Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS changing problem


  • Please log in to reply
15 replies to this topic

#1 mevikram1389

mevikram1389

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 26 September 2015 - 01:35 AM

Here is farber FRST scan but there is no option available for attachment (Addition.txt)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
Ran by Vikram (administrator) on VIKRAM-PC (26-09-2015 11:57:59)
Running from E:\Malware removal tools
Loaded Profiles: Vikram (Available Profiles: Vikram)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Upwork\upwork.exe
() C:\Program Files\Upwork\upwork.exe
() C:\Program Files\Upwork\upwork.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-07] (AVAST Software)
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\...\Run: [Upwork] => C:\Program Files\Upwork\upwork.exe [1443808 2015-04-30] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)
Startup: C:\Users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Auto Shutdown.lnk [2015-09-20]
ShortcutTarget: Auto Shutdown.lnk -> C:\Program Files\Auto Shutdown\AutoShutdown.exe (Entru Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 218.248.255.195 218.248.255.197
Tcpip\..\Interfaces\{22C6384F-1F21-4CBA-9452-4DD3589AD30C}: [DhcpNameServer] 218.248.255.195 218.248.255.197
 
Internet Explorer:
==================
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07] (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-13] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Extension: Click&Clean - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\clickclean@hotcleaner.com [2015-09-09]
FF Extension: Xmarks - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\foxmarks@kei.com [2015-09-07]
FF Extension: WebRank SEO Toolbar - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\webrank-toolbar@probcomp.com [2015-09-09]
FF Extension: InFormEnter - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2015-09-09]
FF Extension: BitComet Video Downloader - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-09-07]
FF Extension: Diigo Toolbar - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2015-09-09]
FF Extension: Ahrefs SEO Toolbar - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\ahrefs@AhrefsPteLtd.xpi [2015-09-07]
FF Extension: Autofill Forms - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\autofillForms@blueimp.net.xpi [2015-09-07]
FF Extension: Autofill - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\firefox-autofill@googlegroups.com.xpi [2015-09-07]
FF Extension: Tab Rotator - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\tabrotator@davidfichtmueller.de.xpi [2015-09-07]
FF Extension: Share Button for Pinterest - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2015-09-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
CHR Extension: (Google Docs) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
CHR Extension: (Google Drive) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
CHR Extension: (YouTube) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]
CHR Extension: (Google Search) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
CHR Extension: (Avast SafePrice) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-12]
CHR Extension: (Google Sheets) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Avast Online Security) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]
CHR Extension: (WebRank SEO) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2015-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-07] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-09-07] (Avast Software)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [275856 2015-09-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-09-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-09-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-09-07] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-07] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 11:57 - 2015-09-26 11:58 - 00000000 ____D C:\FRST
2015-09-26 11:44 - 2015-09-26 11:44 - 00000053 _____ C:\Users\Vikram\Desktop\UK test data.txt
2015-09-25 14:24 - 2015-09-25 14:31 - 00000000 ____D C:\AdwCleaner
