Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow internet; anti malware and online scanners not installing or updating


  • Please log in to reply
7 replies to this topic

#1 Hendyskitoodigger

Hendyskitoodigger

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North India
  • Local time:04:37 AM

Posted 01 May 2016 - 09:44 AM

From 28 April the internet has been running slow. ISP's  broadband specified low speed is 512 kbps. On occasion Speedtest records speeds as low as 110 kbps. Occasionally, it reaches 500 kbps. Sometimes Speedtest does not load. ISP assistance corrected the DNS twice over past two days. He said that the DNS had been reset. F-Secure online scanner installation stopped at 90 %. Eset online scanner reported that proxy settings were faulty. Adwcleaner reported corrupt installation several times. Malwarebytes did not update.

 

My system is as follows: CPU: Core i3 550 3.2 GHz, socket 1156 ; Motherboard Gigabyte H55M UDH; HDD Western Digital Caviar Black  2.0 TB, 7200RPM, 64MB, SATA3; Western Digital Caviar Black  1.0 TB, 7200RPM, 64MB, SATA3; Operating System Windows 7 Ultimate 64 bit;  Antivirus Avira Free Antivirus Product version 15.0.16.282 2/22/2016; Firewall Zonealarm Free Firewall

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-04-2016

Ran by Ashok Marg (administrator) on ASHOKMARG-PC (01-05-2016 18:55:03)

Running from C:\Users\Ashok Marg\Desktop

Loaded Profiles: Ashok Marg (Available Profiles: Ashok Marg)

Platform: Windows 7 Ultimate (X64) Language: English (United States)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

() C:\Windows\SysWOW64\DeltaIITray.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\DeltaIITray.exe [236040 2009-07-27] ()

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\..\Interfaces\{E6765C6E-1ECE-49DC-B37E-4B027CBC69F0}: [NameServer] 8.8.4.4,202.56.215.55

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.yahoo.com/?p=us

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.co.in/?gfe_rd=cr&ei=R2WiVreoELTv8wecwrS4DQ&gws_rd=ssl

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> DefaultScope {C5E82959-DF90-4fe7-A5B4-5FB4D5509B0E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD

SearchScopes: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> {C5E82959-DF90-4fe7-A5B4-5FB4D5509B0E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD

SearchScopes: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> {D06835C7-4B1C-4246-8EC0-C60172BCA3E5} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Ashok Marg\AppData\Roaming\Mozilla\Firefox\Profiles\qyKsYIjJ.default

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Extension: Avira Browser Safety - C:\Users\Ashok Marg\AppData\Roaming\Mozilla\Firefox\Profiles\qyKsYIjJ.default\Extensions\abs@avira.com [2015-10-22] [not signed]

 

Chrome: 

=======

CHR Profile: C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2

CHR Extension: (Google Drive) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-29]

CHR Extension: (YouTube) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-29]

CHR Extension: (Google Search) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-29]

CHR Extension: (Gmail) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-29]

CHR Profile: C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3

CHR Extension: (Google Drive) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-02]

CHR Extension: (YouTube) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-02]

CHR Extension: (Google Search) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-02]

CHR Extension: (Avira Browser Safety) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

CHR Extension: (Gmail) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-02]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-11] (Avira Operations GmbH & Co. KG)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)

S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-03-07] (Nero AG)

S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-11] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-03-11] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-10-05] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-03-11] (Avira Operations GmbH & Co. KG)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)

S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)

R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)

R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462304 2016-03-24] (Check Point Software Technologies Ltd.)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-05-01 18:55 - 2016-05-01 18:55 - 00014541 _____ C:\Users\Ashok Marg\Desktop\FRST.txt

2016-05-01 18:54 - 2016-05-01 18:55 - 00000000 ____D C:\FRST

2016-05-01 18:51 - 2016-05-01 18:51 - 02377216 _____ (Farbar) C:\Users\Ashok Marg\Desktop\FRST64.exe

2016-05-01 07:44 - 2016-05-01 07:44 - 00024703 _____ C:\Users\Ashok Marg\Downloads\Electricity Bill 201604 30.pdf

2016-04-30 20:40 - 2016-04-30 20:40 - 00000000 ____D C:\Program Files\F-Secure

2016-04-30 16:58 - 2002-01-12 21:00 - 00003567 _____ (Beyond Logic hxxp://www.beyondlogic.org) C:\Windows\SysWOW64\Drivers\PortTalk.sys

2016-04-30 15:52 - 2016-04-30 15:52 - 00000000 ____D C:\Program Files (x86)\ESET

2016-04-30 15:50 - 2016-04-30 15:51 - 02870984 _____ (ESET) C:\Users\Ashok Marg\Downloads\esetsmartinstaller_enu.exe

