Jump to content

Windows security notification program


Recommended Posts

I use windows XP sp3 and have malwarebytes for antimalware monotoring. Off late i find that malwarebytes gives a message that Windos security notification service has been blocked. After i run Malwarebytes and delete the identified PUPs (firewall,,automatic updates and antivirus), it keeps coming back.Is securirt y center notification program infected. How to remove or replace this.The antivirus program (escan) also gives the similar message.

rameshjey

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites

Thanks for the reply.

Here are the logs

1) Malwarebytes log

2) FRST log

3) FRS additions log

I dont use ADWCleaner and hence th log is not enclosed. If you insist I can install thsi sw.

 

 

Malwarebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 05/Feb/2016
Scan Time: 09:10:19
Logfile: MBAM lg 5 sep16.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2016.02.01.08
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ramesh j
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 619581
Time Elapsed: 34 min, 5 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[b72a5cdf653495a129d44c85ac58d62a]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[b52c9e9da7f20e285f9f04cd06fe51af]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[885956e58415be78aa55923ff3114ab6]
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)

 

 

 

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by Ramesh j (administrator) on REGRANJU (07-02-2016 17:35:52)
Running from E:\my Software\malwarebyte tools\FRST
Loaded Profiles: Ramesh j (Available Profiles: Ramesh j & Rameshj & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\econser.exe
(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\econceal.exe
(MicroWorld Technologies Inc.) C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MICROW~1\eScanBD\avpmapp.exe
(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\traysser.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\consctl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\TRAYICOS.EXE
(Webshots.com) C:\PROGRA~1\Webshots\Webshots.scr
(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\Vista\escanmon.exe
(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\MAILDISP.EXE
(MicroWorld Technologies Inc.) C:\PROGRA~1\eScan\spooler.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(MicroWorld Technologies Inc.) C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
(MicroWorld Technologies Inc.) C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [eScan Updater] => C:\Program Files\eScan\TRAYICOS.EXE [5985968 2015-02-25] (MicroWorld Technologies Inc.)
Winlogon\Notify\eSLogOn: C:\WINDOWS\system32\eSLogOn.dll [2015-02-25] (MicroWorld Technologies Inc.)
HKU\S-1-5-21-796845957-1343024091-682003330-1003\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-796845957-1343024091-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files\Webshots\Webshots.scr [3343688 2008-08-15] (Webshots.com)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> (None)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-04-21]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Ramesh j\Start Menu\Programs\Startup\Webshots.lnk [2016-01-27]
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe (Webshots.com)
BootExecute: autocheck autochk *  
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\WINDOWS\system32\mwnsp.dll [175336 2016-01-16] (MicroWorld Technologies Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\mwtsp.dll [1441000 2016-01-16] (MicroWorld Technologies Inc.)
Winsock: Catalog9 02 C:\WINDOWS\system32\mwtsp.dll [1441000 2016-01-16] (MicroWorld Technologies Inc.)
Winsock: Catalog9 22 C:\WINDOWS\system32\mwtsp.dll [1441000 2016-01-16] (MicroWorld Technologies Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{FEFE1AB7-7910-49B6-96FC-EAB19C3F2186}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-796845957-1343024091-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gfe_rd=cr&ei=BFVkVa6kB4WM8Qe6v4CADA&gws_rd=ssl
URLSearchHook: HKU\S-1-5-21-796845957-1343024091-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir=
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir=
SearchScopes: HKU\S-1-5-21-796845957-1343024091-682003330-1003 -> DefaultScope {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir=
SearchScopes: HKU\S-1-5-21-796845957-1343024091-682003330-1003 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtD0FtAzz0FtDzztCzy0CzztN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzytBzzyD0EzyyCtGtAyCzz0FtGzz0Azy0FtG0Dzz0BzztGyC0E0E0E0C0A0FyEzyyD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytBtD0CzzzyyCtGtA0Fzz0EtGyEzztCyEtG0ByDyCyEtGtAyBzytByE0D0CtCyDtC0BtD2QtN0A0LzutB&cr=1197136559&ir=
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default
FF Homepage: www.google.com
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-08] ()
FF Plugin: @ASC/FileLabPlugin;version=1.1.33 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (FileLab)
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-12-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-12-29] (Oracle Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: FlashGot - C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-11-08]
FF Extension: Greasemonkey - C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-24]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Documents and Settings\Ramesh j\Application Data\Mozilla\Firefox\Profiles\mhht6uzp.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-08-03]
