - 04592128 _____ () C:\Users\dell\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-21 09:30 - 2014-02-11 02:14 - 00112128 _____ () C:\Users\dell\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-12-25 18:53 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\dell\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MZA => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4066911824-3430331604-603341618-1000\...\sharepoint.com -> hxxps://kpitc.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2015-12-28 17:04 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4066911824-3430331604-603341618-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7059C1A7-D51F-4570-8E58-2B30AAF31EF1}] => (Allow) C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{568FE025-2489-4972-B08E-FB4C2382FD4F}] => (Allow) C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{588B534C-5004-408D-9022-3EDCE4E2E978}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{403BB78C-75B5-414F-9D5A-A8E82C9BD728}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6C78CD92-D02D-4374-A1FB-36C2C4E068AC}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{994C6023-C883-4272-BCCF-A9B239383659}] => (Allow) LPort=5357
FirewallRules: [{0325C789-C0A3-46F0-AC55-22E7FC4903EC}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F6E5BE93-1217-435D-BB34-236E2B331E75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADB4818F-8359-403D-BA0D-E5E25FC14895}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28D7FEC8-0B2F-47F9-A958-EFD96CA36A41}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE22424E-F2F2-4106-98F1-9A1DA7367F6F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{00DF0B66-5800-4D6A-BBD4-5C9CE90A9666}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4AEF3D51-C82C-44EA-9102-4B79618DAAAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0BE34293-2580-4F1D-9AE3-574F877ECDD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC4D3D39-F2AB-4514-9F12-64573B0847D7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E23093A8-D0B5-4FE0-9DB6-327CFF3415CC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7DBDAF51-EE95-4197-A5BA-6A426C21C527}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8BB67F8-0197-476D-9CC6-0DE58FDEF7E7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{55F21BFA-014F-4D4D-A3A8-EFA96DCBF89D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{202BFABD-AA61-441A-8199-6BBEE03CD044}] => (Allow) C:\Users\dell\AppData\Local\Temp\7zS7062\HPDiagnosticCoreUI.exe
FirewallRules: [{D4940502-174E-4CB6-92D1-159572FFABF3}] => (Allow) C:\Users\dell\AppData\Local\Temp\7zS7062\HPDiagnosticCoreUI.exe
FirewallRules: [{7D462CC2-5058-477C-8850-8424D50F0B92}] => (Allow) C:\Users\dell\AppData\Local\Temp\7zS71A2\HPDiagnosticCoreUI.exe
FirewallRules: [{A95698F6-996D-4FCA-9BE4-3A00BBAE97CF}] => (Allow) C:\Users\dell\AppData\Local\Temp\7zS71A2\HPDiagnosticCoreUI.exe
FirewallRules: [{6B7C2932-6BCE-4855-91DE-6B13F22D8494}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-12-2015 13:25:49 Installed HTC BMP USB Driver.

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2015 05:39:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 05:39:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 05:37:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 27.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1afc

Start Time: 01d1416838a7bb13

Termination Time: 0

Application Path: C:\Users\dell\Downloads\FRST64.exe

Report Id:

Error: (12/28/2015 05:36:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 05:34:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 05:04:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 03:23:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 03:23:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 02:48:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/28/2015 02:48:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/28/2015 03:49:17 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.

Error: (12/25/2015 09:34:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/22/2015 07:43:26 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.

Error: (12/15/2015 11:59:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:58:23 PM on ‎12/‎13/‎2015 was unexpected.

Error: (12/13/2015 05:58:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Error: (12/13/2015 05:58:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/13/2015 01:02:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/13/2015 02:10:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Error: (12/13/2015 02:10:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/06/2015 03:19:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 87%
Total physical RAM: 2934.54 MB
Available physical RAM: 362.59 MB
Total Virtual: 5867.23 MB
Available Virtual: 2484.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.9 GB) (Free:50.75 GB) NTFS
Drive d: () (Fixed) (Total:175.78 GB) (Free:65.48 GB) NTFS
Drive e: () (Fixed) (Total:189.98 GB) (Free:44.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DE45DC0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=190 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 29 December 2015 - 11:00 AM.