2015-09-25 13:38 - 2015-09-26 10:39 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 13:37 - 2015-09-25 13:37 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-25 13:37 - 2015-09-25 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-25 13:37 - 2015-09-25 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 13:37 - 2015-09-25 13:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-25 13:37 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-25 13:37 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-25 13:37 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-25 13:25 - 2015-09-25 13:25 - 01662976 _____ C:\Users\Vikram\Downloads\adwcleaner_5.008.exe
2015-09-25 11:40 - 2015-09-25 11:50 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Vikram\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-24 09:55 - 2015-09-24 09:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-09-22 13:39 - 2015-09-22 13:39 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-09-22 13:39 - 2015-09-22 13:39 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2015-09-22 13:37 - 2015-09-24 23:27 - 00000000 ____D C:\Users\Vikram\AppData\Local\Paint.NET
2015-09-22 13:37 - 2015-09-22 13:38 - 00000000 ____D C:\Program Files\Paint.NET
2015-09-22 13:18 - 2015-09-22 13:28 - 00014858 _____ C:\Users\Vikram\Downloads\LinkingReport (1).xlsx
2015-09-22 10:14 - 2015-09-22 10:14 - 00014423 _____ C:\Users\Vikram\Downloads\LinkingReport.xlsx
2015-09-21 15:53 - 2015-09-22 13:33 - 00000959 _____ C:\Users\Vikram\Desktop\Marks Martin.txt
2015-09-21 15:19 - 2015-09-21 15:19 - 00138716 _____ C:\Users\Vikram\Downloads\SEO Work Dashboard  - Pstuners.com.xlsx
2015-09-21 11:55 - 2015-09-21 11:55 - 00015141 _____ C:\Users\Vikram\Downloads\Report file.xlsx
2015-09-21 11:52 - 2015-09-21 11:52 - 00013739 _____ C:\Users\Vikram\Downloads\Cleancarpetsottawa  Work Report.xlsx
2015-09-21 11:51 - 2015-09-21 11:51 - 00010757 _____ C:\Users\Vikram\Downloads\Ranking-imamcap.com.xlsx
2015-09-21 11:47 - 2015-09-21 11:47 - 00017983 _____ C:\Users\Vikram\Downloads\14 to 19 sep 15-Report.xlsx
2015-09-20 23:17 - 2015-09-20 23:17 - 00000000 ____D C:\Users\Vikram\AppData\Local\AutoShutdown
2015-09-20 23:17 - 2015-09-20 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Entru
2015-09-20 23:17 - 2015-09-20 23:17 - 00000000 ____D C:\Program Files\Auto Shutdown
2015-09-20 22:17 - 2015-09-20 22:17 - 00029970 _____ C:\Users\Vikram\Downloads\100 links for jovanortho 7th work report.xlsx
2015-09-19 17:18 - 2015-09-19 17:22 - 07598399 _____ C:\Users\Vikram\Downloads\Seo Dashboard-cimdealz.xlsx.part
2015-09-19 15:51 - 2015-09-19 15:51 - 00011304 _____ C:\Users\Vikram\Downloads\20 high quality social bookmark 2.xlsx
2015-09-19 15:48 - 2015-09-19 15:48 - 00039772 _____ C:\Users\Vikram\Downloads\200 high pr backlink 2.xlsx
2015-09-19 14:25 - 2015-09-19 14:25 - 00137728 _____ C:\Users\Vikram\Downloads\Monthly report.xls
2015-09-19 14:09 - 2015-09-19 14:09 - 00023133 _____ C:\Users\Vikram\Downloads\My Link Building Sample.xlsx
2015-09-19 14:06 - 2015-09-19 14:06 - 00000351 _____ C:\Users\Vikram\Downloads\Top 10 Link-Builder Site.txt
2015-09-19 14:02 - 2015-09-19 14:02 - 00011920 _____ C:\Users\Vikram\Downloads\PR9 web 2.0 Edu  Gov Profile Backlinks Samples.xlsx
2015-09-13 12:48 - 2015-09-13 12:48 - 00000000 ____D C:\Users\Vikram\AppData\Local\Macromedia
2015-09-12 13:17 - 2015-09-12 13:17 - 00000582 _____ C:\Users\Vikram\Desktop\SEO Proposal.txt
2015-09-11 22:45 - 2015-09-11 22:45 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\Macromedia
2015-09-11 11:02 - 2015-09-11 11:02 - 00000000 ____D C:\Users\Vikram\AppData\Local\Upwork
2015-09-11 11:02 - 2015-09-11 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Upwork
2015-09-11 11:02 - 2015-09-11 11:02 - 00000000 ____D C:\Program Files\Upwork
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ___RD C:\Program Files\Skype
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ____D C:\Users\Vikram\Tracing
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-09 14:26 - 2015-09-10 12:09 - 00012128 _____ C:\Users\Vikram\Downloads\prove.xlsx
2015-09-08 04:13 - 2015-09-08 04:13 - 00008192 __RSH C:\BOOTSECT.BAK
2015-09-08 04:13 - 2015-09-08 03:17 - 00000000 ____D C:\Windows\Panther
2015-09-08 04:13 - 2009-07-14 07:08 - 00383562 __RSH C:\bootmgr
2015-09-08 03:17 - 2015-09-08 03:17 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-08 03:17 - 2015-09-08 03:17 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-08 03:16 - 2015-09-26 11:31 - 00518859 _____ C:\Windows\WindowsUpdate.log
2015-09-08 03:15 - 2015-09-08 03:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-09-08 03:14 - 2015-09-08 03:16 - 00001313 _____ C:\Windows\TSSysprep.log
2015-09-07 22:15 - 2015-09-07 22:15 - 00000000 ____D C:\Windows\system32\vbox