FF HKLM\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF Extension: Wondershare AllMyTube - C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2015-05-20] [not signed]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gccilgmhofdpkfakmalggoiolhbmdcjd] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare\AllMyTube\AllMyTube@Wondershare.com.crx [2014-05-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2007-02-03] (CrypKey (Canada) Ltd.) [File not signed]
R2 EconService; c:\Program Files\eScan\econser.exe [1059504 2015-02-25] (MicroWorld Technologies Inc.)
R2 eScan Monitor Service; C:\Documents and Settings\All Users.WINDOWS\Application Data\MicroWorld\eScanBD\avpmapp.exe [2955856 2016-01-30] (MicroWorld Technologies Inc.)
R2 eScan-trayicos; C:\Program Files\eScan\traysser.exe [167144 2015-11-18] (MicroWorld Technologies Inc.)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-12-29] (Oracle Corporation)
S4 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88696 2012-12-11] (VIA Technologies, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [885424 2015-02-25] (MicroWorld Technologies Inc.)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-05-11] (Microsoft)
S3 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-02] (Nuance Communications, Inc.)
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 WsAppService; C:\Program Files\Wondershare\WAF\WsAppService.exe [356352 2015-09-23] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files\Wondershare\MobileGo\DriverInstall.exe [100664 2015-10-10] (Wondershare)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [622616 2012-10-10] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [252184 2015-09-22] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [487048 2013-06-25] (BitDefender)
R3 bdfsfltr; C:\WINDOWS\System32\DRIVERS\bdfsfltr.sys [353096 2011-03-24] (BitDefender)
S3 econceal; C:\WINDOWS\System32\DRIVERS\econceal.sys [34024 2014-05-12] (MicroWorld Technologies Inc.)
R3 econcealMP; C:\WINDOWS\System32\DRIVERS\econceal.sys [34024 2014-05-12] (MicroWorld Technologies Inc.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-12-19] ()
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-08-01] (Glarysoft Ltd)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2016-02-07] (Malwarebytes Corporation)
S3 mwfsmfltr; C:\WINDOWS\System32\DRIVERS\mwfsmflt.sys [26536 2012-10-12] (MicroWorld Technologies Inc.)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-02-02] (VSO Software) [File not signed]
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
S3 pnetmdm; C:\WINDOWS\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology) [File not signed]
R3 ProcObsrv; c:\Program Files\eScan\ProcObsrv.sys [16040 2015-02-25] (MicroWorld Technologies Inc.)
R3 ProcObsrves; C:\Program Files\eScan\ProcObsrves.sys [46312 2015-09-22] (MicroWorld Technologies Inc.)
S3 rtl8029; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [19017 2001-08-17] (Realtek Semiconductor Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation)
R3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [422664 2016-01-16] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2561968 2013-03-01] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-14] (Microsoft Corporation)
R3 WsAudio_Device; C:\WINDOWS\System32\drivers\VirtualAudio.sys [27496 2013-09-03] (Wondershare)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-17] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 16:35 - 2016-02-07 16:35 - 00000559 _____ C:\Documents and Settings\Ramesh j\Desktop\Autoruns.lnk
2016-02-07 16:31 - 2016-02-07 16:31 - 00278152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-07 10:15 - 2016-02-07 10:16 - 00000000 ____D C:\Documents and Settings\Ramesh j\Desktop\My google books
2016-02-07 10:07 - 2016-02-07 10:07 - 00000775 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Books Downloader.lnk
2016-02-07 10:07 - 2016-02-07 10:07 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Books Downloader
2016-02-07 10:07 - 2016-02-07 10:07 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Books Downloader
2016-02-07 09:16 - 2016-02-07 09:16 - 00000881 _____ C:\Documents and Settings\Ramesh j\Desktop\Google Books Download.lnk
2016-02-07 09:16 - 2016-02-07 09:16 - 00000000 ____D C:\Documents and Settings\Ramesh j\Start Menu\Programs\Google Books Download
2016-02-05 14:37 - 2016-02-05 14:37 - 00000000 ____D C:\WINDOWS\rundll16.exe
2016-02-05 14:37 - 2016-02-05 14:37 - 00000000 ____D C:\WINDOWS\logo1_.exe
2016-02-05 12:08 - 2016-02-05 12:13 - 04680432 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU 4FEB16.arn
2016-02-05 07:01 - 2016-02-05 07:01 - 00000979 _____ C:\Documents and Settings\Ramesh j\Desktop\WinAVI All-in-One Converter.lnk
2016-02-05 07:01 - 2016-02-05 07:01 - 00000000 ____D C:\Documents and Settings\Ramesh j\Start Menu\Programs\WinAVI All-in-One Converter
2016-02-04 21:53 - 2016-02-04 21:53 - 00013816 _____ C:\WINDOWS\WSSPORD.DAT
2016-02-04 12:12 - 2016-02-04 12:12 - 00000000 __SHD C:\found.000
2016-02-03 14:18 - 2016-02-03 14:20 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\CyberLink
2016-02-03 14:18 - 2016-02-03 14:18 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\CyberLink
2016-02-03 14:01 - 2016-02-03 14:01 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\CyberLink
