Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adultube.info - Popup in chrome and IE !!


  • This topic is locked This topic is locked
9 replies to this topic

#1 swapnilba

swapnilba

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 19 April 2015 - 05:24 AM

Hello,

 

For past few days I have been getting this strange popup of adultube.info/community randomly when I try to open a new website in either chrome or IE or even if I click on some links on trusted websites. I tried to search a bit on this and found that this is indeed a malware which attacks the browsers and redirects the searches, and could be dangerous if not removed.

I followed advices given in some other forums such as resetting the default settings in browsers, editing the registry keys and also to uninstall any suspicious looking programs from the computer. But none of it has helped so far. I uninstalled google chrome and mozilla also, but this hasnt helped either.

Can some expert in this forum help me in removing this virus as this is my company's laptop and I dont want any windows reinstallation etc on it.

As per the requirements on this forum, I downloaded the FRST tool and here are my logs after the scan finished. I have also attached the files to this post. 

Is there something else I need to add to this post? Awaiting reply.

 

Thanks,

Swapnil

 

 

*****************************************************************************************************************************************************************************************************************

FRST.txt -

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015
Ran by bhandswa (administrator) on WL307676 on 19-04-2015 15:36:37
Running from C:\Users\bhandswa\Downloads
Loaded Profiles: bhandswa (Available profiles: bhandswa)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32ST.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FNRB32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FIH32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-01-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2014-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2014-12-08] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2014-12-08] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2014-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RunAppInstall] => C:\WINDOWS\UDI\AppInstall.exe [68200 2014-12-08] (Microsoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [348712 2013-11-21] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1879080 2013-11-21] (F-Secure Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HIDESCAHEALTH] 1
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19105944 2015-02-10] (Microsoft Corporation)
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Policies\Explorer: [NoStartMenuMyGames] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-4162059163-1544859033-1701284029-16875 -> DefaultScope {977F4EB2-CCB7-42DE-AB27-F982113FC844} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4162059163-1544859033-1701284029-16875 -> {977F4EB2-CCB7-42DE-AB27-F982113FC844} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: PDFXChange 2012 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 213.163.64.81 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\bhandswa\AppData\Roaming\Mozilla\Firefox\Profiles\o74e44m6.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (YouTube) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
CHR Extension: (Adblock Plus) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-19]
CHR Extension: (Google Search) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
CHR Extension: (Google Sheets) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
CHR Extension: (Gmail) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [577704 2014-08-24] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10820400 2014-09-26] (DisplayLink Corp.)
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [224296 2013-11-21] (F-Secure Corporation)
R3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [217128 2013-11-21] (F-Secure Corporation)
R2 fsdevcon; C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe [527912 2013-11-21] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [853032 2013-11-21] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [206888 2013-11-21] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60456 2015-03-19] (F-Secure Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [323304 2014-03-04] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2014-12-08] (Realtek Semiconductor)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-04-19] (Enigma Software Group USA, LLC.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmlehid; C:\Windows\system32\drivers\btmlehid.sys [76088 2014-12-08] (Motorola Solutions, Inc.)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495888 2014-12-08] (Intel Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-04-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-19] ()
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [208424 2015-03-19] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [71080 2015-04-14] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2015-03-19] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [44328 2013-11-21] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94056 2013-11-21] (F-Secure Corporation)