2015-09-07 22:14 - 2015-09-07 22:14 - 00002139 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-09-07 22:14 - 2015-09-07 22:14 - 00002079 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-09-07 22:14 - 2015-09-07 22:14 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\AVAST Software
2015-09-07 22:14 - 2015-09-07 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-07 22:13 - 2015-09-07 22:13 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-07 22:13 - 2015-09-07 22:13 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-07 22:13 - 2015-09-07 22:13 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-07 22:13 - 2015-09-07 22:13 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-07 22:13 - 2015-09-07 22:13 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-07 22:13 - 2015-09-07 22:13 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-07 22:13 - 2015-09-07 22:13 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-07 22:13 - 2015-09-07 22:12 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-07 22:13 - 2015-09-07 22:12 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-07 22:13 - 2015-09-07 22:12 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-07 22:13 - 2015-09-07 22:12 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-09-07 22:12 - 2015-09-07 22:12 - 00275856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-09-07 22:12 - 2015-09-07 22:12 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-07 22:11 - 2015-09-07 22:11 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-07 22:10 - 2015-09-07 22:11 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-07 20:49 - 2015-09-07 20:49 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\WinRAR
2015-09-07 18:40 - 2015-06-23 13:27 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-09-07 18:18 - 2015-09-07 18:18 - 00000997 _____ C:\Users\Vikram\Desktop\AKP - Shortcut.lnk
2015-09-07 18:13 - 2015-09-07 18:13 - 00016836 _____ C:\Users\Vikram\Downloads\6A3B5B593CA92D41DF63895FA7A5D0F32BCE5916.torrent
2015-09-07 18:11 - 2015-09-13 21:58 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\BitComet
2015-09-07 18:11 - 2015-09-07 18:11 - 00000969 _____ C:\Users\Public\Desktop\BitComet.lnk
2015-09-07 18:11 - 2015-09-07 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
2015-09-07 18:11 - 2015-09-07 18:11 - 00000000 ____D C:\Program Files\BitComet
2015-09-07 18:05 - 2015-09-07 18:05 - 00000673 _____ C:\Users\Vikram\Desktop\Vikram SEO - Shortcut.lnk
2015-09-07 17:59 - 2015-09-23 11:01 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-07 17:59 - 2015-09-07 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-07 17:43 - 2015-09-26 11:56 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-07 17:43 - 2015-09-26 10:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-07 17:42 - 2015-09-16 23:12 - 00000000 ____D C:\Users\Vikram\AppData\Local\Google
2015-09-07 17:42 - 2015-09-07 17:58 - 00000000 ____D C:\Program Files\Google
2015-09-07 17:40 - 2015-09-07 17:42 - 00929360 _____ (Google Inc.) C:\Users\Vikram\Downloads\ChromeSetup.exe
2015-09-07 17:33 - 2015-09-25 18:31 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\Skype
2015-09-07 17:33 - 2015-09-10 11:26 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-07 17:33 - 2015-09-07 17:33 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-07 17:33 - 2015-09-07 17:33 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-07 17:33 - 2015-09-07 17:33 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\Mozilla
2015-09-07 17:33 - 2015-09-07 17:33 - 00000000 ____D C:\Users\Vikram\AppData\Local\Skype
2015-09-07 17:33 - 2015-09-07 17:33 - 00000000 ____D C:\Users\Vikram\AppData\Local\Mozilla
2015-09-07 17:33 - 2015-09-07 17:33 - 00000000 ____D C:\ProgramData\Mozilla
2015-09-07 17:33 - 2015-09-07 17:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-07 17:33 - 2015-09-07 17:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-07 17:32 - 2015-09-10 11:26 - 00000000 ____D C:\ProgramData\Skype
2015-09-07 15:10 - 2015-09-07 15:10 - 00000003 __RSH C:\win7ldr
2015-09-07 15:10 - 2015-09-07 15:09 - 00203304 __RSH C:\grldr
2015-09-07 15:07 - 2015-09-25 14:33 - 00001652 _____ C:\Windows\PFRO.log
2015-09-07 15:05 - 2015-09-13 11:58 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-07 15:05 - 2015-09-13 11:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-07 15:05 - 2015-09-13 11:51 - 00000000 ____D C:\Users\Vikram\AppData\Local\Adobe
2015-09-07 15:05 - 2015-09-07 18:13 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\Adobe