BC AdBot (Login to Remove)

 


#2 Narendra Kumar

Narendra Kumar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 28 December 2015 - 07:27 AM

And I noticed that, the Home page of my Internet Explorer has changed to: http://www.globasearch.com/?serie=2211&b=3&installkey=vspTh9TnfnTnYpxFBHts

 

I don't use IE and I have never visited this www.globasearch.com site before. So, I don't know how this got inserted as Home page!



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 AM

Posted 29 December 2015 - 11:04 AM

Greetings Narendra Kumar and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Do you recognize this?

Singapore Singapore Opendns Llc

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=2211&b=3&installkey=vspTh9TnfnTnYpxFBHts
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=2211&b=3&installkey=vspTh9TnfnTnYpxFBHts
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4066911824-3430331604-603341618-1000 -> DefaultScope {A4B07754-42EB-4A65-B14E-2B1FFAFE796C} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4066911824-3430331604-603341618-1000 -> {A4B07754-42EB-4A65-B14E-2B1FFAFE796C} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
FF NewTab: hxxp://www.globasearch.com/?serie=2211&b=2&installkey=vspTh9TnfnTnYpxFBHts&newtab
FF Homepage: hxxp://www.globasearch.com/?serie=2211&b=2&installkey=vspTh9TnfnTnYpxFBHts
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
2015-12-16 09:23 - 2015-12-16 09:23 - 00000000 ____D C:\is-MF9S3.tmp
C:\Users\dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbu89ii.dll
C:\Users\dell\AppData\Local\Temp\HPPSdr.exe
Task: {F9F0879B-7759-4F8C-B351-8624B1140531} - System32\Tasks\Format Factory => C:\Users\dell\AppData\Local\Temp\is-V1JBQ.tmp\prsetup.exe [2015-05-06] (Free Time ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
Folder: D C:\Users\dell\AppData\Local\TempTaskUpdateDetection0EDF3352-5DAA-4C3B-9FA4-613DB021C793
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Narendra Kumar

Narendra Kumar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 30 December 2015 - 10:02 AM

Hi Gary,

 

Thanks for taking up my issue and giving detailed instructions.

Here below are the data you asked for:

 

> Do you recognize this?
> Singapore Singapore Opendns Llc
No. I don't know what this is.

 

Contents of Fixlog.txt

=======================================

Fix result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by dell (2015-12-30 19:52:22) Run:1
Running from C:\Users\dell\Documents\MalwareBytes
Loaded Profiles: dell (Available Profiles: dell)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=2211&b=3&installkey=vspTh9TnfnTnYpxFBHts
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=2211&b=3&installkey=vspTh9TnfnTnYpxFBHts
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4066911824-3430331604-603341618-1000 -> DefaultScope {A4B07754-42EB-4A65-B14E-2B1FFAFE796C} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4066911824-3430331604-603341618-1000 -> {A4B07754-42EB-4A65-B14E-2B1FFAFE796C} URL = hxxp://www.globasearch.com/?serie=2211&installkey=vspTh9TnfnTnYpxFBHts&b=3&q={searchTerms}
FF NewTab: hxxp://www.globasearch.com/?serie=2211&b=2&installkey=vspTh9TnfnTnYpxFBHts&newtab
FF Homepage: hxxp://www.globasearch.com/?serie=2211&b=2&installkey=vspTh9TnfnTnYpxFBHts
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
2015-12-16 09:23 - 2015-12-16 09:23 - 00000000 ____D C:\is-MF9S3.tmp
C:\Users\dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbu89ii.dll
C:\Users\dell\AppData\Local\Temp\HPPSdr.exe
Task: {F9F0879B-7759-4F8C-B351-8624B1140531} - System32\Tasks\Format Factory => C:\Users\dell\AppData\Local\Temp\is-V1JBQ.tmp\prsetup.exe [2015-05-06] (Free Time ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
Folder: D C:\Users\dell\AppData\Local\TempTaskUpdateDetection0EDF3352-5DAA-4C3B-9FA4-613DB021C793
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-4066911824-3430331604-603341618-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4066911824-3430331604-603341618-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4B07754-42EB-4A65-B14E-2B1FFAFE796C}" => key removed successfully
HKCR\CLSID\{A4B07754-42EB-4A65-B14E-2B1FFAFE796C} => key not found. 
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
BAPIDRV => service removed successfully
C:\is-MF9S3.tmp => moved successfully
C:\Users\dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbu89ii.dll => moved successfully
C:\Users\dell\AppData\Local\Temp\HPPSdr.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9F0879B-7759-4F8C-B351-8624B1140531}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9F0879B-7759-4F8C-B351-8624B1140531}" => key removed successfully
C:\Windows\System32\Tasks\Format Factory => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Format Factory" => key removed successfully
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
 
========================= Folder: D C:\Users\dell\AppData\Local\TempTaskUpdateDetection0EDF3352-5DAA-4C3B-9FA4-613DB021C793 ========================
 
not found.
 
====== End of Folder: ======
 
 
==== End of Fixlog 19:52:27 ====
 
 
 
Contents of AdwCleaner.txt
========================================
# AdwCleaner v5.026 - Logfile created 30/12/2015 at 20:07:44
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : dell - DELL-PC
# Running from : C:\Users\dell\Documents\MalwareBytes\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[x] Folder Not Deleted : C:\Program Files (x86)\DAP
[x] Folder Not Deleted : C:\Program Files (x86)\Common Files\Speedbit
[-] Folder Deleted : C:\ProgramData\Speedbit
[-] Folder Deleted : C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
[!] Folder Not Deleted : C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
[-] Folder Deleted : C:\Users\dell\AppData\LocalLow\Speedbit
[-] Folder Deleted : C:\Users\dell\AppData\Roaming\Speedbit
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oadboiipflhobonjjffjbfekfjcgkhco_0.localstorage
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [daplinkchecker@speedbit.com]
[-] Key Deleted : HKCU\Software\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
 
***** [ Web browsers ] *****
 
[-] [C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ffdcfjdljhbehggjdkdioajnknjcpbjb
[-] [C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ffdcfjdljhbehggjdkdioajnknjcpbjb
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1834 bytes] ##########
 
===================================
Junkware Removal Tool by thisisu
I was not able to download this tool.
And the webpage told: "No data received ERR_EMPTY_RESPONSE"
===================================

 

I have attached the summary,zip file with this message.

 

Regarding the problem that I had reported (starting of an install/uninstall prsetup.tmp during every boot), it didn't come up when the system got rebooted after running AdwCleaner.exe.

 

Please let me know, if you were able to find out what was the issue?

Is the issue completely solved?

 

 

Thanks and Regards,

Narendra

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 AM

Posted 30 December 2015 - 12:37 PM

Greetings,

We are close to being done but not quite yet.

Hard to tell which entry it was related to. Might be Speedbit but that is just a guess

Please try the Junkware Removal Tool link again. I checked it and it is working on my end.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CloseProcesses:
Tcpip\..\Interfaces\{33D21299-2C4D-4566-9631-5842723DC298}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
C:\Program Files (x86)\Common Files\Speedbit
C:\Program Files (x86)\DAP
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junkware log
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Narendra Kumar

Narendra Kumar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 31 December 2015 - 01:42 PM

Hi Gary,

 

I tried to download Junkware Removal Tool and this time also the webpage showed "No Data"!

I tried the same with my another laptop and it downloaded without any issues.

After that, I copied JRT.exe from that laptop to the laptop with problem and executed it.