R3 fsni; C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [90152 2015-04-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [13352 2013-11-21] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2014-12-08] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2162648 2014-12-08] (Realtek Semiconductor Corp.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2014-12-20] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2014-12-20] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-12-08] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3584992 2014-12-08] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2014-12-08] (O2Micro )
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2014-12-08] (STMicroelectronics)
S3 swg3knmea05; C:\Windows\system32\drivers\swg3knmea05.sys [269488 2014-12-08] (Sierra Wireless Incorporated)
S3 swg3kser05; C:\Windows\system32\drivers\swg3kser05.sys [269488 2014-12-08] (Sierra Wireless Incorporated)
S3 swibus05; C:\Windows\system32\drivers\swibus05.sys [88848 2014-12-08] (Sierra Wireless Inc.)
S3 swibusflt05; C:\Windows\system32\drivers\swibusflt05.sys [88848 2014-12-08] (Sierra Wireless Inc.)
R0 wPCI; C:\Windows\System32\drivers\wPci.sys [67224 2014-12-08] (Wilocity Ltd.)
S4 F-Secure Filter; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [X]
S4 F-Secure Recognizer; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 15:36 - 2015-04-19 15:36 - 00018423 _____ () C:\Users\bhandswa\Downloads\FRST.txt
2015-04-19 15:35 - 2015-04-19 15:36 - 00000000 ____D () C:\FRST
2015-04-19 15:35 - 2015-04-19 15:35 - 02098176 _____ (Farbar) C:\Users\bhandswa\Downloads\FRST64.exe
2015-04-19 15:03 - 2015-04-19 15:03 - 00002265 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-19 15:03 - 2015-04-19 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-19 15:00 - 2015-04-19 15:00 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Deployment
2015-04-19 15:00 - 2015-04-19 15:00 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Apps\2.0
2015-04-19 14:50 - 2015-04-19 14:50 - 09387478 _____ () C:\Users\bhandswa\Desktop\backup.reg
2015-04-19 12:30 - 2015-04-19 12:30 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-04-19 11:51 - 2015-04-19 11:51 - 00003326 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-04-19 11:51 - 2015-04-19 11:51 - 00001093 _____ () C:\Users\bhandswa\Desktop\SpyHunter.lnk
2015-04-19 11:51 - 2015-04-19 11:51 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-04-19 11:51 - 2015-04-19 11:51 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\Enigma Software Group
2015-04-19 11:51 - 2015-04-19 11:51 - 00000000 _____ () C:\autoexec.bat
2015-04-19 11:50 - 2015-04-19 11:50 - 00000000 ____D () C:\sh4ldr
2015-04-19 11:47 - 2015-04-19 11:47 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-04-19 11:47 - 2015-04-19 11:47 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-19 11:46 - 2015-04-19 11:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\bhandswa\Downloads\SpyHunter-Installer.exe
2015-04-19 11:30 - 2015-04-19 11:30 - 00007346 _____ () C:\Users\bhandswa\Desktop\zoek-results.txt
2015-04-18 23:43 - 2015-04-18 23:43 - 00000000 ____D () C:\ProgramData\Validity
2015-04-18 23:41 - 2015-04-19 11:31 - 00000025 _____ () C:\Users\bhandswa\AppData\Roaming\Network Meter_Usage.ini
2015-04-18 23:40 - 2015-04-18 23:19 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-18 23:20 - 2015-04-18 23:50 - 00007346 _____ () C:\zoek-results.log
2015-04-18 23:19 - 2015-04-18 23:35 - 00000000 ____D () C:\zoek_backup
2015-04-18 23:17 - 2015-04-18 23:17 - 00000000 ____D () C:\Users\bhandswa\Downloads\zoek
2015-04-18 23:16 - 2015-04-18 23:16 - 04170178 _____ () C:\Users\bhandswa\Downloads\zoek.zip
2015-04-16 19:32 - 2015-04-16 19:32 - 00000059 _____ () C:\Users\bhandswa\Desktop\Post office.txt
2015-04-16 11:22 - 2015-04-16 11:25 - 00542580 _____ () C:\Users\bhandswa\Desktop\Pune Team Intro.pptx
2015-04-13 18:58 - 2015-04-13 18:58 - 00000094 _____ () C:\Users\bhandswa\Desktop\Salary.txt
2015-04-13 00:02 - 2015-04-13 00:03 - 00000000 ____D () C:\Users\bhandswa\Downloads\Emraan Hashmi - Hit Songs Machine [2013-MP3-VBR-320Kbps] - [DJMaza]
2015-04-12 00:45 - 2015-04-12 15:44 - 00000000 ____D () C:\Users\bhandswa\Downloads\Songs
2015-04-12 00:09 - 2015-04-12 00:09 - 00000000 ____D () C:\Users\bhandswa\Tracing
2015-04-12 00:01 - 2015-04-19 11:35 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\Skype
2015-04-12 00:01 - 2015-04-12 00:01 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-12 00:01 - 2015-04-12 00:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-12 00:01 - 2015-04-12 00:01 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Skype
2015-04-12 00:01 - 2015-04-12 00:01 - 00000000 ____D () C:\ProgramData\Skype
2015-04-12 00:01 - 2015-04-12 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-11 23:55 - 2015-04-11 23:56 - 01380960 _____ (Skype Technologies S.A.) C:\Users\bhandswa\Downloads\SkypeSetup.exe
2015-04-09 10:36 - 2015-04-09 10:48 - 00053760 _____ () C:\Users\bhandswa\Desktop\Order Handling Handover Plan with Dates Updated.xls
2015-04-06 23:10 - 2015-04-11 22:20 - 00000000 ____D () C:\Users\bhandswa\Downloads\Lata-Madan Mohan
2015-04-05 22:54 - 2015-04-05 22:54 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Intel_Corporation
2015-04-05 00:32 - 2015-04-05 00:33 - 00000000 ____D () C:\Users\bhandswa\Downloads\Movies
2015-04-05 00:12 - 2015-04-05 00:12 - 00020110 _____ () C:\Users\bhandswa\Downloads\[kickass.to]madan.mohan.lata.mangeshkar.everlasting.classics.mp3.torrent
2015-04-04 14:38 - 2015-04-04 14:38 - 00001721 _____ () C:\Users\bhandswa\Desktop\TDS Query.txt
2015-04-04 00:36 - 2015-04-04 00:38 - 00000000 ____D () C:\Users\bhandswa\Downloads\The.Fault.in.Our.Stars.2014.EXTENDED.HDRip.XviD-SaM[ETRG]