2015-09-07 15:05 - 2015-09-07 15:05 - 00000000 ____D C:\Windows\system32\Macromed
2015-09-07 15:04 - 2015-09-11 09:50 - 00000000 ____D C:\ProgramData\Adobe
2015-09-07 15:04 - 2015-09-07 15:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2015-09-07 15:04 - 2015-09-07 15:04 - 00001984 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2015-09-07 15:04 - 2015-09-07 15:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-07 15:04 - 2015-09-07 15:04 - 00000000 ____D C:\Program Files\Adobe
2015-09-07 15:03 - 2015-09-07 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-09-07 15:02 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2015-09-07 15:01 - 2015-09-07 15:09 - 00108824 _____ C:\Users\Vikram\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-07 15:01 - 2015-09-07 15:01 - 00000000 ____D C:\Windows\PCHEALTH
2015-09-07 15:01 - 2015-09-07 15:01 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-09-07 15:01 - 2015-09-07 15:01 - 00000000 ____D C:\Program Files\Microsoft Works
2015-09-07 15:01 - 2015-09-07 15:01 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2015-09-07 15:01 - 2015-09-07 15:01 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-09-07 14:59 - 2015-09-07 15:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-07 14:59 - 2015-09-07 15:01 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-07 14:59 - 2015-09-07 14:59 - 00000000 ____D C:\Users\Vikram\AppData\Local\Microsoft Help
2015-09-07 14:59 - 2015-09-07 14:59 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2015-09-07 14:58 - 2015-09-07 14:58 - 00000000 __RHD C:\MSOCache
2015-09-07 14:57 - 2015-09-26 10:16 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-07 14:56 - 2015-09-25 11:03 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\vlc
2015-09-07 14:56 - 2015-09-07 14:56 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-07 14:56 - 2015-09-07 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-07 14:56 - 2015-09-07 14:56 - 00000000 ____D C:\Program Files\WinRAR
2015-09-07 14:55 - 2015-09-07 14:55 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-07 14:55 - 2015-09-07 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-07 14:55 - 2015-09-07 14:55 - 00000000 ____D C:\Program Files\VideoLAN
2015-09-07 14:53 - 2015-09-07 14:53 - 00001417 _____ C:\Users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-07 14:52 - 2015-09-10 11:26 - 00000000 ____D C:\Users\Vikram
2015-09-07 14:52 - 2015-09-07 14:52 - 00000020 ___SH C:\Users\Vikram\ntuser.ini
2015-09-07 14:52 - 2015-09-07 14:52 - 00000000 ____D C:\Users\Vikram\AppData\Local\VirtualStore
2015-09-07 14:52 - 2009-07-14 10:12 - 00000000 ___RD C:\Users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-07 14:52 - 2009-07-14 10:07 - 00000000 ___RD C:\Users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-07 14:51 - 2015-09-07 14:51 - 00171136 __RSH C:\w7ldr
2015-09-07 14:50 - 2015-09-07 14:50 - 00000000 __SHD C:\Recovery
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 10:15 - 2009-07-14 10:04 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-26 10:15 - 2009-07-14 10:04 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-26 10:09 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 10:09 - 2009-07-14 10:09 - 00027849 _____ C:\Windows\setupact.log
2015-09-23 10:59 - 2009-07-14 08:07 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-08 04:13 - 2009-07-14 10:27 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-09-08 04:13 - 2009-07-14 10:22 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-09-08 03:19 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\rescache
2015-09-08 03:17 - 2009-07-14 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-08 03:17 - 2009-07-14 08:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-08 03:14 - 2009-07-14 13:19 - 00000000 ____D C:\Windows\CSC
2015-09-08 03:14 - 2009-07-14 10:04 - 00001774 _____ C:\Windows\DtcInstall.log
2015-09-07 17:50 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-07 15:08 - 2009-07-14 10:03 - 00412432 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-07 15:01 - 2009-07-14 13:19 - 00000000 ____D C:\Windows\ShellNew
2015-09-07 15:01 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\MSBuild
2015-09-07 15:01 - 2009-07-14 08:07 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-07 14:59 - 2009-07-14 08:07 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-07 14:59 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini
2015-09-07 14:58 - 2009-07-14 10:22 - 00000000 ____D C:\Windows\system32\restore
 