2016-02-03 14:01 - 2016-02-03 14:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\PDVD
2016-02-03 14:01 - 2016-02-03 14:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\PDVD
2016-02-03 14:00 - 2016-02-03 14:00 - 00001804 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\CyberLink PowerDVD 14.lnk
2016-02-03 14:00 - 2016-02-03 14:00 - 00000000 ____D C:\Program Files\NSIS Uninstall Information
2016-02-03 14:00 - 2016-02-03 14:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CyberLink PowerDVD 14
2016-02-03 14:00 - 2016-02-03 14:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CyberLink PowerDVD 14
2016-02-03 13:59 - 2016-02-03 13:59 - 00000000 ____D C:\Program Files\CyberLink
2016-02-03 13:58 - 2016-02-05 08:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2016-02-03 13:58 - 2016-02-05 08:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPPORTDIR
2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPPORTDIR
2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\install_clap
2016-02-03 13:58 - 2016-02-03 13:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\install_clap
2016-02-02 21:20 - 2016-02-02 21:20 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\WinAVI
2016-02-02 21:20 - 2016-02-02 21:20 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\WinAVI
2016-02-02 21:19 - 2016-02-02 21:19 - 00000000 ____D C:\Program Files\WinAVI
2016-02-02 21:10 - 2016-02-05 13:19 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\log
2016-02-02 21:09 - 2016-02-02 21:09 - 00000730 _____ C:\Documents and Settings\Ramesh j\Desktop\VSO Inspector.lnk
2016-02-02 09:05 - 2016-02-02 09:05 - 00001732 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
2016-02-02 09:05 - 2016-02-02 09:05 - 00001732 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
2016-02-02 09:05 - 2016-02-02 09:05 - 00001732 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk
2016-02-02 09:05 - 2016-02-02 09:05 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\WinZip
2016-02-02 09:05 - 2016-02-02 09:05 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
2016-02-02 09:05 - 2016-02-02 09:05 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
2016-02-02 09:04 - 2016-02-02 09:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2016-02-02 09:04 - 2016-02-02 09:06 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2016-02-02 09:04 - 2016-02-02 09:04 - 00000000 ____D C:\Program Files\WinZip
2016-02-02 09:00 - 2016-02-02 09:00 - 00000692 _____ C:\Documents and Settings\Ramesh j\Desktop\WinRAR.lnk
2016-02-02 08:54 - 2016-02-02 09:00 - 00000000 ____D C:\Documents and Settings\Ramesh j\Start Menu\Programs\WinRAR
2016-02-02 08:54 - 2016-02-02 09:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
2016-02-02 08:54 - 2016-02-02 09:00 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
2016-01-31 21:59 - 2016-01-31 21:59 - 00000719 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
2016-01-31 21:59 - 2016-01-31 21:59 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
2016-01-31 21:59 - 2016-01-31 21:59 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
2016-01-30 13:47 - 2016-01-30 13:47 - 00000855 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Wondershare Video Editor.lnk
2016-01-30 13:47 - 2014-07-15 17:24 - 02140712 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpgvout.004
2016-01-30 13:47 - 2014-07-15 17:24 - 00531496 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpeg2mux.ax
2016-01-30 13:47 - 2014-07-15 17:24 - 00375848 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcm2ve.ax
2016-01-30 13:47 - 2014-07-15 17:24 - 00257064 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcl2ae.ax
2016-01-30 13:47 - 2014-07-15 17:24 - 00244776 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpgaout.dll
2016-01-30 13:47 - 2014-07-15 17:24 - 00020520 _____ (MainConcept GmbH) C:\WINDOWS\system32\mcmpgvout.dll
2016-01-30 07:55 - 2016-01-30 07:55 - 00000859 _____ C:\Documents and Settings\Ramesh j\Desktop\ConvertXToDVD 5.lnk
2016-01-29 16:01 - 2016-02-04 08:49 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\Wondershare DVD Creator
2016-01-28 18:58 - 2016-01-28 18:58 - 00084501 _____ C:\Documents and Settings\Ramesh j\Start Menu.rar
2016-01-27 18:35 - 2016-02-07 10:12 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\GoogleBooks
2016-01-27 18:33 - 2016-02-07 09:16 - 00000000 ____D C:\Program Files\PDFsvg
2016-01-27 07:54 - 2016-01-27 07:54 - 41371846 _____ C:\Documents and Settings\Ramesh j\Desktop\Xcpa_T-7oVQC.pdf
2016-01-27 07:49 - 2016-02-07 10:07 - 00000000 ____D C:\Program Files\Google Books Downloader
2016-01-23 22:56 - 2016-02-05 11:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\VSO
2016-01-23 22:56 - 2016-02-05 11:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\VSO
2016-01-23 22:38 - 2016-02-03 12:45 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\ConvertXtoDVD
2016-01-23 22:28 - 2016-02-02 21:10 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\Vso
2016-01-23 22:28 - 2016-02-02 21:09 - 00087608 _____ C:\Documents and Settings\Ramesh j\Application Data\inst.exe
2016-01-23 22:28 - 2016-02-02 21:09 - 00047360 _____ (VSO Software) C:\WINDOWS\system32\Drivers\pcouffin.sys
2016-01-23 22:28 - 2016-02-02 21:09 - 00047360 _____ (VSO Software) C:\Documents and Settings\Ramesh j\Application Data\pcouffin.sys
2016-01-23 22:28 - 2016-02-02 21:09 - 00007887 _____ C:\Documents and Settings\Ramesh j\Application Data\pcouffin.cat
