Jump to content

rameshjey

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. rameshjey
    I use windows XP sp3 and have malwarebytes for anti-malware monitoring. Off late i find whenever i start the machine, the internet connection does not work and on examination I find that the Internet connections accessed thru right click on "My network places" shows the connections blocked by Windows Firewall. I have to go thru the process of removing windows firewall, adding new network and then resetting my router. I ran Malwarebytes and escan antivirus but it shows no malware/virus content. Is there any system files deleted? please help. I am attaching combofix log for yr reference. raameshjey ComboFix.txt
  2. rameshjey
    Thanks for yr respose. I am attaching the FSS log. Can u please let me know yr findings. . FSS.txt
  3. rameshjey
    Here are the logs ComboFix2.txt ComboFix-quarantined-files.txt
  4. rameshjey
    Thanks for yr support. Here are the logs after running fixlist you sent and conbofix and includes logs for combofixFRST fixlist completion log "fixlog"Fixlog.txt ComboFix.txt
  5. rameshjey
    Thanks for yr quick response. I ran Dr cureit and ADWCleaner. Also, yesterday (7Feb16) i ran MBAM and it identified sec center related modues as PUM. I went thru history page and deleted these entries. But today when i started the computer the antivirus program has again notified that the sec center related modules have been blocked. Here are the logs.for MBAM (7feb16), drcureit and adwCleaner attached as txt files. AdwCleanerC1 08 feb16.txt cureit.log MBAM lg 7 sep16.txt
  6. rameshjey
    Thanks for the reply. Here are the logs 1) Malwarebytes log 2) FRST log 3) FRS additions log I dont use ADWCleaner and hence th log is not enclosed. If you insist I can install thsi sw. Malwarebytes log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 05/Feb/2016 Scan Time: 09:10:19 Logfile: MBAM lg 5 sep16.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2016.02.01.08 Rootkit Database: v2016.01.20.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Ramesh j Scan Type: Threat Scan Result: Completed Objects Scanned: 619581 Time Elapsed: 34 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 3 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[b72a5cdf653495a129d44c85ac58d62a] PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[b52c9e9da7f20e285f9f04cd06fe51af] PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[885956e58415be78aa55923ff3114ab6] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015 Ran by Ramesh j (administrator) on REGRANJU (07-02-2016 17:35:52) Running from E:\my Software\malwarebyte tools\FRST Loaded Profiles: Ramesh j (Available Profiles: Ramesh j & Rameshj & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 6 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\econser.exe (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\econceal.exe (MicroWorld Technologies Inc.) C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MICROW~1\eScanBD\avpmapp.exe (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\traysser.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\consctl.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\TRAYICOS.EXE (Webshots.com) C:\PROGRA~1\Webshots\Webshots.scr (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\Vista\escanmon.exe (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\MAILDISP.EXE (MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\spooler.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (MicroWorld Technologies Inc.) C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE (MicroWorld Technologies Inc.) C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [eScan Updater] => C:\Program Files\eScan\TRAYICOS.EXE [5985968 2015-02-25] (MicroWorld Technologies Inc.) Winlogon\Notify\eSLogOn: C:\WINDOWS\system32\eSLogOn.dll [2015-02-25] (MicroWorld Technologies Inc.) HKU\S-1-5-21-796845957-1343024091-682003330-1003\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-796845957-1343024091-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> (None) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-04-21] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Ramesh j\Start Menu\Programs\Startup\Webshots.lnk [2016-01-27] ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe (Webshots.com) BootExecute: autocheck autochk * GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 04 C:\WINDOWS\system32\mwnsp.dll [175336 2016-01-16] (MicroWorld Technologies Inc.) Winsock: Catalog9 01 C:\WINDOWS\system32\mwtsp.dll [1441000 2016-01-16] (MicroWorld Technologies Inc.) Winsock: Catalog9 02 C:\WINDOWS\system32\mwtsp.dll [1441000 2016-01-16] (MicroWorld Technologies Inc.) Winsock: Catalog9 22 C:\WINDOWS\system32\mwtsp.dll [1441000 2016-01-16] (MicroWorld Technologies Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{FEFE1AB7-7910-49B6-96FC-EAB19C3F2186}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-796845957-1343024091-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gfe_rd=cr&ei=BFVkVa6kB4WM8Qe6v4CADA&gws_rd=ssl URLSearchHook: HKU\S-1-5-21-796845957-1343024091-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir= SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir= SearchScopes: HKU\S-1-5-21-796845957-1343024091-682003330-1003 -> DefaultScope {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir= SearchScopes: HKU\S-1-5-21-796845957-1343024091-682003330-1003 