Some files in TEMP:
====================
C:\Users\Vikram\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-24 09:43
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:18 PM

Posted 26 September 2015 - 01:32 PM

Hi,

 

Whats the DNS changing problem? You are trying to change DNS servers?

 


How Can I Reduce My Risk to Malware?


#3 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 06 October 2015 - 07:50 AM

my dns server get changed automatically with in a day to dns server primary (188.42.254.137) and secondary (8.8.8.8), i think my Router+ modem is hacked or affected by malware. I did every thing means formatted PC, Router, mobile attached to router wifi. but same problem happened within a day or 2 after formatting everything. My current  DNS is:

Primary DNS
:
218.248.255.195    
Secondary DNS
:
218.248.255.197

 But it will automatically change to other above one. Please help me to solve this problem. I am facing this problem from last 8 months.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:18 PM

Posted 07 October 2015 - 05:23 PM

Since its been a few days can you rescan and post a new FRST log.

 

Have you reset your router back to its factory defaults? A reboot or reset wouldnt do any good if you have malware affecting your router. If other wireless devices also have the same DNS endpoint then its your router.

 

Lets see if a new FRST log shows any malware on your computer also that could be making changes.


How Can I Reduce My Risk to Malware?


#5 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 08 October 2015 - 07:35 AM

Since its been a few days can you rescan and post a new FRST log.

 

Have you reset your router back to its factory defaults? A reboot or reset wouldnt do any good if you have malware affecting your router. If other wireless devices also have the same DNS endpoint then its your router.

 

Lets see if a new FRST log shows any malware on your computer also that could be making changes.

I removed all scanning software that i downloaded. I told you that i had already done everything in the past lots of time i.e. all devices formatted or reset including router & connected devices. But problem is still same DNS is automatically changed to 188.42.254.137.



#6 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:18 PM

Posted 08 October 2015 - 06:02 PM

I know you told me but the terms reformat and reset might mean something else to you.

You changed the default routers login user name and password, right?

 

Do you have a Netgear router by any chance?  If so: log in and make sure Remote Mangagement is not checked.


How Can I Reduce My Risk to Malware?


#7 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 09 October 2015 - 12:38 AM

Yes i changed login details. this time DNS is changed to:

Primary DNS
:
188.138.33.133    
Secondary DNS
:
8.8.8.8

 

 

I am using BSNL Broadband ROuter+Modem.



#8 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:18 PM

Posted 09 October 2015 - 08:15 PM

You change the DNS settings in your router, right? Lets get two downloads that will help to see if there is any malware present on the machine.

 

One is FRST which will provide a up to date scan,  the other is MBAM anti-rootkit:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
    Right-click FRST then click "Run as administrator" 
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

------------------------------------------------------------------------------------------------------

Download Malwarebytes Anti-Rootkit to your desktop.  BETA
 
http://www.malwarebytes.org/antirootkit/
 
    Double-click the icon to start the tool.
    It will ask you where to extract it, then it will start.
    Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Click in the introduction screen "next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder and paste the content of the following files in your next reply:
 
    "mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"


How Can I Reduce My Risk to Malware?


#9 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 14 October 2015 - 04:16 AM