2016-01-23 22:28 - 2016-02-02 21:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VSO
2016-01-23 22:28 - 2016-02-02 21:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VSO
2016-01-23 22:28 - 2006-09-29 11:26 - 00176165 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drv23260.dll
2016-01-23 22:28 - 2006-09-29 11:25 - 00208935 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drv33260.dll
2016-01-23 22:28 - 2006-09-29 11:24 - 00217127 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drv43260.dll
2016-01-23 22:28 - 1998-03-08 19:28 - 00273408 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\Pncrt.dll
2016-01-18 16:37 - 2016-01-18 16:37 - 00000000 ____D C:\Program Files\Lame For Audacity
2016-01-18 16:27 - 2016-01-25 08:12 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\Audacity
2016-01-18 16:27 - 2016-01-18 16:27 - 00000688 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Audacity.lnk
2016-01-18 16:27 - 2016-01-18 16:27 - 00000688 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Audacity.lnk
2016-01-18 16:27 - 2016-01-18 16:27 - 00000682 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Audacity.lnk
2016-01-18 16:27 - 2016-01-18 16:27 - 00000000 ____D C:\Program Files\Audacity
2016-01-17 09:14 - 2016-01-17 09:14 - 04699808 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU 2.arn
2016-01-17 09:10 - 2016-01-17 09:10 - 04769534 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU1.arn
2016-01-17 08:59 - 2016-01-17 08:59 - 00084392 _____ C:\Documents and Settings\Ramesh j\My Documents\REGRANJU.txt
2016-01-16 07:09 - 2016-01-16 07:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare Video Editor
2016-01-16 07:09 - 2016-01-16 07:09 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare Video Editor
2016-01-16 06:36 - 2016-01-16 06:36 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Google
2016-01-15 16:29 - 2016-01-15 16:29 - 00285016 _____ C:\Documents and Settings\Ramesh j\My Documents\nishchayathartha.txt
2016-01-15 14:36 - 2016-02-04 18:17 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\NeroVision
2016-01-14 06:53 - 2016-02-05 11:15 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\Media Player Classic
2016-01-13 17:32 - 2016-01-15 08:15 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\Wondershare Video Editor
2016-01-13 17:02 - 2016-01-13 17:02 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Aimersoft
2016-01-13 16:52 - 2016-01-13 16:52 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FileLab
2016-01-13 16:52 - 2016-01-13 16:52 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FileLab
2016-01-13 11:04 - 2016-01-13 11:05 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-01-13 11:04 - 2016-01-13 11:04 - 00000926 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Media Player Classic.lnk
2016-01-13 11:04 - 2016-01-13 11:04 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack
2016-01-13 11:04 - 2016-01-13 11:04 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack
2016-01-13 11:04 - 2011-02-28 13:30 - 00080896 _____ C:\WINDOWS\system32\ff_vfw.dll
2016-01-13 11:04 - 2011-02-28 13:30 - 00000038 _____ C:\WINDOWS\avisplitter.ini
2016-01-13 11:04 - 2010-12-10 22:27 - 00000590 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2016-01-13 11:04 - 2010-12-08 00:10 - 00183808 _____ C:\WINDOWS\system32\xvidvfw.dll
2016-01-13 11:04 - 2010-12-07 23:52 - 00810496 _____ C:\WINDOWS\system32\xvidcore.dll
2016-01-13 11:04 - 2010-11-04 00:38 - 00237568 _____ (www.helixcommunity.org) C:\WINDOWS\system32\yv12vfw.dll
2016-01-13 11:04 - 2010-01-17 21:48 - 00151552 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2016-01-13 11:04 - 2008-10-03 19:00 - 00000414 _____ C:\WINDOWS\system32\lame_acm.xml
2016-01-13 11:04 - 2008-09-25 01:11 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\WINDOWS\system32\lameACM.acm
2016-01-13 08:35 - 2008-04-14 17:30 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2016-01-10 08:47 - 2016-01-10 08:48 - 00000064 _____ C:\Documents and Settings\Ramesh j\My Documents\mms.cfg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 17:36 - 2015-12-17 09:02 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Temp
2016-02-07 17:35 - 2016-01-03 09:18 - 00000000 ____D C:\FRST
2016-02-07 17:35 - 2013-10-15 18:03 - 00000000 ____D C:\WINDOWS
2016-02-07 17:17 - 2013-10-15 13:17 - 00000000 ____D C:\Program Files\eScan
2016-02-07 17:16 - 2008-04-14 17:30 - 00004669 _____ C:\WINDOWS\win.ini
2016-02-07 17:12 - 2015-05-16 10:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-07 17:01 - 2015-05-18 13:06 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents
2016-02-07 16:47 - 2015-05-20 12:56 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2016-02-07 16:33 - 2015-05-19 20:44 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-07 16:31 - 2015-05-18 13:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-07 11:27 - 2015-05-18 13:06 - 00000178 ___SH C:\Documents and Settings\Ramesh j\ntuser.ini
2016-02-07 11:27 - 2015-05-18 13:04 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-07 11:26 - 2015-05-18 13:06 - 00000000 ____D C:\Documents and Settings\Ramesh j
2016-02-07 11:10 - 2015-12-19 23:12 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\uTorrent
2016-02-07 08:52 - 2013-10-15 18:03 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-02-07 08:45 - 2015-11-18 19:18 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\vlc