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir= Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File FireFox: ======== FF ProfilePath: C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default FF Homepage: www.google.com FF NetworkProxy: "socks", "localhost" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "socks_version", 4 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-08] () FF Plugin: @ASC/FileLabPlugin;version=1.1.33 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (FileLab) FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-12-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-12-29] (Oracle Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( ) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Extension: FlashGot - C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-11-08] FF Extension: Greasemonkey - C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-24] FF Extension: Yahoo Mail Hide Ad Panel - C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-08-03] FF HKLM\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare\AllMyTube\AllMyTube@Wondershare.com FF Extension: Wondershare AllMyTube - C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2015-05-20] [not signed] Chrome: ======= CHR Profile: C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [gccilgmhofdpkfakmalggoiolhbmdcjd] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare\AllMyTube\AllMyTube@Wondershare.com.crx [2014-05-14] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2007-02-03] (CrypKey (Canada) Ltd.) [File not signed] R2 EconService; c:\Program Files\eScan\econser.exe [1059504 2015-02-25] (MicroWorld Technologies Inc.) R2 eScan Monitor Service; C:\Documents and Settings\All Users.WINDOWS\Application Data\MicroWorld\eScanBD\avpmapp.exe [2955856 2016-01-30] (MicroWorld Technologies Inc.) R2 eScan-trayicos; C:\Program Files\eScan\traysser.exe [167144 2015-11-18] (MicroWorld Technologies Inc.) S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-12-29] (Oracle Corporation) S4 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88696 2012-12-11] (VIA Technologies, Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [885424 2015-02-25] (MicroWorld Technologies Inc.) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-05-11] (Microsoft) S3 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-02] (Nuance Communications, Inc.) S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S3 WsAppService; C:\Program Files\Wondershare\WAF\WsAppService.exe [356352 2015-09-23] (Wondershare) [File not signed] S3 WsDrvInst; C:\Program Files\Wondershare\MobileGo\DriverInstall.exe [100664 2015-10-10] (Wondershare) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [622616 2012-10-10] (BitDefender) R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [252184 2015-09-22] (BitDefender) S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [487048 2013-06-25] (BitDefender) R3 bdfsfltr; C:\WINDOWS\System32\DRIVERS\bdfsfltr.sys [353096 2011-03-24] (BitDefender) S3 econceal; C:\WINDOWS\System32\DRIVERS\econceal.sys [34024 2014-05-12] (MicroWorld Technologies Inc.) R3 econcealMP; C:\WINDOWS\System32\DRIVERS\econceal.sys [34024 2014-05-12] (MicroWorld Technologies Inc.) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-12-19] () R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-08-01] (Glarysoft Ltd) R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2016-02-07] (Malwarebytes Corporation) S3 mwfsmfltr; C:\WINDOWS\System32\DRIVERS\mwfsmflt.sys [26536 2012-10-12] (MicroWorld Technologies Inc.) R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-02-02] (VSO Software) [File not signed] S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed] S3 pnetmdm; C:\WINDOWS\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology) [File not signed] R3 ProcObsrv; c:\Program Files\eScan\ProcObsrv.sys [16040 2015-02-25] (MicroWorld Technologies Inc.) R3 ProcObsrves; C:\Program Files\eScan\ProcObsrves.sys [46312 2015-09-22] (MicroWorld Technologies Inc.) S3 rtl8029; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [19017 2001-08-17] (Realtek Semiconductor Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation) R3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [422664 2016-01-16] (BitDefender S.R.L.) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2561968 2013-03-01] (VIA Technologies, Inc.) S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-14] (Microsoft Corporation) R3 WsAudio_Device; C:\WINDOWS\System32\drivers\VirtualAudio.sys [27496 2013-09-03] (Wondershare) R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-17] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-07 16:35 - 2016-02-07 16:35 - 00000559 _____ C:\Documents and Settings\Ramesh j\Desktop\Autoruns.lnk 2016-02-07 16:31 - 2016-02-07 16:31 - 00278152 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-02-07 10:15 - 2016-02-07 10:16 - 00000000 ____D C:\Documents and Settings\Ramesh j\Desktop\My google books 2016-02-07 10:07 - 2016-02-07 10:07 - 00000775 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Books Downloader.lnk 2016-02-07 10:07 - 2016-02-07 10:07 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Books Downloader 2016-02-07 10:07 - 2016-02-07 10:07 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Books Downloader 2016-02-07 09:16 - 2016-02-07 09:16 - 00000881 _____ C:\Documents and Settings\Ramesh j\Desktop\Google Books Download.lnk 2016-02-07 09:16 - 2016-02-07 09:16 - 00000000 ____D