here is FRST.TXT:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-10-2015 02
Ran by Vikram (administrator) on VIKRAM-PC (14-10-2015 13:37:13)
Running from E:\Malware removal tools
Loaded Profiles: Vikram (Available Profiles: Vikram)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Upwork\upwork.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Upwork\upwork.exe
() C:\Program Files\Upwork\upwork.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-07] (AVAST Software)
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\...\Run: [Upwork] => C:\Program Files\Upwork\upwork.exe [1443808 2015-04-30] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)
Startup: C:\Users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Auto Shutdown.lnk [2015-09-20]
ShortcutTarget: Auto Shutdown.lnk -> C:\Program Files\Auto Shutdown\AutoShutdown.exe (Entru Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 49.50.70.169 8.8.8.8
Tcpip\..\Interfaces\{84E1FA89-9D28-4F10-BA7A-D735B9028ED4}: [DhcpNameServer] 49.50.70.169 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07] (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-26] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF SearchPlugin: C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\searchplugins\search-provided-by-yahoo.xml [2015-10-05]
FF Extension: Click&Clean - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\clickclean@hotcleaner.com [2015-09-09]
FF Extension: Xmarks - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\foxmarks@kei.com [2015-09-07]
FF Extension: WebRank SEO Toolbar - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\webrank-toolbar@probcomp.com [2015-09-09]
FF Extension: InFormEnter - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2015-09-09]
FF Extension: BitComet Video Downloader - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-09-07]
FF Extension: Diigo Toolbar - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2015-09-09]
FF Extension: Ahrefs SEO Toolbar - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\ahrefs@AhrefsPteLtd.xpi [2015-09-07]
FF Extension: Autofill Forms - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\autofillForms@blueimp.net.xpi [2015-09-07]
FF Extension: Autofill - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\firefox-autofill@googlegroups.com.xpi [2015-09-07]
FF Extension: Tab Rotator - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\tabrotator@davidfichtmueller.de.xpi [2015-09-07]
FF Extension: Share Button for Pinterest - C:\Users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\mscf6tn6.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2015-09-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate"
CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?q={searchTerms}
CHR Profile: C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
CHR Extension: (Google Docs) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
CHR Extension: (Google Drive) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
CHR Extension: (YouTube) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]
CHR Extension: (Google Search) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
CHR Extension: (Avast SafePrice) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-09-12]
CHR Extension: (Google Sheets) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Avast Online Security) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]
CHR Extension: (WebRank SEO) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2015-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\Vikram\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [jaehkpjddfdgiiefcnhahapilbejohhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jaehkpjddfdgiiefcnhahapilbejohhj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-07] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-09-07] (Avast Software)
R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [275856 2015-09-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-09-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-09-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-09-07] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-07] (Avast Software)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-12 16:02 - 2015-10-12 16:02 - 00212393 _____ C:\Users\Vikram\Downloads\Sample Report Sheet.xlsx
2015-10-12 15:52 - 2015-10-12 15:52 - 00000000 ____D C:\Users\Vikram\Downloads\link-building
2015-10-12 15:50 - 2015-10-12 15:50 - 00014727 _____ C:\Users\Vikram\Downloads\link-building.zip
2015-10-10 18:18 - 2015-10-10 18:18 - 00015141 _____ C:\Users\Vikram\Downloads\Report file (1).xlsx
2015-10-10 18:17 - 2015-10-10 18:17 - 00017983 _____ C:\Users\Vikram\Downloads\14 to 19 sep 15-Report (1).xlsx
2015-10-10 18:17 - 2015-10-10 18:17 - 00008944 _____ C:\Users\Vikram\Downloads\Proof submission.xlsx
2015-10-10 18:15 - 2015-10-10 18:15 - 00013739 _____ C:\Users\Vikram\Downloads\Cleancarpetsottawa  Work Report (1).xlsx
2015-10-10 18:13 - 2015-10-10 18:14 - 00019943 _____ C:\Users\Vikram\Downloads\Bookmarks.xlsx
2015-10-08 11:49 - 2015-10-08 11:49 - 00001468 _____ C:\Users\Vikram\Downloads\message.txt
2015-10-08 11:47 - 2015-10-08 11:47 - 00000000 ____D C:\Users\Vikram\AppData\LocalLow\Adobe
2015-10-07 12:38 - 2015-10-07 12:38 - 00000035 _____ C:\Users\Vikram\Desktop\HDFC SECURITIES.txt
2015-10-05 13:33 - 2015-10-05 13:33 - 00000000 ____D C:\Users\Vikram\AppData\Local\{3C6E0A32-18C6-668A-755E-43625136BFFA}
2015-10-05 13:32 - 2015-10-05 13:32 - 00001183 _____ C:\Users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-10-05 13:32 - 2015-10-05 13:32 - 00000000 ____D C:\ProgramData\GRETECH