2016-02-06 21:36 - 2015-05-24 08:14 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\insignia
2016-02-06 21:29 - 2015-05-20 06:20 - 00137728 _____ C:\Documents and Settings\Ramesh j\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-06 21:17 - 2013-10-15 18:03 - 00000000 ___HD C:\WINDOWS\inf
2016-02-06 10:01 - 2015-05-19 13:17 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2016-02-06 08:07 - 2015-05-21 09:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CogniView
2016-02-06 08:07 - 2015-05-21 09:01 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\CogniView
2016-02-05 19:32 - 2015-05-18 13:06 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents\My Pictures
2016-02-05 08:16 - 2015-05-19 19:44 - 00002311 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 9.lnk
2016-02-05 08:16 - 2015-05-19 19:44 - 00002311 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 9.lnk
2016-02-05 06:59 - 2015-05-20 20:55 - 00000000 ____D C:\Program Files\Wondershare
2016-02-05 06:59 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wondershare
2016-02-05 06:59 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wondershare
2016-02-03 14:32 - 2015-05-22 19:47 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents\My Videos
2016-02-03 14:18 - 2015-05-18 13:06 - 00000000 ___RD C:\Documents and Settings\Ramesh j\My Documents\My Music
2016-02-03 14:00 - 2013-10-15 12:53 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-02-03 13:52 - 2015-05-25 10:50 - 00000000 ____D C:\Documents and Settings\Ramesh j\Application Data\dvdcss
2016-02-02 21:09 - 2014-06-17 14:09 - 00000000 ____D C:\Program Files\VSO
2016-02-02 12:24 - 2013-10-15 12:59 - 00000000 ____D C:\Program Files\WinRAR
2016-02-02 08:29 - 2015-05-19 07:02 - 00002853 _____ C:\Documents and Settings\Ramesh j\Desktop\PowerIndiabulls.lnk
2016-01-30 07:07 - 2015-05-18 13:51 - 00000152 _____ C:\WINDOWS\ERS.BAT
2016-01-30 07:07 - 2015-05-18 13:49 - 02235624 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\test2.exe
2016-01-29 16:01 - 2014-08-03 08:03 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2016-01-27 08:12 - 2015-11-20 18:50 - 00000000 ____D C:\Documents and Settings\Ramesh j\Desktop\radar 10
2016-01-26 17:12 - 2015-10-04 16:33 - 00000000 _____ C:\WINDOWS\system32\CogniviewPort
2016-01-26 17:10 - 2015-06-10 08:27 - 00000000 ____D C:\Program Files\AstroLoka Basic
2016-01-17 08:55 - 2015-05-19 21:49 - 00000178 ___SH C:\Documents and Settings\Administrator.REGRANJU\ntuser.ini
2016-01-17 08:55 - 2015-05-19 21:49 - 00000000 ____D C:\Documents and Settings\Administrator.REGRANJU\Local Settings\Temp
2016-01-16 06:36 - 2015-05-18 13:53 - 00422664 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-01-16 06:36 - 2015-05-18 13:49 - 01441000 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\mwtsp.dll
2016-01-16 06:36 - 2015-05-18 13:49 - 00175336 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\mwnsp.dll
2016-01-14 08:34 - 2015-11-02 18:21 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\PPT to Video Pro Log Files
2016-01-13 22:20 - 2015-05-18 13:06 - 00000788 _____ C:\Documents and Settings\Ramesh j\Start Menu\Programs\Windows Media Player.lnk
2016-01-13 11:08 - 2015-05-23 08:04 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2016-01-13 11:08 - 2015-05-23 08:04 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2016-01-13 10:15 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare
2016-01-13 10:15 - 2015-05-20 20:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Wondershare
2016-01-13 08:42 - 2015-08-14 15:40 - 00075680 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-01-13 08:04 - 2015-11-02 18:23 - 00000000 ____D C:\Documents and Settings\Ramesh j\My Documents\PPT to Video Pro
2016-01-09 11:58 - 2015-12-19 18:53 - 00000000 ____D C:\Program Files\Simple Port Forwarding
2016-01-08 07:36 - 2015-05-18 14:37 - 00000000 ____D C:\Documents and Settings\Ramesh j\Local Settings\Application Data\Adobe
2016-01-08 07:35 - 2015-05-18 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-08 07:35 - 2015-05-18 14:39 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-01-23 22:28 - 2016-02-02 21:09 - 0087608 _____ () C:\Documents and Settings\Ramesh j\Application Data\inst.exe
2015-07-15 19:03 - 2015-07-15 19:04 - 0038429 _____ () C:\Documents and Settings\Ramesh j\Application Data\Microsoft Excel 97-2003.ADR
2015-05-21 09:01 - 2015-05-21 09:04 - 0000288 _____ () C:\Documents and Settings\Ramesh j\Application Data\MSyu.dat
2016-01-23 22:28 - 2016-02-02 21:09 - 0007887 _____ () C:\Documents and Settings\Ramesh j\Application Data\pcouffin.cat
2016-01-23 22:28 - 2016-02-02 21:09 - 0001144 _____ () C:\Documents and Settings\Ramesh j\Application Data\pcouffin.inf
2016-01-23 22:28 - 2016-02-02 21:10 - 0000034 _____ () C:\Documents and Settings\Ramesh j\Application Data\pcouffin.log
2016-01-23 22:28 - 2016-02-02 21:09 - 0047360 _____ (VSO Software) C:\Documents and Settings\Ramesh j\Application Data\pcouffin.sys
2015-05-21 09:01 - 2015-05-21 09:04 - 0000288 _____ () C:\Documents and Settings\Ramesh j\Application Data\PDF2XL-6-0.TrialData
2015-05-20 06:20 - 2016-02-06 21:29 - 0137728 _____ () C:\Documents and Settings\Ramesh j\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll
C:\Documents and Settings\Administrator.REGRANJU\Local Settings\Temp\bassmod.dll
C:\Documents and Settings\Guest\Local Settings\Temp\NeroSearchTrayHook_{3B8C3C71-9B6B-4D0E-B595-930886616AA2}.dll


Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\System32\regsvr.exe
C:\Windows\System32\runouce.exe
C:\Windows\System32\wmicuclt.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 13:53

==================== End of FRST.txt ============================

 

FRST additionlog

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by Ramesh j (2016-02-07 17:37:01)
Running from E:\my Software\malwarebyte tools\FRST
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-05-18 07:32:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-796845957-1343024091-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.REGRANJU
ASPNET (S-1-5-21-796845957-1343024091-682003330-1004 - Limited - Enabled)
Guest (S-1-5-21-796845957-1343024091-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-796845957-1343024091-682003330-1000 - Limited - Disabled)
Ramesh j (S-1-5-21-796845957-1343024091-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ramesh j
Rameshj (S-1-5-21-796845957-1343024091-682003330-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Rameshj
SUPPORT_388945a0 (S-1-5-21-796845957-1343024091-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: eScan Internet Security for Windows (Enabled - Up to date) {E25EE26A-7512-411E-BAF6-D9AFA504A475}
FW: eScan Internet Security for Windows (Disabled) {E25EE26A-7512-411E-BAF6-D9AFA504A475}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
Acoolsoft PPT to Video Pro 3.2.7 (HKLM\...\Acoolsoft PPT to Video Pro_is1) (Version: 3.2.7 - Acoolsoft Software)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advanced PDF Password Recovery (HKLM\...\{A85CC7BA-760F-4B65-8E2F-640BE314F2F8}) (Version: 5.06.113.2041 - Elcomsoft Co. Ltd.)
aldasa (HKLM\...\aldasa) (Version:  - )
ALLHORS (HKLM\...\ALLHORS) (Version:  - )
AstroLoka Basic - Free Version 2.4 (HKLM\...\AstroLoka.com - AstroLoka Basic_is1) (Version: 2.4.0 - AstroLoka Technologies Pvt Ltd)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
calibre (HKLM\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
ChartNexus version 3.3.5 (HKLM\...\{F8F74455-1B4F-4CFC-A580-070297547BB0}_is1) (Version: 3.3.5 - ChartNexus Sdn Bhd)
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
doPDF (Version: 8.3.931 - Softland) Hidden
doPDF 8 (HKLM\...\{0da45805-0b8b-42ec-90fd-d6bd40e27bf7}) (Version: 8.3.931 - Softland)
ePub Reader for Windows version 4.2 (HKLM\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 4.2 - HANSoft, Inc.)
eScan Internet Security for Windows (HKLM\...\eScan Internet Security for Windows_is1) (Version: 11.0.1400.1831 - MicroWorld Technologies Inc.)
FileLab Plugin 1.1.33 (HKLM\...\{6AC5F630-9453-433D-90FF-BB3A8E4F8960}) (Version: 1.1.33 - FileLab)
Frhed 1.6.0 (HKLM\...\Frhed) (Version: 1.6.0 - Raihan Kibria)
Glary Utilities PRO 5.29 (HKLM\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd)
Google Books Download (HKLM\...\GoogleBooks) (Version: 1.4.1 - eBook Download)
Google Books Downloader version 2.6 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.6 - GBOOKSDOWNLOADER.COM)
HD Video Converter Factory Pro 8.6 (HKLM\...\HD Video Converter Factory Pro) (Version: 8.6 - WonderFox Soft, Inc.)
Horoscope Explorer Pro 3.6 (HKLM\...\Horoscope Explorer Pro 3.6_is1) (Version: 3 - Public Software Library India Pvt Ltd)
Horoscope Explorer Pro 3.6 Crack (HKLM\...\Horoscope Explorer Pro 3.6 Crack3.81) (Version: 3.81 - PublicSoft)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5420 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
Java 7 Update 79 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
JPEG Recovery Pro 4.0 (HKLM\...\JPEG Recovery Pro 4.0) (Version:  - )
K-Lite Codec Pack 7.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Lhors (HKLM\...\Lhors) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.21 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.0.21 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Nero 8 (HKLM\...\{5FCCD531-1B38-4A94-924C-127F722F1033}) (Version: 8.2.89 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (Version: 3.8.54.0 - Nokia) Hidden
novaPDF 8 Printer Driver (HKLM\...\{A543C52B-13BA-437A-BC65-0C7317C9A562}) (Version: 8.3.931 - Softland)
novaPDF 8 SDK COM (x86) (HKLM\...\{522153DA-9319-4E93-87BB-6632C85947F3}) (Version: 8.3.931 - Softland)
Nuance PDF Professional 5 (HKLM\...\{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}) (Version: 5.00.3200 - Nuance Communications, Inc)
ophcrack_office 1.2.1 (HKLM\...\ophcrack_office_is1) (Version:  - OS Objectif Sécurité SA)
Oracle VM VirtualBox 4.3.28 (HKLM\...\{CCDB3D1D-F362-4CC6-8D36-DC74A74DF506}) (Version: 4.3.28 - Oracle Corporation)
Panchang (HKLM\...\Panchang) (Version:  - )
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF2XL Enterprise (HKLM\...\{3E060002-4585-41BE-899F-60B5DC1DB2FB}) (Version: 6.0.2.311 - CogniView)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Power Indiabulls (HKLM\...\{FACCF191-EA48-462E-95EB-09D4F47A9F4B}) (Version: 5.1 - Indiabulls Ventures Ltd)
resolver version 4.1 (HKLM\...\{6F146FB4-38F4-4507-8927-B252224157D4}_is1) (Version: 4.1 - ACT)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (Version:  - ) Hidden
Sharp World Clock 6.41 (HKLM\...\Sharp World Clock_is1) (Version:  - Johannes Wallroth)
Simple Port Forwarding (HKLM\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Subtitle Edit 3.3.8 (HKLM\...\SubtitleEdit_is1) (Version: 3.3.8.2047 - Nikse)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.13 - VSO Software)
VSO Inspector 2.0.2 (HKLM\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webshots Desktop (HKLM\...\Webshots Desktop_is1) (Version:  - AGCM)
WinAVI All-in-One Converter (HKLM\...\WinAVI All-in-One Converter) (Version: 1.7.0.4734 - ZJMedia Digital Technology Ltd.)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Wondershare AllMyTube(Build 4.1.0.3) (HKLM\...\Wondershare AllMyTube_is1) (Version: 4.1.0.3 - Wondershare Software)
Wondershare MobileGo for Android ( Version 5.0.1 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.0.1 - Wondershare)
Wondershare MobileGo(Version 7.9.2) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 7.9.2 - Wondershare)
Wondershare MobileTrans ( Version 7.0.0 ) (HKLM\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 7.0.0 - Wondershare)
Wondershare Video Editor(Build 4.8.0) (HKLM\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Xmatch (HKLM\...\Xmatch) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files\Simple Port Forwarding\basic_ui.bat ()

==================== Loaded Modules (Whitelisted) ==============

2008-04-14 17:30 - 2008-04-14 17:30 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2015-10-27 07:07 - 2015-10-27 07:07 - 00086248 _____ () C:\WINDOWS\system32\UnAceV2.dll
2015-05-11 18:58 - 2015-05-11 18:58 - 00129304 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll
2008-02-02 02:09 - 2008-02-02 02:09 - 02560000 _____ () C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll
2009-02-27 12:56 - 2009-02-27 12:56 - 00016768 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2008-04-14 17:30 - 2008-04-14 17:30 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 17:30 - 2008-04-14 17:30 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F0D7EE30
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FC595E85
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F0D7EE30
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FC595E85