2016-04-30 14:31 - 2016-05-01 07:16 - 00000000 ____D C:\Users\Ashok Marg\AppData\Local\FSDART

2016-04-30 13:54 - 2016-04-30 20:40 - 00000000 ____D C:\ProgramData\F-Secure

2016-04-30 13:54 - 2016-04-30 13:54 - 00000000 ____D C:\Users\Ashok Marg\AppData\Local\F-Secure

2016-04-30 13:53 - 2016-04-30 13:53 - 00524248 _____ (F-Secure Corporation) C:\Users\Ashok Marg\Downloads\F-SecureOnlineScanner.exe

2016-04-29 18:13 - 2016-04-29 18:13 - 00431382 _____ C:\Windows\system32\Drivers\vsconfig.xml

2016-04-29 18:13 - 2016-04-29 18:13 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk

2016-04-29 18:13 - 2016-04-29 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

2016-04-29 17:58 - 2016-04-29 17:58 - 00003216 _____ C:\Windows\System32\Tasks\{FB5B3436-CE38-4194-92BA-FC770B650827}

2016-04-29 15:15 - 2016-04-29 15:15 - 00000000 ____D C:\AdwCleaner

2016-04-29 15:12 - 2016-04-29 15:14 - 03581504 _____ C:\Users\Ashok Marg\Downloads\adwcleaner_5.114.exe

2016-04-29 00:38 - 2016-04-29 00:38 - 00023589 _____ C:\Users\Ashok Marg\Downloads\ticket.pdf

2016-04-22 12:07 - 2016-04-22 12:07 - 00170901 _____ C:\Users\Ashok Marg\Documents\bookmarks_4_22_16.html

2016-04-21 22:08 - 2016-04-21 22:32 - 00000000 ____D C:\Users\Ashok Marg\Downloads\Camera_Raw_6_1_updater

2016-04-21 22:05 - 2016-04-21 22:06 - 22464923 _____ C:\Users\Ashok Marg\Downloads\Camera_Raw_6_1_updater.zip

2016-04-21 17:40 - 2016-04-21 17:40 - 00918714 _____ C:\Users\Ashok Marg\Documents\Labour Agency Contract 20160421_20160421_0001.pdf

2016-04-20 10:04 - 2016-04-20 10:05 - 01579851 _____ C:\Users\Ashok Marg\Documents\DC AIIMS Card Neurosurgery 201602_20160420_0001.pdf

2016-04-09 16:13 - 2013-07-21 14:59 - 01170183 _____ C:\Users\Ashok Marg\Documents\Hazratganj_1947.pdf

2016-04-06 21:30 - 2016-04-06 21:30 - 08254833 _____ C:\Users\Ashok Marg\Downloads\VID-20160406-WA0000.mp4

2016-04-04 13:27 - 2016-04-04 13:27 - 00169152 _____ C:\Users\Ashok Marg\Downloads\ITR V Adity Chakravarty (A.Y.2014-15).pdf

2016-04-04 09:41 - 2016-04-04 09:41 - 00252973 _____ C:\Users\Ashok Marg\Documents\Homeopathic prescription Kalyan Banerjee 20160216_20160404_0001.pdf

2016-04-03 09:43 - 2016-04-03 09:43 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2016-04-03 09:43 - 2016-04-03 09:43 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-04-03 09:43 - 2016-04-03 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-04-03 09:43 - 2016-04-03 09:43 - 00000000 ____D C:\Program Files\CCleaner

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-05-01 18:32 - 2009-07-14 10:15 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-05-01 18:32 - 2009-07-14 10:15 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-05-01 18:12 - 2015-10-22 17:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-01 17:12 - 2015-10-22 17:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-01 08:46 - 2015-10-27 00:36 - 00000000 ____D C:\Windows\Minidump

2016-05-01 07:16 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-04-29 20:50 - 2016-01-20 16:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2016-04-29 19:28 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf

2016-04-29 18:13 - 2016-01-17 12:23 - 00000000 ____D C:\Program Files (x86)\CheckPoint

2016-04-29 18:13 - 2009-07-14 08:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2016-04-29 17:44 - 2016-01-17 12:22 - 00000000 ____D C:\ProgramData\CheckPoint

2016-04-21 22:09 - 2016-01-20 16:03 - 00000000 ____D C:\Program Files\Adobe

2016-04-21 22:09 - 2015-10-22 18:50 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-04-20 09:40 - 2009-07-14 10:38 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-04-18 21:02 - 2015-10-22 16:38 - 00000000 ____D C:\ProgramData\Package Cache