2015-10-05 13:19 - 2015-10-05 13:19 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\GRETECH
2015-10-05 13:18 - 2015-10-05 13:32 - 00001159 _____ C:\Users\Public\Desktop\GOM Player.lnk
2015-10-05 13:18 - 2015-10-05 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-10-05 13:18 - 2015-10-05 13:18 - 00000000 ____D C:\Program Files\GRETECH
2015-10-02 10:51 - 2015-10-02 11:19 - 00000000 ____D C:\Users\Vikram\Desktop\Sandeep
2015-10-01 11:57 - 2015-10-01 12:07 - 03088296 _____ (Symantec Corporation) C:\Users\Vikram\Downloads\NPE.exe
2015-09-30 23:31 - 2015-09-30 23:31 - 00000000 ____D C:\Users\Vikram\Downloads\3100955131
2015-09-30 23:29 - 2015-09-30 23:30 - 00267573 _____ C:\Users\Vikram\Downloads\3100955131.zip
2015-09-29 21:01 - 2015-10-14 10:00 - 00002824 _____ C:\Windows\setupact.log
2015-09-29 21:01 - 2015-09-29 21:01 - 00000000 _____ C:\Windows\setuperr.log
2015-09-28 20:06 - 2015-09-28 20:06 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\616C68B5.sys
2015-09-27 00:26 - 2015-09-27 00:26 - 00001932 _____ C:\Users\Vikram\Desktop\Auto Shutdown.lnk
2015-09-26 23:27 - 2015-10-14 12:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-26 11:57 - 2015-10-14 13:37 - 00000000 ____D C:\FRST
2015-09-25 14:24 - 2015-09-25 14:31 - 00000000 ____D C:\AdwCleaner
2015-09-25 13:37 - 2015-09-25 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 13:25 - 2015-09-25 13:25 - 01662976 _____ C:\Users\Vikram\Downloads\adwcleaner_5.008.exe
2015-09-25 11:40 - 2015-09-25 11:50 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Vikram\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-24 09:55 - 2015-09-24 09:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-09-22 13:39 - 2015-09-22 13:39 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-09-22 13:39 - 2015-09-22 13:39 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2015-09-22 13:37 - 2015-10-02 10:55 - 00000000 ____D C:\Users\Vikram\AppData\Local\Paint.NET
2015-09-22 13:37 - 2015-09-22 13:38 - 00000000 ____D C:\Program Files\Paint.NET
2015-09-22 13:18 - 2015-09-22 13:28 - 00014858 _____ C:\Users\Vikram\Downloads\LinkingReport (1).xlsx
2015-09-22 10:14 - 2015-09-22 10:14 - 00014423 _____ C:\Users\Vikram\Downloads\LinkingReport.xlsx
2015-09-21 15:53 - 2015-09-22 13:33 - 00000959 _____ C:\Users\Vikram\Desktop\Marks Martin.txt
2015-09-21 15:19 - 2015-09-21 15:19 - 00138716 _____ C:\Users\Vikram\Downloads\SEO Work Dashboard  - Pstuners.com.xlsx
2015-09-21 11:55 - 2015-09-21 11:55 - 00015141 _____ C:\Users\Vikram\Downloads\Report file.xlsx
2015-09-21 11:52 - 2015-09-21 11:52 - 00013739 _____ C:\Users\Vikram\Downloads\Cleancarpetsottawa  Work Report.xlsx
2015-09-21 11:51 - 2015-09-21 11:51 - 00010757 _____ C:\Users\Vikram\Downloads\Ranking-imamcap.com.xlsx
2015-09-21 11:47 - 2015-09-21 11:47 - 00017983 _____ C:\Users\Vikram\Downloads\14 to 19 sep 15-Report.xlsx
2015-09-20 23:17 - 2015-09-20 23:17 - 00000000 ____D C:\Users\Vikram\AppData\Local\AutoShutdown
2015-09-20 23:17 - 2015-09-20 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Entru
2015-09-20 23:17 - 2015-09-20 23:17 - 00000000 ____D C:\Program Files\Auto Shutdown
2015-09-20 22:17 - 2015-09-20 22:17 - 00029970 _____ C:\Users\Vikram\Downloads\100 links for jovanortho 7th work report.xlsx
2015-09-19 17:18 - 2015-09-19 17:22 - 07598399 _____ C:\Users\Vikram\Downloads\Seo Dashboard-cimdealz.xlsx.part
2015-09-19 15:51 - 2015-09-19 15:51 - 00011304 _____ C:\Users\Vikram\Downloads\20 high quality social bookmark 2.xlsx
2015-09-19 15:48 - 2015-09-19 15:48 - 00039772 _____ C:\Users\Vikram\Downloads\200 high pr backlink 2.xlsx
2015-09-19 14:25 - 2015-09-19 14:25 - 00137728 _____ C:\Users\Vikram\Downloads\Monthly report.xls
2015-09-19 14:09 - 2015-09-19 14:09 - 00023133 _____ C:\Users\Vikram\Downloads\My Link Building Sample.xlsx
2015-09-19 14:06 - 2015-09-19 14:06 - 00000351 _____ C:\Users\Vikram\Downloads\Top 10 Link-Builder Site.txt
2015-09-19 14:02 - 2015-09-19 14:02 - 00011920 _____ C:\Users\Vikram\Downloads\PR9 web 2.0 Edu  Gov Profile Backlinks Samples.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 13:37 - 2015-09-07 18:11 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\BitComet
2015-10-14 13:36 - 2015-09-08 03:16 - 01061690 _____ C:\Windows\WindowsUpdate.log
2015-10-14 12:56 - 2015-09-07 17:43 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 12:55 - 2015-09-07 17:33 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\Skype
2015-10-14 10:06 - 2009-07-14 10:04 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 10:06 - 2009-07-14 10:04 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 10:01 - 2015-09-07 17:43 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 10:01 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-11 22:13 - 2015-09-07 14:56 - 00000000 ____D C:\Users\Vikram\AppData\Roaming\vlc
2015-10-09 11:01 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF
2015-10-08 10:58 - 2015-09-07 14:57 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-07 17:39 - 2015-09-07 17:32 - 00000000 ____D C:\ProgramData\Skype
2015-10-05 14:12 - 2015-09-07 15:07 - 00001976 _____ C:\Windows\PFRO.log
2015-10-05 14:06 - 2015-09-07 17:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-05 13:33 - 2015-09-07 17:59 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-05 13:33 - 2015-09-07 17:33 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-26 23:27 - 2015-09-07 15:05 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-26 23:27 - 2015-09-07 15:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-23 10:59 - 2009-07-14 08:07 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-16 23:12 - 2015-09-07 17:42 - 00000000 ____D C:\Users\Vikram\AppData\Local\Google
 