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-796845957-1343024091-682003330-1003\...\kuaiche.com -> hxxp://software.kuaiche.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 17:30 - 2016-01-13 09:47 - 00007342 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
216.239.32.20     www.google.ac
216.239.32.20     www.google.ad
216.239.32.20     www.google.ae
216.239.32.20     www.google.com.af
216.239.32.20     www.google.com.ag
216.239.32.20     www.google.com.ai
216.239.32.20     www.google.al
216.239.32.20     www.google.am
216.239.32.20     www.google.co.ao
216.239.32.20     www.google.com.ar
216.239.32.20     www.google.as
216.239.32.20     www.google.at
216.239.32.20     www.google.com.au
216.239.32.20     www.google.az
216.239.32.20     www.google.ba
216.239.32.20     www.google.com.bd
216.239.32.20     www.google.be
216.239.32.20     www.google.bf
216.239.32.20     www.google.bg
216.239.32.20     www.google.com.bh
216.239.32.20     www.google.bi
216.239.32.20     www.google.bj
216.239.32.20     www.google.com.bn
216.239.32.20     www.google.com.bo
216.239.32.20     www.google.com.br
216.239.32.20     www.google.bs
216.239.32.20     www.google.bt
216.239.32.20     www.google.co.bw
216.239.32.20     www.google.by

There are 179 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-796845957-1343024091-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ramesh j\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
DNS Servers: 10.0.0.1
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Ramesh j^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2 => C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup
MSCONFIG\startupfolder: ^.gitconfig =>
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\DOWNLOAD.EXE] => Enabled:eScan Update Downloader
DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\TRAYICOS.EXE] => Enabled:eScan Server Updater
DomainProfile\AuthorizedApplications: [C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE] => Enabled:MicroWorld Management Agent
DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\LICENSE.EXE] => Enabled:eScan Registration Service
DomainProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\ESCANPRO.EXE] => Enabled:eScan Administration Service
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe] => Enabled:CyberLink PowerDVD14
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe] => Enabled:CyberLink PowerDVD 14 Media Server Service
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe] => Enabled:CyberLink PowerDVD14 Agent
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe] => Enabled:CyberLink PowerDVD14 Movie Module
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\DOWNLOAD.EXE] => Enabled:eScan Update Downloader
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\TRAYICOS.EXE] => Enabled:eScan Server Updater
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE] => Enabled:MicroWorld Management Agent
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\LICENSE.EXE] => Enabled:eScan Registration Service
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\eScan\ESCANPRO.EXE] => Enabled:eScan Administration Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Disabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Disabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Simple Port Forwarding\spf.exe] => Enabled:Simple Port Forwarding By PcWinTech.com
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD.exe] => Enabled:CyberLink PowerDVD14
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe] => Enabled:CyberLink PowerDVD 14 Media Server Service
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe] => Enabled:CyberLink PowerDVD14 Agent
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe] => Enabled:CyberLink PowerDVD14 Movie Module
StandardProfile\GloballyOpenPorts: [8501:TCP] => Enabled:NovaPDFUDPPortException
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft USB Sync
Description: Microsoft USB Sync
Class Guid: {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}
Manufacturer: Microsoft
Service: wceusbsh
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2016 05:36:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:29 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:29 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:29 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:28 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:28 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:24 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:24 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (02/07/2016 05:36:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (02/07/2016 05:14:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (02/07/2016 05:14:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (02/07/2016 05:13:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/07/2016 05:13:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/07/2016 04:32:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The novaPDF Server service hung on starting.

Error: (02/07/2016 04:31:56 PM) (Source: 0) (EventID: 55) (User: )
Description: G:

Error: (02/07/2016 04:31:56 PM) (Source: 0) (EventID: 55) (User: )
Description: G:

Error: (02/07/2016 10:31:34 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (02/07/2016 10:30:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/07/2016 09:02:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 59%
Total physical RAM: 2013.04 MB
Available physical RAM: 810.77 MB
Total Virtual: 3909.9 MB
Available Virtual: 2702.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:14.78 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:58.59 GB) (Free:5.39 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:62.5 GB) (Free:27.07 GB) NTFS
Drive g: () (Fixed) (Total:62.96 GB) (Free:57.34 GB) NTFS
Drive h: (Seagate Expansion Drive) (Fixed) (Total:465.76 GB) (Free:47.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: EBF1EBF1)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184.1 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: F9AB53BD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, i would prefer if you had run AdwCleaner, i list it again..

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you...

 

Kevin

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Thanks for yr quick response.

 

I ran Dr cureit and ADWCleaner. Also, yesterday (7Feb16) i ran MBAM and it identified sec center related modues as PUM. I went thru history page and deleted these entries. But today when i started the computer the antivirus program has again notified that the sec center related modules have been blocked.

Here are the logs.for MBAM (7feb16), drcureit and adwCleaner attached as txt files.

AdwCleanerC1 08 feb16.txt

cureit.log

MBAM lg 7 sep16.txt

Link to post
Share on other sites

Thanks for those logs, as the problem with sec center is still happening we need to use a more thorough tool, run the following please:

 

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Download Combofix from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

Ensure that Combofix is saved directly to the Desktop <--- Very important

 

Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 

Close any open browsers and any other programs you might have running

 

Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 

Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 

When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

 

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.

If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal

If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

  • Security Center/Action Center


  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Thanks,

 

Kevin..
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.