2015-04-04 00:07 - 2015-04-04 00:09 - 00000000 ____D () C:\Users\bhandswa\Downloads\SHAMITABH (2015) 1CD [DVDRIP-700MB-x264]~OMF~[TEAMLEGACY]
2015-04-03 20:42 - 2015-04-03 20:43 - 00000000 ____D () C:\Users\bhandswa\Downloads\Tapaal - NonRetail - DVDRip - 1CD - AC-3 - S@lM@STER
2015-04-03 19:07 - 2015-04-03 19:07 - 00029299 _____ () C:\Users\bhandswa\Downloads\05E5EFDD2CA6E1220A7E111D79FE8E67DDBBAC9D.torrent
2015-04-03 10:18 - 2015-04-03 10:18 - 00000000 ____D () C:\Users\bhandswa\Downloads\Narbachi Wadi [ 2013 ] - Marathi Movies - DVDRip - x264 - 1CD - AC-3 - Cool_Candy
2015-04-03 10:17 - 2015-04-03 11:14 - 00000000 ____D () C:\Users\bhandswa\Downloads\Poshter Boyz (2014)
2015-04-03 10:17 - 2015-04-03 10:17 - 00018798 _____ () C:\Users\bhandswa\Downloads\8E3CC18BE291A45EA9FDEDBB281B3F819C164567.torrent
2015-04-03 10:16 - 2015-04-03 10:16 - 00018449 _____ () C:\Users\bhandswa\Downloads\BA094B0CCB95363BC4BBAFB9AF4B2187415335F2.torrent
2015-04-03 10:15 - 2015-04-03 11:44 - 00000000 ____D () C:\Users\bhandswa\Downloads\Vitti Dandu [ 2014 ] -  Marathi Movies -  Non Retail DvDRip - x264 - 1CD _AC-3 - Cool_Candy
2015-04-03 10:13 - 2015-04-03 10:13 - 00012668 _____ () C:\Users\bhandswa\Downloads\975B70380336FB49FB4B4EF8163F8F29BEBD2BCC.torrent
2015-04-03 10:08 - 2015-04-03 10:08 - 00013731 _____ () C:\Users\bhandswa\Downloads\EEFB7707A68C8B17A1A1A6F7EEC18D8F28255FB1.torrent
2015-04-03 10:08 - 2015-04-03 10:08 - 00000000 ____D () C:\Users\bhandswa\Downloads\Balkadu (2015) 720p - HDRip - x264 - D3Si MaNiaCs
2015-04-01 16:25 - 2015-04-19 14:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-01 16:25 - 2015-04-01 16:25 - 00778928 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-01 16:25 - 2015-04-01 16:25 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-01 16:25 - 2015-04-01 16:25 - 00003768 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-30 23:37 - 2015-04-01 23:22 - 00000000 ____D () C:\Users\bhandswa\Downloads\Gone Girl (2014)
2015-03-30 00:51 - 2015-03-30 00:51 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-03-30 00:48 - 2015-04-05 00:31 - 00000000 ____D () C:\Users\bhandswa\Downloads\Bollywood Latest 2014 Movie 128Kbps Full Mp3 Songs Collection 02 By TG
2015-03-30 00:48 - 2015-03-30 03:14 - 00000000 ____D () C:\Users\bhandswa\Downloads\Pune 52 - {2013} - Mrathi Movies - WebRip - x264 - 1CD - AC-3 - Cool_Candy
2015-03-30 00:48 - 2015-03-30 02:02 - 00000000 ____D () C:\Users\bhandswa\Downloads\Elizabeth - Ekadashi NonRetail - DVDRip - 1CD - AC-3 - S@lM@STER
2015-03-30 00:44 - 2015-03-30 00:44 - 00012943 _____ () C:\Users\bhandswa\Downloads\9264FFA468E65C75B1FF77640A47F3DFFB1DC2BF.torrent
2015-03-30 00:41 - 2015-03-30 00:41 - 00028558 _____ () C:\Users\bhandswa\Downloads\FD23405B75442B1CF63BEE8AE4F38DC5E49E4BB0.torrent
2015-03-30 00:35 - 2015-03-30 00:35 - 00014942 _____ () C:\Users\bhandswa\Downloads\411BBC3D3312F5EC65A773FA8D06E0925ECBA81A.torrent
2015-03-30 00:30 - 2015-03-30 00:30 - 00008313 _____ () C:\Users\bhandswa\Downloads\F8A354474F8FDAAF38894B602D83B13515C64B12.torrent
2015-03-30 00:30 - 2015-03-30 00:30 - 00000000 ____D () C:\Users\bhandswa\Downloads\The Woman in Black 2 Angel of Death (2014)
2015-03-30 00:26 - 2015-03-30 00:26 - 00000000 ____D () C:\Users\bhandswa\Downloads\Two Night Stand (2014)
2015-03-30 00:21 - 2015-03-30 00:21 - 00007702 _____ () C:\Users\bhandswa\Downloads\FE27F63A160567AD53292E21AFEE091C86A17065.torrent
2015-03-30 00:18 - 2015-03-30 00:18 - 00010531 _____ () C:\Users\bhandswa\Downloads\A06130D93965BCA27A04CCB9A54CACEB1F5FBCB1.torrent
2015-03-30 00:15 - 2015-04-03 23:46 - 00000000 ____D () C:\Users\bhandswa\Downloads\The.Theory.of.Everything.2014.BRRip.XviD-SaM[ETRG]
2015-03-30 00:14 - 2015-03-30 00:14 - 00015298 _____ () C:\Users\bhandswa\Downloads\B0B2DDB2CF36BE86EBCE9030B50565F7801E6479.torrent
2015-03-29 23:58 - 2015-03-29 23:58 - 00019654 _____ () C:\Users\bhandswa\Downloads\2DF2B0BD3FB289ED7742A6E74C5916CA4483CCB2.torrent
2015-03-28 23:49 - 2015-03-28 23:49 - 00015123 _____ () C:\Users\bhandswa\Downloads\B299C58BD833B2E4756E6986431C88C3D6A31D75.torrent
2015-03-28 23:43 - 2015-04-02 00:31 - 00000000 ____D () C:\Users\bhandswa\Downloads\Roy 2015 Hindi 720p HDRip x264 AAC - Hon3y
2015-03-28 23:42 - 2015-03-28 23:42 - 00011637 _____ () C:\Users\bhandswa\Downloads\FBF9CDE6B405076911C6046E57B3D1F758613EE0.torrent
2015-03-28 19:12 - 2015-03-28 19:13 - 00000000 ____D () C:\Users\bhandswa\Downloads\Dum Laga Ke Haisha 2015 x264 pDVD Rip [DDR]
2015-03-28 19:12 - 2015-03-28 19:12 - 00014801 _____ () C:\Users\bhandswa\Downloads\3FFF9A56A3699C53E59564244362FD3CE3763307.torrent
2015-03-28 19:11 - 2015-03-28 19:11 - 00029478 _____ () C:\Users\bhandswa\Downloads\BF7DF803962C9844360EE6E422CC03E59F447645.torrent
2015-03-28 19:11 - 2015-03-28 19:11 - 00000000 ____D () C:\Users\bhandswa\Downloads\NH10 (2015) - DVDScr - XviD - 1CDRip (Audio Cleaned) - TeamTelly [ExCluSivE]
2015-03-28 19:07 - 2015-03-28 19:09 - 07501170 _____ () C:\Users\bhandswa\Downloads\Sample 1CD XviD.avi
2015-03-28 19:05 - 2015-03-28 19:05 - 00014914 _____ () C:\Users\bhandswa\Downloads\BDC39326B4B8F624043DC4900720C11EA86ACA1E.torrent
2015-03-28 16:52 - 2015-03-28 16:53 - 00000000 ____D () C:\Users\bhandswa\Downloads\Badlapur (2015) - DVDScr - x264 - AAC [DDR]
2015-03-28 16:40 - 2015-03-28 16:40 - 00016885 _____ () C:\Users\bhandswa\Downloads\A8C8E7E6DAFF27F3A2E3905C7FB4EBF6CE6EFF83.torrent
2015-03-28 16:38 - 2015-03-31 10:22 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for AP-bhandswa WL307676.ap.tieto.com