C:\Documents and Settings\Ramesh j\Start Menu\Programs\Google Books Download 2016-02-05 14:37 - 2016-02-05 14:37 - 00000000 ____D C:\WINDOWS\rundll16.exe 2016-02-05 14:37 - 2016-02-05 14:37 - 00000000 ____D C:\WINDOWS\logo1_.exe 2016-02-05 12:08 - 2016-02-05 12:13 - 04680432 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU 4FEB16.arn 2016-02-05 07:01 - 2016-02-05 07:01 - 00000979 _____ C:\Documents and Settings\Ramesh j\Desktop\WinAVI All-in-One Converter.lnk 2016-02-05 07:01 - 2016-02-05 07:01 - 00000000 ____D C:\Documents and Settings\Ramesh j\Start Menu\Programs\WinAVI All-in-One Converter 2016-02-04 21:53 - 2016-02-04 21:53 - 00013816 _____ C:\WINDOWS\WSSPORD.DAT 2016-02-04 12:12 - 2016-02-04 12:12 - 00000000 __SHD C:\found.000 2016-02-03 14:18 - 2016-02-03 14:20 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\CyberLink 2016-02-03 14:18 - 2016-02-03 14:18 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\CyberLink 2016-02-03 14:01 - 2016-02-03 14:01 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\CyberLink 2016-02-03 14:01 - 2016-02-03 14:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\PDVD 2016-02-03 14:01 - 2016-02-03 14:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\PDVD 2016-02-03 14:00 - 2016-02-03 14:00 - 00001804 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\CyberLink PowerDVD 14.lnk 2016-02-03 14:00 - 2016-02-03 14:00 - 00000000 ____D C:\Program Files\NSIS Uninstall Information 2016-02-03 14:00 - 2016-02-03 14:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CyberLink PowerDVD 14 2016-02-03 14:00 - 2016-02-03 14:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CyberLink PowerDVD 14 2016-02-03 13:59 - 2016-02-03 13:59 - 00000000 ____D C:\Program Files\CyberLink 2016-02-03 13:58 - 2016-02-05 08:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink 2016-02-03 13:58 - 2016-02-05 08:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink 2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPPORTDIR 2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPPORTDIR 2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\install_clap 2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\install_clap 2016-02-02 21:20 - 2016-02-02 21:20 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\WinAVI 2016-02-02 21:20 - 2016-02-02 21:20 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\WinAVI 2016-02-02 21:19 - 2016-02-02 21:19 - 00000000 ____D C:\Program Files\WinAVI 2016-02-02 21:10 - 2016-02-05 13:19 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\log 2016-02-02 21:09 - 2016-02-02 21:09 - 00000730 _____ C:\Documents and Settings\Ramesh j\Desktop\VSO Inspector.lnk 2016-02-02 09:05 - 2016-02-02 09:05 - 00001732 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk 2016-02-02 09:05 - 2016-02-02 09:05 - 00001732 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk 2016-02-02 09:05 - 2016-02-02 09:05 - 00001732 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk 2016-02-02 09:05 - 2016-02-02 09:05 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\WinZip 2016-02-02 09:05 - 2016-02-02 09:05 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip 2016-02-02 09:05 - 2016-02-02 09:05 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip 2016-02-02 09:04 - 2016-02-02 09:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip 2016-02-02 09:04 - 2016-02-02 09:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip 2016-02-02 09:04 - 2016-02-02 09:04 - 00000000 ____D C:\Program Files\WinZip 2016-02-02 09:00 - 2016-02-02 09:00 - 00000692 _____ C:\Documents and Settings\Ramesh j\Desktop\WinRAR.lnk 2016-02-02 08:54 - 2016-02-02 09:00 - 00000000 ____D C:\Documents and Settings\Ramesh j\Start Menu\Programs\WinRAR 2016-02-02 08:54 - 2016-02-02 09:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR 2016-02-02 08:54 - 2016-02-02 09:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR 2016-01-31 21:59 - 2016-01-31 21:59 - 00000719 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk 2016-01-31 21:59 - 2016-01-31 21:59 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN 2016-01-31 21:59 - 2016-01-31 21:59 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN 2016-01-30 13:47 - 2016-01-30 13:47 - 00000855 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Wondershare Video Editor.lnk 2016-01-30 13:47 - 2014-07-15 17:24 - 02140712 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpgvout.004 2016-01-30 13:47 - 2014-07-15 17:24 - 00531496 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpeg2mux.ax 2016-01-30 13:47 - 2014-07-15 17:24 - 00375848 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcm2ve.ax 2016-01-30 13:47 - 2014-07-15 17:24 - 00257064 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcl2ae.ax 2016-01-30 13:47 - 2014-07-15 17:24 - 00244776 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpgaout.dll 2016-01-30 13:47 - 2014-07-15 17:24 - 00020520 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpgvout.dll 2016-01-30 07:55 - 2016-01-30 07:55 - 00000859 _____ C:\Documents and Settings\Ramesh j\Desktop\ConvertXToDVD 5.lnk 2016-01-29 16:01 - 2016-02-04 08:49 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\Wondershare DVD Creator 2016-01-28 18:58 - 2016-01-28 18:58 - 00084501 _____ C:\Documents and Settings\Ramesh j\Start Menu.rar 2016-01-27 18:35 - 2016-02-07 10:12 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\GoogleBooks 2016-01-27 18:33 - 2016-02-07 09:16 - 00000000 ____D