2016-04-18 16:47 - 2015-10-22 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2016-04-13 12:06 - 2009-08-28 19:22 - 00721756 _____ C:\Windows\system32\perfh019.dat

2016-04-13 12:06 - 2009-08-28 19:22 - 00148794 _____ C:\Windows\system32\perfc019.dat

2016-04-13 12:06 - 2009-07-14 10:43 - 01640642 _____ C:\Windows\system32\PerfStringBackup.INI

2016-04-12 09:56 - 2015-10-22 17:55 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-04-12 09:56 - 2015-10-22 17:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-04-06 21:33 - 2015-12-10 12:51 - 00000000 ____D C:\Users\Ashok Marg\AppData\Roaming\vlc

 

==================== Files in the root of some directories =======

 

2016-01-05 21:45 - 2016-01-05 21:45 - 0004360 _____ () C:\Users\Ashok Marg\AppData\Roaming\Comma Separated Values (Windows).NOT

2015-10-25 15:47 - 2016-01-05 16:37 - 0002310 _____ () C:\Users\Ashok Marg\AppData\Roaming\Rim.Desktop.Exception.log

2015-10-25 15:26 - 2015-10-25 15:26 - 0001153 _____ () C:\Users\Ashok Marg\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2015-10-25 15:47 - 2016-01-05 16:37 - 0002464 _____ () C:\Users\Ashok Marg\AppData\Roaming\Rim.DesktopHelper.Exception.log

2016-01-20 11:56 - 2016-01-20 11:56 - 0037520 _____ () C:\Users\Ashok Marg\AppData\Local\recently-used.xbel

2015-11-05 23:13 - 2015-11-05 23:13 - 0007602 _____ () C:\Users\Ashok Marg\AppData\Local\Resmon.ResmonCfg

2015-10-22 15:08 - 2015-10-22 15:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some files in TEMP:

====================

C:\Users\Ashok Marg\AppData\Local\Temp\avgnt.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-04-29 13:54

 

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 02 May 2016 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If this Browser configuration was not insalled by you or you no longer need it remove it via the Conrol panel > Programs > Programs and Features applet.

Browser Configuration Utility (HKLM-x32\...\{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}) (Version: 1.1.18.0 - DeviceVM Inc.) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\...\Run: [AdobeBridge] => [X]
Toolbar: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 Hendyskitoodigger

Hendyskitoodigger
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North India
  • Local time:04:37 AM

Posted 03 May 2016 - 04:10 AM

Fixlog text pasted below. AdwCleaner refused to run as in the past with the same error message: "Database corrupted. Please uninstall AdwCleaner and download it again.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-04-2016

Ran by Ashok Marg (2016-05-03 14:20:50) Run:1

Running from C:\Users\Ashok Marg\Desktop

Loaded Profiles: Ashok Marg (Available Profiles: Ashok Marg)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\...\Run: [AdobeBridge] => [X]

Toolbar: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-1911967044-2533758590-1447841591-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 

HKU\S-1-5-21-1911967044-2533758590-1447841591-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully

HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 

C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found

C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully

WsDrvInst => service removed successfully

gdrv => service removed successfully

IntcAzAudAddService => service removed successfully

"C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.

"C:\Users\Ashok Marg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 03 May 2016 - 07:26 AM

AdwCleaner refused to run as in the past with the same error message: "Database corrupted. Please uninstall AdwCleaner and download it again.


It could have been a bad download.

Delete the program and folders created by running the tool.

Download a fresh copy and see if you can run it normally.

How is the computer running now?

#5 Hendyskitoodigger

Hendyskitoodigger
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North India
  • Local time:04:37 AM

Posted 03 May 2016 - 08:52 AM

Internet speed is variable. Several times it reaches the ISP's specified lowspeed parameter of 512 kbps but lapses to 330 kbps from time to time.

After disabling Zonealarm and Avira Antivirus,  AdwCleaner downloaded and gave the following message:"AdwCleaner found no malicious program on your computer"

Do you think this is acceptable? 

I thought I should mention that from  4 May I will not have access to my computer till  24 May.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 03 May 2016 - 02:10 PM

Do not know who your internet provider is but it could be that he has peak times.
Then your internet slows down.

#7 Hendyskitoodigger

Hendyskitoodigger
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North India
  • Local time:04:37 AM

Posted 03 May 2016 - 07:21 PM

Your surmise about my ISP having peak times is likely correct. At 0545  in the morning the internet is as fast as it should be in the specified lowspeed setting of the ISP. 

I am not going to have access to my computer till 24 May  

Many thanks for helping out. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:07 PM

Posted 04 May 2016 - 06:47 AM

I will remember to keep this topic open.

Send me a personal message is ever it's closed on your return.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users