2015-03-28 01:24 - 2015-03-28 01:24 - 00003678 _____ () C:\WINDOWS\System32\Tasks\klcp_update
2015-03-28 01:24 - 2015-03-28 01:24 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\MPC-HC
2015-03-28 01:24 - 2015-03-28 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-03-28 01:23 - 2015-03-28 01:23 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-03-28 01:06 - 2015-03-28 01:20 - 34438156 _____ ( ) C:\Users\bhandswa\Downloads\K-Lite_Codec_Pack_1105_Full.exe
2015-03-28 00:33 - 2015-04-05 00:34 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\vlc
2015-03-28 00:31 - 2015-03-28 00:31 - 00001076 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-28 00:31 - 2015-03-28 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-28 00:30 - 2015-03-28 00:30 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-27 21:00 - 2015-04-19 15:00 - 00008677 _____ () C:\Users\bhandswa\Network_Meter_Data.js
2015-03-27 20:51 - 2015-04-19 11:34 - 00006254 _____ () C:\Users\bhandswa\IP_Log_Data.js
2015-03-27 20:47 - 2015-04-05 00:27 - 00000000 ____D () C:\Users\bhandswa\Downloads\Khamoshiyan(Original Motion Picture Soundtrack)-2015-320 kbps
2015-03-27 20:47 - 2015-03-27 20:47 - 00020537 _____ () C:\Users\bhandswa\Downloads\902B8D6542E522F2810A290E47C0A2B3C05F0DC9.torrent
2015-03-27 20:41 - 2015-04-05 00:27 - 00000000 ____D () C:\Users\bhandswa\Downloads\Roy (2015) ~ Original Music Songs ~ Full Album ~ 320kbps Hindi Songs Rip ~ SuperRip
2015-03-27 20:39 - 2015-04-05 00:26 - 00000000 ____D () C:\Users\bhandswa\Downloads\Badlapur (2015) ~ Original Music Songs ~ 320kbps Hindi Songs Rip ~ SuperRip
2015-03-27 20:24 - 2015-04-19 11:43 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\uTorrent
2015-03-27 20:19 - 2015-03-27 20:21 - 01739088 _____ (BitTorrent Inc.) C:\Users\bhandswa\Downloads\uTorrent.exe
2015-03-26 10:30 - 2015-03-26 10:30 - 00000000 _____ () C:\WINDOWS\fsiugeneric.log
2015-03-26 10:29 - 2015-03-26 10:30 - 00003432 _____ () C:\WINDOWS\fsiuupd.log
2015-03-25 12:54 - 2015-02-23 16:22 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-25 12:54 - 2015-02-23 16:22 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-25 12:54 - 2015-02-23 16:21 - 01409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-25 12:54 - 2015-02-23 16:21 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-25 12:54 - 2015-02-23 16:21 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 19301888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 15410688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 02656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-25 12:54 - 2015-02-23 16:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-25 12:54 - 2015-02-23 16:19 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-25 12:54 - 2015-02-23 14:47 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-03-25 12:54 - 2015-02-23 14:21 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-25 12:54 - 2015-02-23 13:55 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RegisterIEPKEYs.exe
2015-03-25 12:54 - 2015-02-21 11:01 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-25 12:54 - 2015-02-21 11:01 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-25 12:54 - 2015-02-21 11:01 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 14380544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 13768704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-03-25 12:54 - 2015-02-21 11:00 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-03-25 12:54 - 2015-02-21 10:59 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-25 12:54 - 2015-02-21 10:59 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-25 12:54 - 2015-02-21 10:59 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-25 12:54 - 2015-02-21 10:39 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-03-25 12:54 - 2015-02-21 10:12 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-25 12:54 - 2015-02-21 09:49 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RegisterIEPKEYs.exe
2015-03-25 11:26 - 2015-01-09 05:14 - 00419936 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-25 11:26 - 2015-01-09 05:13 - 00419936 _____ () C:\WINDOWS\system32\locale.nls
2015-03-24 17:25 - 2015-03-24 17:25 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-03-24 11:21 - 2015-03-24 11:21 - 613303505 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-24 11:21 - 2015-03-24 11:21 - 00986152 _____ () C:\WINDOWS\Minidump\032415-32619-01.dmp
2015-03-24 11:21 - 2015-03-24 11:21 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-23 15:51 - 2015-03-23 15:51 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\Xerox
2015-03-23 15:51 - 2015-03-23 15:51 - 00000000 ____D () C:\ProgramData\Xerox
2015-03-23 14:44 - 2015-03-23 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
2015-03-23 14:44 - 2015-03-23 14:44 - 00000000 ____D () C:\Program Files\Common Files\Deterministic Networks
2015-03-23 14:41 - 2015-03-23 14:42 - 00000000 ____D () C:\Users\bhandswa\Downloads\CiscoVPNCLIENT
2015-03-23 14:26 - 2015-03-23 14:26 - 00000000 ____D () C:\ProgramData\RSA
2015-03-23 13:47 - 2015-03-23 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA
2015-03-23 13:47 - 2015-03-23 13:47 - 00000000 ____D () C:\Program Files (x86)\RSA SecurID Token Common
2015-03-23 13:47 - 2015-03-23 13:47 - 00000000 ____D () C:\Program Files (x86)\RSA SecurID Software Token
2015-03-23 13:37 - 2015-03-23 13:37 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2015-03-23 13:35 - 2015-03-23 14:46 - 00001750 _____ () C:\WINDOWS\VPNInstall.MIF
2015-03-23 13:35 - 2015-03-23 13:41 - 00000000 ____D () C:\WINDOWS\21E247D45E274BEAAA4D19A81203FE2A.TMP