C:\Program Files\PDFsvg 2016-01-27 07:54 - 2016-01-27 07:54 - 41371846 _____ C:\Documents and Settings\Ramesh j\Desktop\Xcpa_T-7oVQC.pdf 2016-01-27 07:49 - 2016-02-07 10:07 - 00000000 ____D C:\Program Files\Google Books Downloader 2016-01-23 22:56 - 2016-02-05 11:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\VSO 2016-01-23 22:56 - 2016-02-05 11:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\VSO 2016-01-23 22:38 - 2016-02-03 12:45 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\ConvertXtoDVD 2016-01-23 22:28 - 2016-02-02 21:10 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\Vso 2016-01-23 22:28 - 2016-02-02 21:09 - 00087608 _____ C:\Documents and Settings\Ramesh j\Application Data\inst.exe 2016-01-23 22:28 - 2016-02-02 21:09 - 00047360 _____ (VSO Software) C:\WINDOWS\system32\Drivers\pcouffin.sys 2016-01-23 22:28 - 2016-02-02 21:09 - 00047360 _____ (VSO Software) C:\Documents and Settings\Ramesh j\Application Data\pcouffin.sys 2016-01-23 22:28 - 2016-02-02 21:09 - 00007887 _____ C:\Documents and Settings\Ramesh j\Application Data\pcouffin.cat 2016-01-23 22:28 - 2016-02-02 21:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VSO 2016-01-23 22:28 - 2016-02-02 21:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VSO 2016-01-23 22:28 - 2006-09-29 11:26 - 00176165 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drv23260.dll 2016-01-23 22:28 - 2006-09-29 11:25 - 00208935 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drv33260.dll 2016-01-23 22:28 - 2006-09-29 11:24 - 00217127 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drv43260.dll 2016-01-23 22:28 - 1998-03-08 19:28 - 00273408 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\Pncrt.dll 2016-01-18 16:37 - 2016-01-18 16:37 - 00000000 ____D C:\Program Files\Lame For Audacity 2016-01-18 16:27 - 2016-01-25 08:12 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\Audacity 2016-01-18 16:27 - 2016-01-18 16:27 - 00000688 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Audacity.lnk 2016-01-18 16:27 - 2016-01-18 16:27 - 00000688 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Audacity.lnk 2016-01-18 16:27 - 2016-01-18 16:27 - 00000682 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Audacity.lnk 2016-01-18 16:27 - 2016-01-18 16:27 - 00000000 ____D C:\Program Files\Audacity 2016-01-17 09:14 - 2016-01-17 09:14 - 04699808 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU 2.arn 2016-01-17 09:10 - 2016-01-17 09:10 - 04769534 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU1.arn 2016-01-17 08:59 - 2016-01-17 08:59 - 00084392 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU.txt 2016-01-16 07:09 - 2016-01-16 07:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare Video Editor 2016-01-16 07:09 - 2016-01-16 07:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare Video Editor 2016-01-16 06:36 - 2016-01-16 06:36 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Google 2016-01-15 16:29 - 2016-01-15 16:29 - 00285016 _____ C:\Documents and Settings\Ramesh j\My Documents\nishchayathartha.txt 2016-01-15 14:36 - 2016-02-04 18:17 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\NeroVision 2016-01-14 06:53 - 2016-02-05 11:15 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\Media Player Classic 2016-01-13 17:32 - 2016-01-15 08:15 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\Wondershare Video Editor 2016-01-13 17:02 - 2016-01-13 17:02 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Aimersoft 2016-01-13 16:52 - 2016-01-13 16:52 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FileLab 2016-01-13 16:52 - 2016-01-13 16:52 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FileLab 2016-01-13 11:04 - 2016-01-13 11:05 - 00000000 ____D C:\Program Files\K-Lite Codec Pack 2016-01-13 11:04 - 2016-01-13 11:04 - 00000926 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Media Player Classic.lnk 2016-01-13 11:04 - 2016-01-13 11:04 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack 2016-01-13 11:04 - 2016-01-13 11:04 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack 2016-01-13 11:04 - 2011-02-28 13:30 - 00080896 _____ C:\WINDOWS\system32\ff_vfw.dll 2016-01-13 11:04 - 2011-02-28 13:30 - 00000038 _____ C:\WINDOWS\avisplitter.ini 2016-01-13 11:04 - 2010-12-10 22:27 - 00000590 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest 2016-01-13 11:04 - 2010-12-08 00:10 - 00183808 _____ C:\WINDOWS\system32\xvidvfw.dll 2016-01-13 11:04 - 2010-12-07 23:52 - 00810496 _____ C:\WINDOWS\system32\xvidcore.dll 2016-01-13 11:04 - 2010-11-04 00:38 - 00237568 _____ (www.helixcommunity.org) C:\WINDOWS\system32\yv12vfw.dll 2016-01-13 11:04 - 2010-01-17 21:48 - 00151552 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm 2016-01-13 11:04 - 2008-10-03 19:00 - 00000414 _____ C:\WINDOWS\system32\lame_acm.xml 2016-01-13 11:04 - 2008-09-25 01:11 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\WINDOWS\system32\lameACM.acm 2016-01-13 08:35 - 2008-04-14 17:30 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll 2016-01-10 08:47 - 2016-01-10 08:48 - 00000064 _____ C:\Documents and Settings\Ramesh j\My Documents\mms.cfg ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-07 17:36 - 2015-12-17 09:02 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Temp 2016-02-07 17:35 - 2016-01-03 09:18 - 00000000 ____D C:\FRST 2016-02-07 17:35 - 2013-10-15 18:03 - 00000000 ____D C:\WINDOWS 2016-02-07 17:17 - 2013-10-15 13:17 - 00000000 ____D C:\Program Files\eScan 