Some files in TEMP:
====================
C:\Users\Vikram\AppData\Local\Temp\AskToolbarInstaller.exe
C:\Users\Vikram\AppData\Local\Temp\ExPromo.exe
C:\Users\Vikram\AppData\Local\Temp\GomEncDnInstaller.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-09 10:48
 
==================== End of FRST.txt ============================


#10 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 14 October 2015 - 04:18 AM

Also check attahment.

 

Today my DNS is automatically changed to: 

Primary DNS
:
49.50.70.169    
Secondary DNS
:
8.8.8.8

 

Attached Files



#11 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:18 PM

Posted 18 October 2015 - 08:02 PM

I will get a look at the logs. I really stopped checking for replies days ago. Would you be able to by pass the router and connect directly to your windows 7 machine? To see if any changes still happen. Did your ISP provide you with the router/modem?


How Can I Reduce My Risk to Malware?


#12 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:18 PM

Posted 19 October 2015 - 07:12 PM

Hi,

 

Did you see my question above? Lets use FRST to remove some items.

 

Open notepad. Please copy/paste whats below in the box into notepad.

Save it as:  fixlist.txt  in the same location you have FRST.exe located.

Run FRST again like before except this time: press the Fix button just once and wait.
The tool will make a log in the same location (Fixlog.txt) please post it to your reply.

HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR HomePage: Default -> hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate"

How Can I Reduce My Risk to Malware?


#13 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 20 October 2015 - 03:09 AM

I will get a look at the logs. I really stopped checking for replies days ago. Would you be able to by pass the router and connect directly to your windows 7 machine? To see if any changes still happen. Did your ISP provide you with the router/modem?

How i can pass router/modem directly to window? i have not enough knowledge about this. Yes This router/modem is provided by our ISP.



#14 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 20 October 2015 - 03:12 AM

Also today my DNS is changed to 

Primary DNS
:
103.27.233.103    
Secondary DNS
:
8.8.8.8

 

 

Now, I am running FRST tool as you described above.



#15 mevikram1389

mevikram1389
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 20 October 2015 - 03:14 AM

 

Hi,

 

Did you see my question above? Lets use FRST to remove some items.

 

Open notepad. Please copy/paste whats below in the box into notepad.

Save it as:  fixlist.txt  in the same location you have FRST.exe located.

Run FRST again like before except this time: press the Fix button just once and wait.
The tool will make a log in the same location (Fixlog.txt) please post it to your reply.

HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR HomePage: Default -> hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate"
Fix result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by Vikram (2015-10-20 13:43:18) Run:1
Running from E:\Malware removal tools
Loaded Profiles: Vikram (Available Profiles: Vikram)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2906420260-1650718058-1093844020-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
CHR HomePage: Default -> hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_41&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0CtA0E0FtCtC0AyCyD0CtAtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2S0C0CyDyBtDyC0F0DtGtD0CtDtCtGyE0A0AzztG0BtAtD0EtGtCzytBtD0DzztB0EyCtBtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByD0DtA0B0Azz0FtGyE0C0AtAtGyEtCtByDtG0A0C0ByCtGtD0D0FyCyD0ByByD0B0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyC%26cr%3D2002753914%26a%3Dwncy_gmmedply_15_41%26os%3DWindows%2B7%2BUltimate"
*****************
 
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2906420260-1650718058-1093844020-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
Chrome HomePage => removed successfully.
Chrome StartupUrls => removed successfully.
 
==== End of Fixlog 13:43:19 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users