2015-03-23 13:34 - 2015-03-23 13:40 - 00000000 ____D () C:\Temp
2015-03-20 20:41 - 2015-03-20 20:41 - 00000000 ____D () C:\Users\bhandswa\Documents\Outlook Files
2015-03-20 19:58 - 2015-03-20 19:58 - 00001510 _____ () C:\Users\bhandswa\Desktop\firefox - Shortcut.lnk
2015-03-20 19:56 - 2015-03-20 19:57 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\Mozilla
2015-03-20 19:56 - 2015-03-20 19:57 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Mozilla
2015-03-20 19:44 - 2015-03-20 19:44 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Adobe
2015-03-20 19:38 - 2015-03-20 19:38 - 00243368 _____ () C:\Users\bhandswa\Downloads\Firefox Setup Stub 36.0.1.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 15:36 - 2015-01-27 11:34 - 01712339 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-19 15:24 - 2015-01-27 16:26 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 15:03 - 2015-03-19 14:54 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Google
2015-04-19 15:03 - 2015-01-27 16:26 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-19 11:44 - 2015-01-27 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-19 11:40 - 2009-07-14 10:15 - 00019120 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 11:40 - 2009-07-14 10:15 - 00019120 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 11:37 - 2009-07-14 10:43 - 00788740 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-19 11:35 - 2015-01-27 11:36 - 00000600 _____ () C:\WINDOWS\SMSCFG.INI
2015-04-19 11:32 - 2015-01-27 16:26 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 11:32 - 2009-07-14 10:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 11:32 - 2009-07-14 10:21 - 00040244 _____ () C:\WINDOWS\setupact.log
2015-04-18 23:42 - 2010-11-21 09:17 - 00164862 _____ () C:\WINDOWS\PFRO.log
2015-04-18 23:37 - 2015-03-17 16:19 - 00000000 ____D () C:\Users\sawanshy\AppData\Local\Google
2015-04-18 23:37 - 2015-01-28 17:49 - 00000000 ____D () C:\Users\phaleroh\AppData\Local\Google
2015-04-18 23:37 - 2015-01-27 17:17 - 00000000 ____D () C:\Users\kacheaji\AppData\Local\Google
2015-04-18 23:37 - 2015-01-27 16:26 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-04-18 23:37 - 2015-01-27 16:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-04-18 23:37 - 2015-01-27 16:26 - 00000000 ____D () C:\Users\ADMINI~1\AppData\Local\Google
2015-04-18 23:35 - 2009-07-14 08:50 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-18 13:14 - 2015-03-16 23:56 - 00000000 ____D () C:\Mails
2015-04-17 19:46 - 2015-03-19 16:26 - 00002232 ____H () C:\Users\bhandswa\Documents\Default.rdp
2015-04-17 19:42 - 2015-03-19 17:06 - 00004956 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for {26489c9a-d13d-460c-a40e-6e17c3e98efe} WL307676.ap.tieto.com
2015-04-17 19:22 - 2015-01-27 11:34 - 00001512 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-04-17 18:58 - 2015-01-27 17:21 - 00001594 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Center.lnk
2015-04-17 12:12 - 2009-07-14 11:02 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-04-16 19:32 - 2015-03-16 23:39 - 00016491 ____H () C:\Users\bhandswa\Desktop\~WRL0005.tmp
2015-04-12 23:50 - 2014-07-17 21:20 - 00000000 ____D () C:\Users\bhandswa\Downloads\MOHD RAFI The Golden Collection
2015-04-12 00:09 - 2015-03-19 14:54 - 00000000 ____D () C:\Users\bhandswa
2015-04-11 15:48 - 2015-03-16 23:39 - 00001607 _____ () C:\Users\bhandswa\Desktop\iview questions.txt
2015-04-09 10:35 - 2015-03-19 14:54 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\Microsoft Help
2015-04-09 10:29 - 2009-07-14 08:50 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-06 12:03 - 2015-01-27 17:18 - 00032306 __RSH () C:\ProgramData\ntuser.pol
2015-04-04 14:00 - 2015-03-16 23:39 - 00000443 _____ () C:\Users\bhandswa\Desktop\Aai paisa.txt
2015-04-02 14:56 - 2015-03-19 18:46 - 00000000 ____D () C:\Users\bhandswa\Documents\My Received Files
2015-04-02 11:03 - 2015-03-16 23:39 - 00053248 _____ () C:\Users\bhandswa\Desktop\Order Handling Handover Plan with Dates.xls
2015-03-31 13:31 - 2015-01-27 16:10 - 00000000 ____D () C:\WINDOWS\ccmcache
2015-03-31 09:35 - 2009-07-14 10:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-03-28 17:18 - 2009-07-14 08:50 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-28 00:12 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-27 14:17 - 2015-03-16 23:39 - 00333312 _____ () C:\Users\bhandswa\Desktop\Fenix_Release_Timetable.xls
2015-03-26 10:53 - 2015-03-16 23:39 - 00000000 ____D () C:\Users\bhandswa\Desktop\StatusReport
2015-03-25 11:30 - 2015-01-27 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-25 11:29 - 2015-01-27 16:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-25 11:22 - 2009-07-14 08:04 - 00000478 _____ () C:\WINDOWS\win.ini
2015-03-24 11:35 - 2015-01-27 11:36 - 00000000 ____D () C:\WINDOWS\ccmsetup
2015-03-23 14:26 - 2015-03-19 14:55 - 00000000 ____D () C:\Users\bhandswa\AppData\Local\VirtualStore
2015-03-23 10:23 - 2015-03-19 14:55 - 00006720 __RSH () C:\Users\bhandswa\ntuser.pol
2015-03-20 20:34 - 2015-03-19 14:57 - 00001423 _____ () C:\Users\bhandswa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-20 20:25 - 2009-07-14 10:15 - 00433064 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-20 20:23 - 2009-07-14 08:50 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-20 19:44 - 2015-03-19 14:54 - 00000000 ____D () C:\Users\bhandswa\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2015-04-18 23:41 - 2015-04-19 11:31 - 0000025 _____ () C:\Users\bhandswa\AppData\Roaming\Network Meter_Usage.ini
 