2016-02-07 17:16 - 2008-04-14 17:30 - 00004669 _____ C:\WINDOWS\win.ini 2016-02-07 17:12 - 2015-05-16 10:48 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-02-07 17:01 - 2015-05-18 13:06 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents 2016-02-07 16:47 - 2015-05-20 12:56 - 00000069 _____ C:\WINDOWS\NeroDigital.ini 2016-02-07 16:33 - 2015-05-19 20:44 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-07 16:31 - 2015-05-18 13:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-07 11:27 - 2015-05-18 13:06 - 00000178 ___SH C:\Documents and Settings\Ramesh j\ntuser.ini 2016-02-07 11:27 - 2015-05-18 13:04 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt 2016-02-07 11:26 - 2015-05-18 13:06 - 00000000 ____D C:\Documents and Settings\Ramesh j 2016-02-07 11:10 - 2015-12-19 23:12 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\uTorrent 2016-02-07 08:52 - 2013-10-15 18:03 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2016-02-07 08:45 - 2015-11-18 19:18 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\vlc 2016-02-06 21:36 - 2015-05-24 08:14 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\insignia 2016-02-06 21:29 - 2015-05-20 06:20 - 00137728 _____ C:\Documents and Settings\Ramesh j\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-02-06 21:17 - 2013-10-15 18:03 - 00000000 ___HD C:\WINDOWS\inf 2016-02-06 10:01 - 2015-05-19 13:17 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt 2016-02-06 08:07 - 2015-05-21 09:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CogniView 2016-02-06 08:07 - 2015-05-21 09:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CogniView 2016-02-05 19:32 - 2015-05-18 13:06 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents\My Pictures 2016-02-05 08:16 - 2015-05-19 19:44 - 00002311 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 9.lnk 2016-02-05 08:16 - 2015-05-19 19:44 - 00002311 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 9.lnk 2016-02-05 06:59 - 2015-05-20 20:55 - 00000000 ____D C:\Program Files\Wondershare 2016-02-05 06:59 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wondershare 2016-02-05 06:59 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wondershare 2016-02-03 14:32 - 2015-05-22 19:47 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents\My Videos 2016-02-03 14:18 - 2015-05-18 13:06 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents\My Music 2016-02-03 14:00 - 2013-10-15 12:53 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-02-03 13:52 - 2015-05-25 10:50 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\dvdcss 2016-02-02 21:09 - 2014-06-17 14:09 - 00000000 ____D C:\Program Files\VSO 2016-02-02 12:24 - 2013-10-15 12:59 - 00000000 ____D C:\Program Files\WinRAR 2016-02-02 08:29 - 2015-05-19 07:02 - 00002853 _____ C:\Documents and Settings\Ramesh j\Desktop\PowerIndiabulls.lnk 2016-01-30 07:07 - 2015-05-18 13:51 - 00000152 _____ C:\WINDOWS\ERS.BAT 2016-01-30 07:07 - 2015-05-18 13:49 - 02235624 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\test2.exe 2016-01-29 16:01 - 2014-08-03 08:03 - 00000000 ____D C:\Program Files\Common Files\Wondershare 2016-01-27 08:12 - 2015-11-20 18:50 - 00000000 ____D C:\Documents and Settings\Ramesh j\Desktop\radar 10 2016-01-26 17:12 - 2015-10-04 16:33 - 00000000 _____ C:\WINDOWS\system32\CogniviewPort 2016-01-26 17:10 - 2015-06-10 08:27 - 00000000 ____D C:\Program Files\AstroLoka Basic 2016-01-17 08:55 - 2015-05-19 21:49 - 00000178 ___SH C:\Documents and Settings\Administrator.REGRANJU\ntuser.ini 2016-01-17 08:55 - 2015-05-19 21:49 - 00000000 ____D C:\Documents and Settings\Administrator.REGRANJU\Local Settings\Temp 2016-01-16 06:36 - 2015-05-18 13:53 - 00422664 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys 2016-01-16 06:36 - 2015-05-18 13:49 - 01441000 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\mwtsp.dll 2016-01-16 06:36 - 2015-05-18 13:49 - 00175336 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\mwnsp.dll 2016-01-14 08:34 - 2015-11-02 18:21 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\PPT to Video Pro Log Files 2016-01-13 22:20 - 2015-05-18 13:06 - 00000788 _____ C:\Documents and Settings\Ramesh j\Start Menu\Programs\Windows Media Player.lnk 2016-01-13 11:08 - 2015-05-23 08:04 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb 2016-01-13 11:08 - 2015-05-23 08:04 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb 2016-01-13 10:15 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare 2016-01-13 10:15 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare 2016-01-13 08:42 - 2015-08-14 15:40 - 00075680 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2016-01-13 08:04 - 2015-11-02 18:23 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\PPT to Video Pro 2016-01-09 11:58 - 2015-12-19 18:53 - 00000000 ____D C:\Program Files\Simple Port Forwarding 2016-01-08 07:36 - 2015-05-18 14:37 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Adobe 2016-01-08 07:35 - 2015-05-18 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-01-08 07:35 - 2015-05-18 14:39 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2016-01-23 22:28 - 2016-02-02 21:09 - 0087608 _____ () C:\Documents and Settings\Ramesh j\Application Data\inst.exe 2015-07-15 19:03 - 2015-07-15 19:04 - 0038429 _____ () C:\Documents and Settings\Ramesh j\Application Data\Microsoft Excel 97-2003.ADR 2015-05-21 09:01 - 2015-05-21 09:04 - 0000288 _____ () C:\Documents and Settings\Ramesh j\Application