 

Here below is the log from JRT.exe:

==============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x64 
Ran by dell (Administrator) on 31-Dec-2015 at 23:55:57.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Windows\wininit.ini (File) 
 
Deleted the following from C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles
 
\j7ws9q8w.default\prefs.js
user_pref(extensions.xpiState, {\winreg-app-user\:{\{F17C1572-C9EC-4e5c-A542-
 
D05CBB5C5A08}\:{\d\:\C:\\\\Program Files (x86)\\\\DAP\\\\DAPFireFox\,\e\:false,\v\:
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
 
\GoogleChromeAutoLaunch_9FD5ED0742D873E78F8A54709BF48770 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\
 
\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer
 
\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-Jan-2016 at  0:00:02.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Content from Fixlog.txt:
==================================

Fix result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by dell (2015-12-31 22:22:13) Run:2
Running from C:\Users\dell\Documents\MalwareBytes
Loaded Profiles: dell (Available Profiles: dell)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
Tcpip\..\Interfaces\{33D21299-2C4D-4566-9631-5842723DC298}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
C:\Program Files (x86)\Common Files\Speedbit
C:\Program Files (x86)\DAP
*****************
 
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33D21299-2C4D-4566-9631-5842723DC298}\\NameServer => value removed successfully
C:\Program Files (x86)\Common Files\Speedbit => moved successfully
C:\Program Files (x86)\DAP => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 22:22:14 ====
 
List of threats reported by ESET Online Scanner:
===============================

C:\Users\dell\AppData\Local\Temp\is-V1JBQ.tmp\prsetup.exe a variant of Win32/Adware.Agent.NOH application cleaned by deleting - quarantined
C:\Users\dell\Documents\My DAP Downloads\dap10i_5ee54a995c_setup.exe a variant of Win32/SpeedBit.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\dell\Downloads\dap10i_5ee54a995c_setup.exe a variant of Win32/SpeedBit.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\dell\Downloads\Unconfirmed 621260.crdownload Win32/WebDevAZ.C potentially unwanted application deleted - quarantined
D:\Data from Dell Laptop\Documents\FCTBSetup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
D:\Data from Dell Laptop\Downloads\cnet2_bbdemo_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting - quarantined
D:\Data from Dell Laptop\Downloads\Codec-V.exe Win32/InstallMate potentially unwanted application cleaned by deleting - quarantined
D:\Data from Dell Laptop\Downloads\photopospro_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application deleted - quarantined
D:\Data from Dell Laptop\Downloads\x-pdf-to-word-converter.exe Win32/Toolbar.Zugo potentially unwanted application deleted - quarantined
===================================
 