Files to move or delete:
====================
C:\Users\bhandswa\IP_Log_Data.js
C:\Users\bhandswa\Network_Meter_Data.js
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 09:47
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
*************************************************************************************************************************************************************************************************************
 
Addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015
Ran by bhandswa at 2015-04-19 15:37:13
Running from C:\Users\bhandswa\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: F-Secure Client Security Premium 11.50 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: F-Secure Client Security Premium 11.50 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: F-Secure Client Security Premium 11.50 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
DisplayLink Core Software (HKLM\...\{16A951F0-1A5B-450F-B828-8E26CB8FB08F}) (Version: 7.7.57957.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{249173FD-D060-4D5A-9C14-040D5A25D6D4}) (Version: 7.7.57957.0 - DisplayLink Corp.)
F-Secure Client Security Premium - Browsing protection (HKLM-x32\...\F-Secure Browsing Protection) (Version: 2.00.492 - F-Secure Corporation)
F-Secure Client Security Premium - DeepGuard (HKLM-x32\...\F-Secure HIPS) (Version: 5.0.411 - F-Secure Corporation)
F-Secure Client Security Premium - Device control (HKLM-x32\...\F-Secure Device Control) (Version: 1.00.17496 - F-Secure Corporation)
F-Secure Client Security Premium - E-Mail Scanning (HKLM-x32\...\F-Secure E-mail Scanning) (Version: 6.00.533 - F-Secure Corporation)
F-Secure Client Security Premium - Internet Shield (HKLM-x32\...\F-Secure Internet Shield) (Version: 6.40 - F-Secure Corporation)
F-Secure Client Security Premium - Virus & Spy Protection (HKLM-x32\...\F-Secure Anti-Virus) (Version: 9.51.110 - F-Secure Corporation)
F-Secure Client Security Premium - Web traffic scanning (HKLM-x32\...\F-Secure Protocol Scanner) (Version: 3.00.909 - F-Secure Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hangouts Plugin for Microsoft Outlook® 1.0.65.0 (x86) (HKLM-x32\...\{217449B4-9083-4A44-BA87-5C51DAE738BE}) (Version: 1.0.65.0 - Google, Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3257 - Intel Corporation)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Juniper Installer Service (HKLM-x32\...\{0081D6E7-0CF1-4C19-ADBB-94EEC2476DCC}) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Host Checker (HKU\.DEFAULT\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Network Connect 7.1.0.20169 EN [1.0] (x32 Version: 1.0 - <no manufacturer>) Hidden
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
K-Lite Codec Pack 11.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.5 - )
MDOP MBAM (HKLM\...\{1B0FF767-2365-4E2B-91D1-93D442944055}) (Version: 2.5.0244.0 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF-XChange 2012 Pro (HKLM\...\{BEBACD1C-6CA9-4828-BA61-9E1E54C889D9}) (Version: 5.0.259.0 - Tracker Software Products (Canada) Ltd.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5978 - Realtek Semiconductor Corp.)
RSA SecurID Software Token (HKLM-x32\...\{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}) (Version: 4.1.0 - RSA, The Security Division of EMC)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steelray Project Viewer (HKLM-x32\...\{0BFC41AC-3156-474F-890E-CD809BFB7EA6}) (Version: 5.1.0.0 - Steelray Software)
Tieto Image Bank 2.0 EN [1.0] (HKLM-x32\...\{E0EE5CE6-7D16-409A-9393-8FFF7A8310B6}) (Version: 1.0 - Tieto)
Tieto PowerPoint Wizard 2.0 EN [1.0] (HKLM-x32\...\{E35A145E-C5B9-487D-9B2F-B7433AD3EDA6}) (Version: 1.0 - Tieto)
Tieto Word Templates 1.1 MUL [1.0] (HKLM-x32\...\{74AA4453-686B-4222-A537-000B46A88E0F}) (Version: 1.0 - Tieto)
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4162059163-1544859033-1701284029-16875_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
19-03-2015 17:25:09 Windows Update
19-03-2015 17:39:26 Windows Update
19-03-2015 17:51:30 Windows Update
19-03-2015 17:54:09 Windows Update
23-03-2015 13:34:45 Installed Cisco Systems VPN Client 5.0.06.0160
23-03-2015 13:41:08 Installed Cisco Systems VPN Client 5.0.06.0160
23-03-2015 13:47:01 Installed RSA SecurID Software Token.
23-03-2015 14:43:49 Installed Cisco Systems VPN Client 5.0.07.0290
25-03-2015 11:17:42 Windows Update
25-03-2015 12:54:09 Windows Update
02-04-2015 12:00:27 Scheduled Checkpoint
12-04-2015 16:30:03 Scheduled Checkpoint
18-04-2015 23:21:00 zoek.exe restore point
19-04-2015 12:29:14 Removed Google Chrome
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08D18091-4A1C-45D1-8D9E-E4B8C99CB3B1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {26489c9a-d13d-460c-a40e-6e17c3e98efe} WL307676.ap.tieto.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {0C82024A-0E71-4CB9-9817-FDCB07C3B14F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-01] (Adobe Systems Incorporated)
Task: {1E3AE7F3-A71B-4401-A2F4-32B11D0B086A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-04-19] (Enigma Software Group USA, LLC.)
Task: {2DE5D670-46EE-41B0-A729-99D3C9F67555} - System32\Tasks\UDI_Regcleanup => reg
Task: {439D0C6D-F5E2-4F53-9DB3-ACBE0EE59CDD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {43E1C4F3-AE88-4597-B81B-247083394B06} - System32\Tasks\UDI_cleanup => cmd
Task: {4E03554E-8843-49FC-95A2-5DDA46839E70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-27] (Google Inc.)
Task: {68F8A4EF-B6BE-4D17-8136-EAE5524721B3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AP-bhandswa WL307676.ap.tieto.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {71C4FCBD-1DEF-419C-93C3-3FEC24204B12} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {7F8B034F-30AD-4449-B8E1-0009C10426E6} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {918F1403-0DF9-42E0-A0B7-2497F3DABBC5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {D9864E81-8EC0-4F5E-9882-49CCE6F1C794} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DDE9ECB4-6E9C-4AF6-A9BF-E2D2C1A91388} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-24] ()
Task: {E65FCFD6-8FFC-47FA-ADDA-7BAC6BD6A7B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-27] (Google Inc.)
Task: {F4E3F0F6-45C7-4332-B867-2B21648DB83E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-21 14:59 - 2015-01-21 14:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-27 16:42 - 2013-11-21 16:31 - 00273448 _____ () c:\program files (x86)\f-secure\daas2\daas2_x64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\Control Panel\Desktop\\Wallpaper -> C:\Users\bhandswa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.163.64.81 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Guest (S-1-5-21-2844068973-666158474-3208556734-501 - Limited - Disabled)
localtecos (S-1-5-21-2844068973-666158474-3208556734-500 - Administrator - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2015 11:32:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/18/2015 11:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2015 07:29:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/16/2015 06:30:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/16/2015 06:22:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/16/2015 06:13:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/16/2015 06:13:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program lync.exe version 15.0.4701.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10dc
 