Data\MSyu.dat 2016-01-23 22:28 - 2016-02-02 21:09 - 0007887 _____ () C:\Documents and Settings\Ramesh j\Application Data\pcouffin.cat 2016-01-23 22:28 - 2016-02-02 21:09 - 0001144 _____ () C:\Documents and Settings\Ramesh j\Application Data\pcouffin.inf 2016-01-23 22:28 - 2016-02-02 21:10 - 0000034 _____ () C:\Documents and Settings\Ramesh j\Application Data\pcouffin.log 2016-01-23 22:28 - 2016-02-02 21:09 - 0047360 _____ (VSO Software) C:\Documents and Settings\Ramesh j\Application Data\pcouffin.sys 2015-05-21 09:01 - 2015-05-21 09:04 - 0000288 _____ () C:\Documents and Settings\Ramesh j\Application Data\PDF2XL-6-0.TrialData 2015-05-20 06:20 - 2016-02-06 21:29 - 0137728 _____ () C:\Documents and Settings\Ramesh j\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll C:\Documents and Settings\Administrator.REGRANJU\Local Settings\Temp\bassmod.dll C:\Documents and Settings\Guest\Local Settings\Temp\NeroSearchTrayHook_{3B8C3C71-9B6B-4D0E-B595-930886616AA2}.dll Some zero byte size files/folders: ========================== C:\Windows\logo1_.exe C:\Windows\logo_1.exe C:\Windows\RUNDL132.EXE C:\Windows\rundll16.exe C:\Windows\VDLL.DLL C:\Windows\System32\regsvr.exe C:\Windows\System32\runouce.exe C:\Windows\System32\wmicuclt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-18 13:53 ==================== End of FRST.txt ============================ FRST additionlog Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015 Ran by Ramesh j (2016-02-07 17:37:01) Running from E:\my Software\malwarebyte tools\FRST Microsoft Windows XP Professional Service Pack 3 (X86) (2015-05-18 07:32:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-796845957-1343024091-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.REGRANJU ASPNET (S-1-5-21-796845957-1343024091-682003330-1004 - Limited - Enabled) Guest (S-1-5-21-796845957-1343024091-682003330-501 - Limited - Disabled) HelpAssistant (S-1-5-21-796845957-1343024091-682003330-1000 - Limited - Disabled) Ramesh j (S-1-5-21-796845957-1343024091-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ramesh j Rameshj (S-1-5-21-796845957-1343024091-682003330-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Rameshj SUPPORT_388945a0 (S-1-5-21-796845957-1343024091-682003330-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: eScan Internet Security for Windows (Enabled - Up to date) {E25EE26A-7512-411E-BAF6-D9AFA504A475} FW: eScan Internet Security for Windows (Disabled) {E25EE26A-7512-411E-BAF6-D9AFA504A475} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - ) Acoolsoft PPT to Video Pro 3.2.7 (HKLM\...\Acoolsoft PPT to Video Pro_is1) (Version: 3.2.7 - Acoolsoft Software) Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated) Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Advanced PDF Password Recovery (HKLM\...\{A85CC7BA-760F-4B65-8E2F-640BE314F2F8}) (Version: 5.06.113.2041 - Elcomsoft Co. Ltd.) aldasa (HKLM\...\aldasa) (Version: - ) ALLHORS (HKLM\...\ALLHORS) (Version: - ) AstroLoka Basic - Free Version 2.4 (HKLM\...\AstroLoka.com - AstroLoka Basic_is1) (Version: 2.4.0 - AstroLoka Technologies Pvt Ltd) Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) calibre (HKLM\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) ChartNexus version 3.3.5 (HKLM\...\{F8F74455-1B4F-4CFC-A580-070297547BB0}_is1) (Version: 3.3.5 - ChartNexus Sdn Bhd) CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.) doPDF (Version: 8.3.931 - Softland) Hidden doPDF 8 (HKLM\...\{0da45805-0b8b-42ec-90fd-d6bd40e27bf7}) (Version: 8.3.931 - Softland) ePub Reader for Windows version 4.2 (HKLM\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 4.2 - HANSoft, Inc.) eScan Internet Security for Windows (HKLM\...\eScan Internet Security for Windows_is1) (Version: 11.0.1400.1831 - MicroWorld Technologies Inc.) FileLab Plugin 1.1.33 (HKLM\...\{6AC5F630-9453-433D-90FF-BB3A8E4F8960}) (Version: 1.1.33 - FileLab) Frhed 1.6.0 (HKLM\...\Frhed) (Version: 1.6.0 - Raihan Kibria) Glary Utilities PRO 5.29 (HKLM\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd) Google Books Download (HKLM\...\GoogleBooks) (Version: 1.4.1 - eBook Download) Google Books Downloader version 2.6 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.6 - GBOOKSDOWNLOADER.COM) HD Video Converter Factory Pro 8.6 (HKLM\...\HD Video Converter Factory Pro) (Version: 8.6 - WonderFox Soft, Inc.) Horoscope Explorer Pro 3.6 (HKLM\...\Horoscope Explorer Pro 3.6_is1) (Version: 3 - Public Software Library India Pvt Ltd) Horoscope Explorer Pro 3.6 Crack (HKLM\...\Horoscope Explorer Pro 3.6 Crack3.81) (Version: 3.81 - PublicSoft) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5420 - Intel Corporation) IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) Java 7 Update 79 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle) JPEG Recovery Pro 4.0 (HKLM\...\JPEG Recovery Pro 4.0) (Version: - ) K-Lite Codec Pack 7.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Lhors (HKLM\...\Lhors) (Version: - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.21 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.0.21 - Wondershare, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation) Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation) Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com) Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden Nero 8 (HKLM\...\{5FCCD531-1B38-4A94-924C-127F722F1033}) (Version: 8.2.89 - Nero AG) Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia) Nokia Suite (Version: 3.8.54.0 - Nokia) Hidden novaPDF 8 Printer Driver (HKLM\...