Log from screen317's Security Check:
===================================

 Results of screen317's Security Check version 1.009  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Quick Heal AntiVirus Pro   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (40.0.2) 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.80) 
````````Process Check: objlist.exe by Laurent````````  
 Quick Heal Quick Heal AntiVirus Pro arwsrvc.exe  
 Quick Heal Quick Heal AntiVirus Pro ScProxySrv.exe  
 Quick Heal Quick Heal AntiVirus Pro ScSecSvc.exe  
 Quick Heal Quick Heal AntiVirus Pro SAPISSVC.EXE  
 Quick Heal Quick Heal AntiVirus Pro onlinent.exe  
 Quick Heal Quick Heal AntiVirus Pro opssvc.exe  
 Quick Heal Quick Heal AntiVirus Pro bdssvc.exe  
 Quick Heal Quick Heal AntiVirus Pro EMLPROXY.EXE  
 Quick Heal Quick Heal AntiVirus Pro quhlpsvc.exe  
 Quick Heal Quick Heal AntiVirus Pro SCANWSCS.EXE  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
==========================================
 
 
And now with every boot/reboot, I am observing a window that opens (command shell) and is executing some script.
I don't know what script it is executing, whether it is needed and why it has started executing all of a sudden.
I have taken the screenshot at that instant and is attached with the message.
 
Thanks and Regards,
Narendra

 

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 AM

Posted 31 December 2015 - 05:10 PM

Thank you for the screen shot. I am unable to read the information on the top line. Can you tell me what that says?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Narendra Kumar

Narendra Kumar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 31 December 2015 - 10:51 PM

Thank you for the screen shot. I am unable to read the information on the top line. Can you tell me what that says?

C:\Windows\SysWow64\CScript.exe



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 AM

Posted 31 December 2015 - 11:11 PM

Thank you, please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:regfind
CScript.exe
:filefind
CScript.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Systemlook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Narendra Kumar

Narendra Kumar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 01 January 2016 - 12:15 PM

Hi Gary,

 

Here is the SystemLook log:

==================================

SystemLook 30.07.11 by jpshortstuff
Log created at 22:40 on 01/01/2016 by dell
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "CScript.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSEFile\Shell\Open2\Command]
@="C:\Windows\System32\CScript.exe "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\Shell\Open2\Command]
@="C:\Windows\System32\CScript.exe "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBEFile\Shell\Open2\Command]
@=""%SystemRoot%\System32\CScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2\Command]
@=""%SystemRoot%\System32\CScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WSFFile\Shell\Open2\Command]
@=""%SystemRoot%\System32\CScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WSHFile\Shell\Open2\Command]
@=""%SystemRoot%\System32\CScript.exe" "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
 
========== filefind ==========
 
Searching for "CScript.exe"
C:\Windows\System32\cscript.exe --a---- 156160 bytes [23:58 13/07/2009] [01:39 14/07/2009] 791AF7743252D0CD10A30D61E5BC1F8E
C:\Windows\SysWOW64\cscript.exe --a---- 126976 bytes [23:42 13/07/2009] [01:14 14/07/2009] F36B7461FECDCF763FDEFA3A3352CD45
C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\cscript.exe --a---- 156160 bytes [23:58 13/07/2009] [01:39 14/07/2009] 791AF7743252D0CD10A30D61E5BC1F8E
C:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\cscript.exe --a---- 126976 bytes [23:42 13/07/2009] [01:14 14/07/2009] F36B7461FECDCF763FDEFA3A3352CD45
 
-= EOF =-
=========================
 
Regards,
Narendra


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 AM

Posted 01 January 2016 - 01:28 PM

Greetings Narendra,

I am not seeing anything abnormal related to the CScript.exe pop up window.

We have some updating to do. Please do these things.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader

  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Windows Update

--------------------
  • Click Start, All Programs, then select Windows Update
  • Continue to check for Windows Updates until there are no more updates to install
  • If you receive an error message stop and provide me with the error information
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Adobe update?
  • Did Windows update?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Narendra Kumar

Narendra Kumar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 04 January 2016 - 02:34 AM

Hi Gary,

 

I didn't get time to switch on my laptop during the weekend.

Today night I will do the tasks suggested by you and let you know.

 

Thanks and Regards,

Narendra



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 AM

Posted 04 January 2016 - 01:54 PM

No problem. Thanks for checking in.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Narendra Kumar

Narendra Kumar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 06 January 2016 - 11:35 AM

Hi Gary,

 

     I updated the adobe acrobat reader and that installed without any issues.

     After that, I did Windows Update.

     The first set of Windows Update completed successfully.

     After that, the Windows Update application got updated.

     And again it showed that, there are 155 important updates.

     The total size of the updates was nearly 800 MB and it took almost 12 hours to install the updates (of this, it took about 1 hour to download the updates).

     And after installing the updates, it restarted the machine.

     After that, it showed the following message:

               "Failure configuring Windows updates. Reverting changes. Do not turn off your computer".

     After that, it again rebooted the machine.

 

     Now I feel that the computer has become slow. It is taking more time to boot, more time to launch applications (Google Chrome takes more time to start and also more time to show the startup page)!

 

     Please let me know, what is the next step.

 

Thanks,

Narendra



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 AM

Posted 06 January 2016 - 01:29 PM

Please run the below then attempt the update again.

===================================================

Resetting Windows Update Components

-------------------
  • Please download MicrosoftFixitit.wu.MATSKB.Run.exe and save it to your desktop
  • Double click the icon, click Run, then select Accept
  • Select Detect problems and apply the fixed for me (Recommended)
  • Once completed click View report details
  • Click File, Save Page As..., then save it to your Desktop as ResultReport.html (default name)
  • Close the screen then reboot your computer
  • Please check Windows Update
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached ResultReport.html report
  • Did Windows Update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users