Start Time: 01d070908107f2f8
 
Termination Time: 58
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
 
Report Id: 250679d5-e436-11e4-93e2-801934b07303
 
Error: (04/16/2015 10:44:56 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2015-04-16  10:44:56+05:30  wl307676  AP\bhandswa  F-Secure Anti-Virus
 Scanning of \DEVICE\HARDDISKVOLUME1\USERS\BHANDSWA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AOPFGJFEIIMEIOIAJEKNFIDLLJPOEBGC\5.2_0\JS\CONTENTSCRIPT.JS was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
 
Error: (04/13/2015 00:05:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/10/2015 02:21:54 PM) (Source: Group Policy Internet Settings) (EventID: 8194) (User: NT AUTHORITY)
Description: The client-side extension could not apply user policy settings for '_AP Users_IE_HomePage preferences {DB12442D-7504-4D1A-9FE5-D8035541040B}' because it failed with error code '0x80070035 The network path was not found.'%apply00790275
 
 
System errors:
=============
Error: (04/19/2015 03:36:37 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain AP due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (04/19/2015 02:31:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 01:54:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 01:53:38 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 00:59:40 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 00:59:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 00:38:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 00:37:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 11:51:35 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (04/19/2015 11:51:32 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
 
Microsoft Office Sessions:
=========================
Error: (04/19/2015 11:32:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/18/2015 11:43:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/17/2015 07:29:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/16/2015 06:30:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1
 
Error: (04/16/2015 06:22:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1
 
Error: (04/16/2015 06:13:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1
 
Error: (04/16/2015 06:13:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: lync.exe15.0.4701.100010dc01d070908107f2f858C:\Program Files (x86)\Microsoft Office\Office15\lync.exe250679d5-e436-11e4-93e2-801934b07303
 
Error: (04/16/2015 10:44:56 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2015-04-16  10:44:56+05:30  wl307676  AP\bhandswa  F-Secure Anti-Virus
 Scanning of \DEVICE\HARDDISKVOLUME1\USERS\BHANDSWA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AOPFGJFEIIMEIOIAJEKNFIDLLJPOEBGC\5.2_0\JS\CONTENTSCRIPT.JS was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
 
Error: (04/13/2015 00:05:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bhandswa\Downloads\SoftonicDownloader_for_zonetick-world-time-zone-clock.exe
 
Error: (04/10/2015 02:21:54 PM) (Source: Group Policy Internet Settings) (EventID: 8194) (User: NT AUTHORITY)
Description: applyuser_AP Users_IE_HomePage preferences {DB12442D-7504-4D1A-9FE5-D8035541040B}0x80070035 The network path was not found.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4310U CPU @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 8097.46 MB
Available physical RAM: 3861.78 MB
Total Pagefile: 16193.11 MB
Available Pagefile: 11314.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:465.47 GB) (Free:350.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
 
 
 
 
 
 
****************************************************************************************************************************************************************************************************************

 

 

 

Attached File  FRST.txt   44.29KB   0 downloadsAttached File  Addition.txt   23.8KB   0 downloads



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 24 April 2015 - 05:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573703 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:10 PM

Posted 24 April 2015 - 08:45 PM

Greetings Swapnil and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please cut and paste FRST.exe from your Downloads folder to your Desktop.

Running from C:\Users\bhandswa\Downloads


Can you tell me if you are in the Netherlands? Also, have you reset your modem?

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
S4 F-Secure Filter; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [X]
S4 F-Secure Recognizer; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-03-23 13:35 - 2015-03-23 13:41 - 00000000 ____D () C:\WINDOWS\21E247D45E274BEAAA4D19A81203FE2A.TMP
C:\Users\bhandswa\IP_Log_Data.js
C:\Users\bhandswa\Network_Meter_Data.js
Task: {2DE5D670-46EE-41B0-A729-99D3C9F67555} - System32\Tasks\UDI_Regcleanup => reg
Task: {43E1C4F3-AE88-4597-B81B-247083394B06} - System32\Tasks\UDI_cleanup => cmd
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 25 April 2015 - 02:33 AM

Hello Gary,
 
Thanks a lot for offering to help. I have downloaded the tools as mentioned by you and attaching the logs herewith. Please have a look. Also some additional information for you.
 
After I posted this topic, strangely I have not got the adultub.info popup in either chrome or IE. I had uninstalled chrome and got it reinstalled, and also re-added adblock plus as the extension. In Adblock plus, I also manually added the filter for adultube.info. I am not sure if this has helped, but I can say for sure I have not got this popup again after that.
 
Secondly, I am from India (Not netherlands :) ) and I have not changed any settings on the modem. 
 
I also got rid of µTorrent immediately after I ran the FRST logs as asked by bleeping computer forum. So now no P2P programs exists in my laptop I hope.
 
I have pasted the FRST logs, Adwcleaner log below. I have also run the junkware removal tool (JRT.exe), but it seems running for a long time and stuck under 'Checking Processes'. It is running for over 1 hour now. How long is it expected to run generally? Also I could not disable my antivirus even after going through the link that is attached. I am using F-Secure Client Security Premium, and could not understand the settings what should be done. I can wait for some more time for junk ware tool to finish running and paste the log again as next reply. Does it sound ok to you?
 
Here are the logs.
 
******************************************************************************************************************************************************************************************************
FRST log
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2015
Ran by bhandswa at 2015-04-25 11:58:59 Run:1
Running from C:\Users\bhandswa\Desktop
Loaded Profiles: bhandswa (Available profiles: sawanshy & phaleroh & bhandswa & kacheaji)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
S4 F-Secure Filter; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [X]
S4 F-Secure Recognizer; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-03-23 13:35 - 2015-03-23 13:41 - 00000000 ____D () C:\WINDOWS\21E247D45E274BEAAA4D19A81203FE2A.TMP
C:\Users\bhandswa\IP_Log_Data.js
C:\Users\bhandswa\Network_Meter_Data.js
Task: {2DE5D670-46EE-41B0-A729-99D3C9F67555} - System32\Tasks\UDI_Regcleanup => reg
Task: {43E1C4F3-AE88-4597-B81B-247083394B06} - System32\Tasks\UDI_cleanup => cmd
emptytemp
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
F-Secure Filter => Service deleted successfully.
F-Secure Recognizer => Service deleted successfully.
VGPU => Service deleted successfully.
C:\WINDOWS\21E247D45E274BEAAA4D19A81203FE2A.TMP => Moved successfully.
C:\Users\bhandswa\IP_Log_Data.js => Moved successfully.
C:\Users\bhandswa\Network_Meter_Data.js => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DE5D670-46EE-41B0-A729-99D3C9F67555}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DE5D670-46EE-41B0-A729-99D3C9F67555}" => Key deleted successfully.
C:\Windows\System32\Tasks\UDI_Regcleanup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UDI_Regcleanup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43E1C4F3-AE88-4597-B81B-247083394B06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43E1C4F3-AE88-4597-B81B-247083394B06}" => Key deleted successfully.
C:\Windows\System32\Tasks\UDI_cleanup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UDI_cleanup" => Key deleted successfully.
emptytemp => Error: No automatic fix found for this entry.
 
==== End of Fixlog 11:58:59 ====
 
 
 
 
 
 
************************************************************************************************************************************************************************************************************
 
 
 
 
Adwcleaner log
 
 
 
# AdwCleaner v4.202 - Logfile created 25/04/2015 at 12:05:38
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : bhandswa - WL307676
# Running from : C:\Users\bhandswa\Desktop\adwcleaner_4.202.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Users\bhandswa\Desktop\Search
Folder Deleted : C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17267
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A21F00225F882D7A&affID=123184&tsp=4959
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.appszito.com/search_results.php?platform=All&q={searchTerms}
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=031012_ccp_4012_4&babsrc=SP_ss&mntrId=a21f42b300000000000000225f882d7a
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtByDyEtByDtAyEtB0BtAtN0D0Tzu0StCtCtDzytN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0CtCzztB0C0DtBtG0F0CyDtCtGtCyE0D0BtGyCtDtBzytGyE0FtAtCtBtBtAyByC0E0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0CyByE0E0C0FtGyE0F0DyCtGyEtD0DtBtG0AtBtCzytG0D0EyDtDzy0AtDtD0F0CtD0F2Q&cr=1903304589&ir=
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1411625005&from=ild&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE309FT8571T8571&q={searchTerms}
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1411625005&from=ild&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE309FT8571T8571&q={searchTerms}
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : gighmmpiobklfepjocnamgkkbiglidom
[C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [36515 bytes] - [25/04/2015 12:02:21]
AdwCleaner[S0].txt - [3334 bytes] - [25/04/2015 12:05:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3393  bytes] ##########
 
 
 
 
 
 
 
************************************************************************************************************************************************************************************************************
 
 
 
Also attached is system summary file.

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:10 PM

Posted 25 April 2015 - 07:58 AM

Thank you for the detailed update. We won't worry about Junkware Removal Tool for now. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Tcpip\Parameters: [DhcpNameServer] 213.163.64.81 8.8.8.8
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 25 April 2015 - 01:03 PM

Hello again Gary,

 

Thanks for the quick reply. Please find the logs as attached. Also the computer seems to be running quite ok now.

 

 

*****************************************************************************************************************************************************************************************************************

FRST log

 

 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2015
Ran by bhandswa at 2015-04-25 22:13:15 Run:2
Running from C:\Users\bhandswa\Desktop
Loaded Profiles: bhandswa (Available profiles: bhandswa)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Tcpip\Parameters: [DhcpNameServer] 213.163.64.81 8.8.8.8
emptytemp:
*****************
 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
EmptyTemp: => Removed 578 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:13:28 ====
 
 
 
*****************************************************************************************************************************************************************************************************************
 
 
ESET Log
 
 

C:\Users\bhandswa\Downloads\Creative-5x86-28-drp.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application deleted - quarantined
C:\Users\bhandswa\Downloads\Reliance_Netconnect_Broadband+_ZTE_AC2736_Driver_Update_10-2014.exe a variant of Win32/Systweak.R potentially unwanted application deleted - quarantined
C:\Users\bhandswa\Downloads\ViberSetup.exe Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Users\bhandswa\Downloads\Downloads\Creative-5x86-28-drp.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_bhandswa_Downloads_SoftonicDownloader_for_winsetupfromusb.exe.vir a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_bhandswa_Downloads_SoftonicDownloader_for_zonetick-world-time-zone-clock.exe.vir Win32/SoftonicDownloader.E potentially unwanted application deleted - quarantined
 
 
 
 
 
 
 
 
 
 

*****************************************************************************************************************************************************************************************************************

 

 

 

 

 

Security Check Log

 

 

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
F-Secure Client Security Premium 11.50   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 F-Secure Client Security Premium - Virus & Spy Protection 
 Java 7 Update 72  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 F-Secure Anti-Virus fsgk32st.exe  
 F-Secure Anti-Virus FSGK32.EXE  
 F-Secure Anti-Virus fssm32.exe  
 F-Secure Anti-Virus fsav32.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 

 

 

*****************************************************************************************************************************************************************************************************************



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:10 PM

Posted 25 April 2015 - 01:53 PM

Thank you.

We need to update Internet Explorer to close security vulnerabilities. Please do this.

===================================================

Internet Explorer 11

-------------------
  • Close any open Internet Explorer browsers
  • Click here to go to the Internet Explorer 11 download page
  • Uncheck I would also like Bing and MSN defaults
  • Click Get Internet Explorer 11 and save the file to your desktop
  • Double click the icon on your desktop and select Run
  • Follow the steps to install Internet Explorer 11
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Internet Explorer update properly?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 26 April 2015 - 08:40 AM

Hello Gary,

 

I have installed Internet Explorer 11 now, and it installed properly. I havent been observing any other issues in past few days, So I think the malware might have been removed. 

 

Btw going through the logs, is it clear to you which was the culprit program that got this malware adultube,info into my computer?

 

Thanks,

Swapnil



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:10 PM

Posted 26 April 2015 - 08:47 AM

Greetings Swapnil,

Glad things are all set. I can't tell you specifically what delivered the malware but Peer to Peer downloads are a near certainty to bite you eventually. My guess would be it was inserted into your computer via those means.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:10 PM

Posted 27 April 2015 - 05:56 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users