\{A543C52B-13BA-437A-BC65-0C7317C9A562}) (Version: 8.3.931 - Softland) novaPDF 8 SDK COM (x86) (HKLM\...\{522153DA-9319-4E93-87BB-6632C85947F3}) (Version: 8.3.931 - Softland) Nuance PDF Professional 5 (HKLM\...\{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}) (Version: 5.00.3200 - Nuance Communications, Inc) ophcrack_office 1.2.1 (HKLM\...\ophcrack_office_is1) (Version: - OS Objectif Sécurité SA) Oracle VM VirtualBox 4.3.28 (HKLM\...\{CCDB3D1D-F362-4CC6-8D36-DC74A74DF506}) (Version: 4.3.28 - Oracle Corporation) Panchang (HKLM\...\Panchang) (Version: - ) PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDF2XL Enterprise (HKLM\...\{3E060002-4585-41BE-899F-60B5DC1DB2FB}) (Version: 6.0.2.311 - CogniView) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Power Indiabulls (HKLM\...\{FACCF191-EA48-462E-95EB-09D4F47A9F4B}) (Version: 5.1 - Indiabulls Ventures Ltd) resolver version 4.1 (HKLM\...\{6F146FB4-38F4-4507-8927-B252224157D4}_is1) (Version: 4.1 - ACT) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Scansoft PDF Professional (Version: - ) Hidden Sharp World Clock 6.41 (HKLM\...\Sharp World Clock_is1) (Version: - Johannes Wallroth) Simple Port Forwarding (HKLM\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com) Subtitle Edit 3.3.8 (HKLM\...\SubtitleEdit_is1) (Version: 3.3.8.2047 - Nikse) VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.13 - VSO Software) VSO Inspector 2.0.2 (HKLM\...\VSO Inspector_is1) (Version: - VSO-Software SARL) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Webshots Desktop (HKLM\...\Webshots Desktop_is1) (Version: - AGCM) WinAVI All-in-One Converter (HKLM\...\WinAVI All-in-One Converter) (Version: 1.7.0.4734 - ZJMedia Digital Technology Ltd.) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - ) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. ) Wondershare AllMyTube(Build 4.1.0.3) (HKLM\...\Wondershare AllMyTube_is1) (Version: 4.1.0.3 - Wondershare Software) Wondershare MobileGo for Android ( Version 5.0.1 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.0.1 - Wondershare) Wondershare MobileGo(Version 7.9.2) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 7.9.2 - Wondershare) Wondershare MobileTrans ( Version 7.0.0 ) (HKLM\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 7.0.0 - Wondershare) Wondershare Video Editor(Build 4.8.0) (HKLM\...\Wondershare Video Editor_is1) (Version: - Wondershare Software) Xmatch (HKLM\...\Xmatch) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files\Simple Port Forwarding\basic_ui.bat () ==================== Loaded Modules (Whitelisted) ============== 2008-04-14 17:30 - 2008-04-14 17:30 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll 2015-10-27 07:07 - 2015-10-27 07:07 - 00086248 _____ () C:\WINDOWS\system32\UnAceV2.dll 2015-05-11 18:58 - 2015-05-11 18:58 - 00129304 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll 2008-02-02 02:09 - 2008-02-02 02:09 - 02560000 _____ () C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll 2009-02-27 12:56 - 2009-02-27 12:56 - 00016768 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll 2008-04-14 17:30 - 2008-04-14 17:30 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2008-04-14 17:30 - 2008-04-14 17:30 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F0D7EE30 AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FC595E85 AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F0D7EE30 AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FC595E85 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-796845957-1343024091-682003330-1003\...\kuaiche.com -> hxxp://software.kuaiche.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 17:30 - 2016-01-13 09:47 - 00007342 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 216.239.32.20 www.google.ac 216.239.32.20 www.google.ad 216.239.32.20 www.google.ae 216.239.32.20 www.google.com.af 216.239.32.20 www.google.com.ag 216.239.32.20 www.google.com.ai 216.239.32.20 www.google.al 216.239.32.20 www.google.am 216.239.32.20 www.google.co.ao 216.239.32.20 www.google.com.ar 216.239.32.20 www.google.as 216.239.32.20 www.google.at 216.239.32.20 www.google.com.au 216.239.32.20 www.google.az 216.239.32.20 www.google.ba 216.239.32.20 www.google.com.bd 216.239.32.20 www.google.be 216.239.32.20 www.google.bf 216.239.32.20 www.google.bg 216.239.32.20 www.google.com.bh 216.239.32.20 www.google.bi 216.239.32.20 www.google.bj 216.239.32.20 www.google.com.bn 216.239.32.20 www.google.com.bo 216.239.32.20 www.google.com.br 216.239.32.20 www.google.bs 216.239.32.20 www.google.bt 216.239.32.20 www.google.co.bw 216.239.32.20 www.google.by There are 179 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-796845957-1343024091-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ramesh j\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp DNS Servers: 10.0.0.1 Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^Ramesh j^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2 => C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup MSCONFIG\startupfolder: ^.gitconfig => MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\DOWNLOAD.EXE] => Enabled:eScan Update Downloader DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\TRAYICOS.EXE] => Enabled:eScan Server Updater DomainProfile\AuthorizedApplications: [C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE] => Enabled:MicroWorld Management Agent DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\LICENSE.EXE] => Enabled:eScan Registration Service DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\ESCANPRO.EXE] => Enabled:eScan Administration Service DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe] => Enabled:CyberLink PowerDVD14 DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe] => Enabled:CyberLink PowerDVD 14 Media Server Service DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe] => Enabled:CyberLink PowerDVD14 Agent DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe] => Enabled:CyberLink PowerDVD14 Movie Module StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\DOWNLOAD.EXE] => Enabled:eScan Update Downloader StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\TRAYICOS.EXE] => Enabled:eScan Server Updater StandardProfile\AuthorizedApplications: [C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE] => Enabled:MicroWorld Management Agent StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\LICENSE.EXE] => Enabled:eScan Registration Service StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\ESCANPRO.EXE] => Enabled:eScan Administration Service StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Disabled:Microsoft Office Groove StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Disabled:Microsoft Office OneNote StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent StandardProfile\AuthorizedApplications: [C:\Program Files\Simple Port Forwarding\spf.exe] => Enabled:Simple Port Forwarding By PcWinTech.com StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe] => Enabled:CyberLink PowerDVD14 StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe] => Enabled:CyberLink PowerDVD 14 Media Server Service StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe] => Enabled:CyberLink PowerDVD14 Agent StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe] => Enabled:CyberLink PowerDVD14 Movie Module StandardProfile\GloballyOpenPorts: [8501:TCP] => Enabled:NovaPDFUDPPortException StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Microsoft USB Sync Description: Microsoft USB Sync Class Guid: {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835} Manufacturer: Microsoft Service: wceusbsh Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VirtualBox Host-Only Ethernet Adapter Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/07/2016 05:36:30 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:30 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:29 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:29 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:29 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:28 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:28 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:24 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:24 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. Error: (02/07/2016 05:36:21 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation. System errors: ============= Error: (02/07/2016 05:14:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error: %%1056 Error: (02/07/2016 05:14:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error: %%1056 Error: (02/07/2016 05:13:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The MWAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/07/2016 05:13:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The MWAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/07/2016 04:32:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The novaPDF Server service hung on starting. Error: (02/07/2016 04:31:56 PM) (Source: 0) (EventID: 55) (User: ) Description: G: Error: (02/07/2016 04:31:56 PM) (Source: 0) (EventID: 55) (User: ) Description: G: Error: (02/07/2016 10:31:34 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error: %%1056 Error: (02/07/2016 10:30:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The MWAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/07/2016 09:02:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. ==================== Memory info =========================== Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz Percentage of memory in use: 59% Total physical RAM: 2013.04 MB Available physical RAM: 810.77 MB Total Virtual: 3909.9 MB Available Virtual: 2702.68 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:48.83 GB) (Free:14.78 GB) NTFS ==>[drive with boot components (Windows XP)] Drive e: () (Fixed) (Total:58.59 GB) (Free:5.39 GB) NTFS Drive f: (Local Disk) (Fixed) (Total:62.5 GB) (Free:27.07 GB) NTFS Drive g: () (Fixed) (Total:62.96 GB) (Free:57.34 GB) NTFS Drive h: (Seagate Expansion Drive) (Fixed) (Total:465.76 GB) (Free:47.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: EBF1EBF1) Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=184.1 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: F9AB53BD) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. rameshjey
    I use windows XP sp3 and have malwarebytes for antimalware monotoring. Off late i find that malwarebytes gives a message that Windos security notification service has been blocked. After i run Malwarebytes and delete the identified PUPs (firewall,,automatic updates and antivirus), it keeps coming back.Is securirt y center notification program infected. How to remove or replace this.The antivirus program (escan) also gives the similar message. rameshjey
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.