Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

track id==006-sp

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

track id==006-sp

Unread postby vamsilnm » May 30th, 2015, 2:42 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by User at 2015-05-30 11:54:06
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1449054458-2187534261-164310294-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1449054458-2187534261-164310294-501 - Limited - Disabled)
User (S-1-5-21-1449054458-2187534261-164310294-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
CNN (HKU\S-1-5-21-1449054458-2187534261-164310294-1001\...\Pokki_2cfdebb7887674bd04dd5349dc8a88e1ca584135) (Version: 1.0.2.45040 - Pokki)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
DC++ 0.851 (HKLM-x32\...\DC++) (Version: 0.851 - Jacek Sieka)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.4 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.19 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-1449054458-2187534261-164310294-1001\...\Pokki) (Version: 0.269.7.660 - Pokki)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
IP Messenger for Win (HKLM\...\IPMSG for Win32) (Version: - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.531.1 - Vimicro)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1449054458-2187534261-164310294-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Nitro Pro 8 (HKLM\...\{6E7DFD3E-2E89-4F35-B4F2-D3301A4AD190}) (Version: 8.5.6.5 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-1449054458-2187534261-164310294-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Zoomumba (HKU\S-1-5-21-1449054458-2187534261-164310294-1001\...\Pokki_fb143c84656e8d30faf9d30d8dc069921acf5bdc) (Version: 1.1.1.53290 - Pokki)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1449054458-2187534261-164310294-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1449054458-2187534261-164310294-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1449054458-2187534261-164310294-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1449054458-2187534261-164310294-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2013-08-22 18:55 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02874CF4-FFE4-4C61-ADA1-F9D5BEB1F29D} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {072EA091-7EC1-4737-8ABA-2CF1A2444412} - System32\Tasks\{5165102C-E3AC-41CD-A9CC-06434CCD73ED} => pcalua.exe -a "G:\Xilinx WebPACK_SFD_92i [REDHAWK]\setup.exe" -d "G:\Xilinx WebPACK_SFD_92i [REDHAWK]"
Task: {0F229FDE-63D2-411E-B9FA-BB3532E77E56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {0FFB3E92-34C6-4D97-8F04-7A8C9317D742} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-27] (Microsoft Corporation)
Task: {3514F77F-BB25-4731-9E45-78C2FF26418D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
Task: {3CC0AE2C-A512-4D79-A383-9848497FB528} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {4C0F567D-1488-4570-A79A-0B69D7C4A49F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-05-28] (Dropbox, Inc.)
Task: {4D4090AF-EBC5-473A-B298-ED5351673FFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-28] (Avast Software s.r.o.)
Task: {56BB8261-476C-4C0F-9F39-B09ACFD13946} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {6174C0C7-C36D-4228-8C33-F624511F9C68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {7DE13BDB-3B69-435F-9534-2585DE47B0A4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-30] (Microsoft Corporation)
Task: {8DF83ADD-CCDD-4A3A-A9F8-46EE42ECC139} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {B2589F43-CF14-44AD-922B-E116DF9F97E9} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {D405861B-D675-4AC4-8D22-F48705A52DC9} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-08-06] ()
Task: {F0E26D31-2C4A-48FB-BFB3-8599D3C2AC37} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-05-28] (Dropbox, Inc.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-27 22:33 - 2012-11-24 17:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2015-05-27 22:33 - 2012-12-07 07:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2015-05-27 22:33 - 2012-12-07 07:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-03-03 18:21 - 2014-03-03 18:21 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-03-03 18:21 - 2014-03-03 18:21 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-05-27 22:40 - 2015-05-27 22:40 - 06522944 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-07 15:18 - 2013-09-07 15:18 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 15:15 - 2013-09-07 15:15 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 15:22 - 2013-09-07 15:22 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-05-28 10:02 - 2015-05-28 10:02 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-28 10:02 - 2015-05-28 10:02 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-30 08:37 - 2015-05-30 08:37 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052901\algo.dll
2015-05-27 06:38 - 2015-05-23 01:52 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-27 06:38 - 2015-05-23 01:52 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-28 10:02 - 2015-05-28 10:02 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-03 17:51 - 2013-08-09 01:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-29 01:45 - 2015-04-29 01:45 - 00569856 _____ () C:\Users\User\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-29 01:45 - 2015-04-29 01:45 - 01400846 _____ () C:\Users\User\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-29 01:45 - 2015-04-29 01:45 - 00151054 _____ () C:\Users\User\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-29 01:45 - 2015-04-29 01:45 - 00222734 _____ () C:\Users\User\AppData\Local\Pokki\Engine\avformat-54.dll
2015-04-29 01:45 - 2015-04-29 01:45 - 00716288 _____ () C:\Users\User\AppData\Local\Pokki\Engine\libglesv2.dll
2015-04-29 01:45 - 2015-04-29 01:45 - 00130048 _____ () C:\Users\User\AppData\Local\Pokki\Engine\libegl.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 34089120 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 20722336 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-05-27 22:33 - 2015-05-27 22:33 - 00312896 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-05-27 22:33 - 2015-05-27 22:33 - 00354368 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2015-05-27 22:34 - 2015-05-27 22:39 - 01286256 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\PPRESOURCES.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\User\OneDrive:ms-properties
AlternateDataStreams: C:\Users\User\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1449054458-2187534261-164310294-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1971_venkateswara-wallpaper-hd-13.jpg
DNS Servers: 172.22.2.2 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{27EAC5FA-1C7B-4032-9975-29FBA4835AB5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{680C2BA5-0457-47C7-85D2-13EBE16D068D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{A704DDC5-7577-468D-B0BA-30DD4B8A4402}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{F31A830A-77E4-494A-8016-321B8D34AED2}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{ED338E4B-EB0F-478F-945B-16C038E9985F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{751964C8-8AAF-426D-A0AD-6A5BB8DBCBF5}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A636A325-16F7-428A-9663-3F7972937E6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{900F2932-9F32-4077-9E32-1DDF8B990CC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0E9B43A0-B759-45C9-A601-F0CE9990F1D4}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F76010EE-937D-44FA-BB9A-AFFA1DDFC8E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBA6A3B3-6E7F-4735-80F4-AC03DF4C8BC7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E4936FA-4131-48F6-B65E-E93A7A773087}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{638C5FED-D444-46B4-B34F-DF84D0EC0E28}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{360C8F2F-CD78-4ABF-B051-D1FA4D1F7726}C:\program files\ipmsg\ipmsg.exe] => (Allow) C:\program files\ipmsg\ipmsg.exe
FirewallRules: [UDP Query User{FFB651A7-0E4F-412A-B00B-950AB1D0850D}C:\program files\ipmsg\ipmsg.exe] => (Allow) C:\program files\ipmsg\ipmsg.exe
FirewallRules: [{58B06A29-91B8-4867-A053-64A12B4B083A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2015 11:44:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.16384, time stamp: 0x5215d806
Exception code: 0xc000027b
Fault offset: 0x0000000000056960
Faulting process id: 0x1d20
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (05/30/2015 11:14:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.16384, time stamp: 0x5215d806
Exception code: 0xc000027b
Fault offset: 0x0000000000056960
Faulting process id: 0x233c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (05/30/2015 10:31:35 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 10:31:35 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 10:28:01 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 10:26:19 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:57:14 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:57:13 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:57:10 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:46:31 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:


System errors:
=============
Error: (05/30/2015 10:16:47 AM) (Source: DCOM) (EventID: 10016) (User: KRISHNA-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KRISHNA-PCUserS-1-5-21-1449054458-2187534261-164310294-1001LocalHost (Using LRPC)Farlex.581429F59E1D8_2.1.0.18_x64__wyegy4e46y996S-1-15-2-1267739591-1137297291-83386112-1979864472-959024908-3354412519-3889419757

Error: (05/30/2015 09:52:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (05/30/2015 09:47:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%1053

Error: (05/30/2015 09:47:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

Error: (05/30/2015 09:47:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (05/30/2015 09:47:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error:
%%1053

Error: (05/30/2015 09:47:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.

Error: (05/30/2015 09:47:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error:
%%1053

Error: (05/30/2015 09:47:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.

Error: (05/30/2015 09:47:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Personal Firewall Service service failed to start due to the following error:
%%1053


Microsoft Office:
=========================
Error: (05/30/2015 11:44:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.163845215d806c000027b00000000000569601d2001d09a9fc2813cdcC:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll1770a148-0693-11e5-8259-28e3476de9d9WAGmob.KeyboardShortcutsforMSOffice2013-simpleNeas_1.5.0.0_neutral__cjas0z9z8ytxmApp

Error: (05/30/2015 11:14:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.163845215d806c000027b0000000000056960233c01d09a9b21e422c1C:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dlldfd3bcbc-068e-11e5-8259-28e3476de9d9WAGmob.KeyboardShortcutsforMSOffice2013-simpleNeas_1.5.0.0_neutral__cjas0z9z8ytxmApp

Error: (05/30/2015 10:31:35 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 10:31:35 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 10:28:01 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 10:26:19 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:57:14 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:57:13 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:57:10 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/30/2015 09:46:31 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 74%
Total physical RAM: 3997.04 MB
Available physical RAM: 1032.87 MB
Total Pagefile: 5510.63 MB
Available Pagefile: 1491.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:214.69 GB) (Free:106.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (AntiTankHelicopt) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (General) (Fixed) (Total:112.3 GB) (Free:33.82 GB) NTFS
Drive h: (Education) (Fixed) (Total:104.1 GB) (Free:46.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF0A95A8)

Partition: GPT Partition Type.

==================== End of log ============================
vamsilnm
Active Member
 
Posts: 1
Joined: May 30th, 2015, 2:25 am
Advertisement
Register to Remove

Re: track id==006-sp

Unread postby Cypher » May 30th, 2015, 11:24 am

Incomplete Logs

By posting incomplete FRST logs it is likely that your topic will be passed by and you will not receive the help you're looking for.
We need to know what's running on your computer so that we can provide the appropriate instructions.

May I draw your attention to THIS topic, which you should have read, that states what we need you to post, so we can help you.
If you still need help, please start a new thread an include your full FRST logs:
  • FRST.txt
  • Addition.txt
  • Details of the problems you're experiencing.
If for any reason you can't run FRST, please let us know in your post.


This topic will now be closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware