Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Virus or adware in my router


  • Please log in to reply
12 replies to this topic

#1 Vintech

Vintech

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 16 May 2016 - 01:20 PM

Hello there, It's been many months now that my computer has been infected by some malicious software which brings in pop-ups while i am browsing on my computer.Moreover, it has also affected all the other devices that are connected to my router.( other devices include two andoid phones and one windows phone). The redirecting and poping up is  present there too.During it's earlier days it was directing to some www. tradeexchange.com, then admom and so on. It keeps on changing the websites to which it redirects. It has seriously affected my internet connection. I fear that it is eating up my internet data at a very tremendous rate. I have been really annoyed by the pop-ups which come up every now and then. Even in mobile applications like news, the adware brings up false warnings that my browsers are outdated and i need to install this or that application.No anti - virus was detecting it in it's recent days but now Avast antivirus and malwarebytes anti-malware do show that they have blocked a dangerous process. I have scanned my computer with adware cleaner by Xplode , junkware removal tool by malwarebytes, avast and malwarebytes itself. Malwarebytes quarantined some pup's still it is displaying this message again and again.

 

 

Every second this message from malwarebytes comes up and every time with a different port number.(62127,52745,65345,61988 etc.)I have just installed malwarebytes today,scanned with it, quarantined recommended objects and then too this warning about malicious website comes.

 

Another point is that when i reset my router once, it had vanished for about a week's time . Then it started again.Please suggest a permanent solution to this problem.I have searched a lot about this on the internet, but no solution to this problem was found.

 

Please reply as soon as possible.

 

Thanking you in advance.

Vintech

 

( here is a another pic of the message. Sometimes they come at an alarming rate.)



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 16 May 2016 - 01:59 PM

Hello Vintech and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Vintech

Vintech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 May 2016 - 05:42 AM

Hi there,

Thanks for replying

First of all,

  • I had avast free anti-virus, spyhunter 4 and malwarebytes anti-malware. I have deactivated avast and mbam, and uninstalled spyhunter altogether.

This is frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-05-2016
Ran by Viniyak (administrator) on VINIYAK-PC (17-05-2016 15:53:14)
Running from C:\Users\Viniyak\Downloads
Loaded Profiles: Viniyak (Available Profiles: Viniyak & Vineet & Guest)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-25] (AVAST Software)
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-12] (Piriform Ltd)
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\...\MountPoints2: {44625bec-e415-11e1-8c21-c44619b81d37} - I:\AutoRun.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-21] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\Users\Vineet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Viniyak\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Vineet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-10-25]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 31.3.252.73 5.152.219.53
Tcpip\..\Interfaces\{4ACFCA5C-994A-4C45-932D-B6166D680CF2}: [DhcpNameServer] 31.3.252.73 5.152.219.53
Tcpip\..\Interfaces\{6225BD21-E566-4717-B6F9-53C1D073A7D7}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=071013
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-21] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3920636551-2414387381-559609500-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Viniyak\AppData\Roaming\Mozilla\Firefox\Profiles\plbtiqn7.default-1433688834771
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3920636551-2414387381-559609500-1000: wondershare.com/FantashowPlugin -> F:\Program Files\Wondershare\Fantashow\npFantashowPlugin.dll [No File]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-03-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-22]

Chrome:
=======
CHR Profile: C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-22]
CHR Extension: (Google Docs) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-26]
CHR Extension: (Google Drive) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Google Search) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Google Sheets) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (Avast Online Security) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR Extension: (Gmail) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-21] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-08-11] (Broadcom Corporation.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-21] (AVAST Software)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2696448 2010-03-04] (Broadcom Corporation) [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [179072 2009-11-09] (Vimicro Corporation)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 wirelessusbser; C:\Windows\System32\DRIVERS\3GDatausbser.sys [102656 2009-04-07] (QUALCOMM Incorporated)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-17 15:51 - 2016-05-17 15:53 - 00035628 _____ C:\Users\Viniyak\Downloads\Addition.txt
2016-05-17 15:46 - 2016-05-17 15:53 - 00015045 _____ C:\Users\Viniyak\Downloads\FRST.txt
2016-05-17 15:46 - 2016-05-17 15:53 - 00000000 ____D C:\FRST
2016-05-17 15:45 - 2016-05-17 15:45 - 01733120 _____ (Farbar) C:\Users\Viniyak\Downloads\FRST.exe
2016-05-17 15:08 - 2016-05-17 15:13 - 06882192 _____ (Piriform Ltd) C:\Users\Vineet\Downloads\ccsetup517.exe
2016-05-16 21:09 - 2016-05-17 15:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-16 21:08 - 2016-05-16 21:08 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-16 21:08 - 2016-05-16 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-16 21:08 - 2016-05-16 21:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-16 21:08 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-16 21:08 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-16 21:08 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-16 20:57 - 2016-05-16 21:05 - 22851472 _____ (Malwarebytes ) C:\Users\Vineet\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-16 20:49 - 2016-05-16 20:49 - 00003166 _____ C:\Users\Viniyak\Desktop\JRT.txt
2016-05-16 20:43 - 2016-05-16 20:44 - 01610816 _____ (Malwarebytes) C:\Users\Vineet\Downloads\JRT.exe
2016-05-16 20:25 - 2016-05-16 20:25 - 00000000 ____D C:\Users\Vineet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-16 20:24 - 2016-05-16 20:36 - 00000000 ____D C:\AdwCleaner
2016-05-16 19:04 - 2016-05-16 19:06 - 03651136 _____ C:\Users\Vineet\Downloads\adwcleaner_5.117.exe
2016-05-10 16:13 - 2016-05-13 15:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-29 19:35 - 2016-04-29 19:35 - 00014379 _____ C:\Users\Vineet\Downloads\881604290184215.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-17 15:45 - 2009-07-14 10:04 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-17 15:45 - 2009-07-14 10:04 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-17 15:39 - 2015-05-21 14:29 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-17 15:38 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-17 15:29 - 2015-05-21 14:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 15:20 - 2009-07-14 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-17 15:17 - 2015-07-05 14:07 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001UA.job
2016-05-17 15:15 - 2014-08-24 20:48 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001UA.job
2016-05-17 15:14 - 2014-08-24 20:48 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001Core.job
2016-05-17 15:09 - 2012-08-17 16:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-16 21:54 - 2016-03-21 21:14 - 00000000 ____D C:\Users\Vineet\Desktop\Old Firefox Data
2016-05-16 21:17 - 2015-07-05 14:07 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001Core.job
2016-05-16 20:26 - 2013-04-27 19:45 - 00000000 ____D C:\Users\Vineet\AppData\Roaming\Dropbox
2016-05-13 16:12 - 2012-08-17 16:32 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-13 16:12 - 2012-08-17 16:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-13 15:41 - 2015-05-21 14:41 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 15:41 - 2015-05-21 14:41 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 15:20 - 2015-01-16 15:15 - 00000000 ____D C:\Users\Vineet\AppData\Roaming\littlealchemy-c7de5d8adcfd810d98ec68069ab57bd9
2016-05-13 15:01 - 2014-04-08 14:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-11-12 19:32 - 2013-11-12 19:32 - 9117696 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2012-11-25 15:21 - 2012-11-25 15:21 - 0000268 ___RH () C:\Users\Viniyak\AppData\Roaming\Basics
2012-11-25 15:22 - 2012-11-25 15:22 - 0000268 ___RH () C:\Users\Viniyak\AppData\Roaming\Bass Amp
2012-11-25 15:21 - 2012-11-25 15:21 - 0000268 ___RH () C:\ProgramData\BookService
2012-11-25 15:22 - 2012-11-25 15:22 - 0000268 ___RH () C:\ProgramData\Breath Pad
2012-11-25 15:21 - 2015-01-14 09:44 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2012-11-25 15:22 - 2014-07-13 12:00 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT

Some files in TEMP:
====================
C:\Users\Vineet\AppData\Local\Temp\avgnt.exe
C:\Users\Vineet\AppData\Local\Temp\{09D34DDE-B2AE-48EB-8FE6-838D9E51D7CE}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{2AE66F41-775D-4E86-9072-0D215D161BF1}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{31CBE042-0512-498A-84DC-3118B88F7727}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{7969AAA8-9A1D-406A-AC90-BC8350DCA1BE}-DropboxClient_3.20.1.exe
C:\Users\Viniyak\AppData\Local\Temp\avgnt.exe
C:\Users\Viniyak\AppData\Local\Temp\libeay32.dll
C:\Users\Viniyak\AppData\Local\Temp\msvcr120.dll
C:\Users\Viniyak\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 16:55
 

==================== End of FRST.txt ============================

 

this is addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-05-2016
Ran by Viniyak (2016-05-17 15:54:41)
Running from C:\Users\Viniyak\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-08-11 12:04:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3920636551-2414387381-559609500-500 - Administrator - Disabled)
Guest (S-1-5-21-3920636551-2414387381-559609500-501 - Limited - Disabled) => C:\Users\Guest
Vineet (S-1-5-21-3920636551-2414387381-559609500-1001 - Limited - Enabled) => C:\Users\Vineet
Viniyak (S-1-5-21-3920636551-2414387381-559609500-1000 - Administrator - Enabled) => C:\Users\Viniyak

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Angry Birds Seasons (HKLM\...\{9240D97C-D575-465E-A681-21C0979EE5DF}) (Version: 2.2.0 - Rovio)
AppInventor Setup (HKLM\...\AppInventor Setup) (Version: 2.2 - Massachusetts Institute of Technology)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
Blend for Visual Studio Add-in for Adobe FXG Import (Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Britannica ePDF Viewer (HKLM\...\Britannica ePDF Viewer1.0) (Version: 1.0 - Suntecindia)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.130.0.62 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 5.3.0.8 - Lenovo)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.3 - Nikon)
GoldWave v5.69 (HKLM\...\GoldWave v5.69) (Version: 5.69 - GoldWave Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
MagicShop (HKLM\...\{4B673018-08C9-4D5B-90CE-D8410EC3B933}) (Version: 1.00.0000 - My Company Name)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.2 - Nikon)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
Prerequisites for SSDT  (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Tata Photon Max Wi-Fi (HKLM\...\Tata Photon Max Wi-Fi) (Version: 22.001.25.01.113 - Huawei Technologies Co.,Ltd)
TTSL Olive VME101 Dialer (HKLM\...\{90C99F3E-56DB-4965-B524-1D0E1851E03A}) (Version:  - )
TypingMaster 2002 (HKLM\...\TypingMaster 2002) (Version:  - )
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.1 - Nikon)
Visual Studio 2012 Update 3 (KB2707250) (HKLM\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 5.00 beta 8 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1271B7E3-3EA1-49C7-AAE7-051E1B73DC9E} - System32\Tasks\{E866144F-1703-49E0-954A-DE42C5440D87} => C:\Users\Viniyak\Desktop\vb_web.exe
Task: {25E10592-E93E-4538-97A9-3F599D8E3F62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {29A07092-DBD1-4440-B9DD-5F06C2EDC0EA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001Core => C:\Users\Vineet\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {30E5EB7A-13AB-448F-8953-2DF3645945E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {33ACFF98-EA35-422B-BA73-1021B3423CE6} - System32\Tasks\{698B563B-023C-4FEA-9291-A35E08D5F275} => pcalua.exe -a D:\Setup\Drivers\IN1CAM23WW5.exe -d D:\Setup\Drivers
Task: {37762B15-9AAA-4161-8632-F902AD987422} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001UA => C:\Users\Vineet\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {46AD63FF-3B48-4DAE-A791-E885BF2B6B98} - System32\Tasks\{D37BEA28-12D8-407D-A055-6BF51C2C4FFB} => pcalua.exe -a F:\Vineet\Nero\Nero8\Nero\Uninstall\UNNERO.exe -d F:\Vineet\Nero\Nero8\Nero\Uninstall
Task: {5455BB05-CEE5-4993-96F1-C14A9FC182BE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-21] (AVAST Software)
Task: {5E0C32AA-1DAD-4413-ACB0-20FB68E2DC67} - System32\Tasks\{4113B437-DC49-42A5-8440-0D93CC1442C7} => pcalua.exe -a "E:\game\pop t2t Setup\Setup.exe" -d "E:\game\pop t2t Setup"
Task: {66938E8A-F369-4583-9A3B-68266FDBBE4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-12] (Piriform Ltd)
Task: {884F7A75-4D0C-419C-8065-8657FDC35FF1} - System32\Tasks\{D1C5F2EE-64E2-455A-8D16-42B5769EFD3C} => pcalua.exe -a C:\Users\Viniyak\Desktop\vb_web.exe -d C:\Users\Viniyak\Desktop
Task: {9653AADE-1821-423E-8596-89068D0CAF84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {99249F88-A1D5-4A71-99D5-792FF6326919} - System32\Tasks\AdobeAAMUpdater-1.0-Viniyak-PC-Vineet => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {D2CA2109-2FFB-470D-98C1-A468DA094153} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3920636551-2414387381-559609500-1001
Task: {D3A00F0E-0CAD-4447-8DEB-1FF55EC05D8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {D6A0DD14-391E-41F2-A06D-1F6FC4471A40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {D858EFCB-ADB5-45E7-9EB1-2B1D3DB37625} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-21] (AVAST Software)
Task: {EB486D42-0F9B-4FF2-9A7E-99E020FF4076} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001UA => C:\Users\Vineet\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {F92EEE21-BC2A-43A7-B1E2-E30594CE0D52} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001Core => C:\Users\Vineet\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001Core.job => C:\Users\Vineet\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001UA.job => C:\Users\Vineet\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001Core.job => C:\Users\Vineet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3920636551-2414387381-559609500-1001UA.job => C:\Users\Vineet\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-21 22:08 - 2016-03-21 22:08 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-21 22:08 - 2016-03-21 22:08 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-17 15:13 - 2016-05-17 15:13 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051700\algo.dll
2016-04-22 07:05 - 2016-04-22 07:05 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-27 12:14 - 2014-02-15 12:29 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-03-21 22:08 - 2016-03-21 22:08 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2014-05-26 13:01 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Viniyak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 31.3.252.73 - 5.152.219.53
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^aiStarter.lnk => C:\Windows\pss\aiStarter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Viniyak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Viniyak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
MSCONFIG\startupreg: c87da4e => C:\Users\Viniyak\AppData\Roaming\c87da4e\c87da4e.exe
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\utility.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Intel AppUp® center Systray => "D:\Program Files\Intel Appup\IntelAppStore\bin\AppUp.exe" --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
MSCONFIG\startupreg: NBKeyScan => "D:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: OliveDcService => C:\Program Files\TATA Photon+\Olive\VME101\Drivers\OliveDcService.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: TATA Photon+ Dialer => "C:\Program Files\TATA Photon+\Olive\VME101\TTSL Olive VME101 Dialer Ver 1.1.4 Release 000.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Viniyak\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{1AE244DF-F5D1-4F91-8886-FAC48BE4E6AD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{191EBA82-3B41-4C5C-A980-6E1D9AFBFEB9}] => (Allow) C:\Users\Vineet\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{34C2B02A-53B5-43EE-94BF-07D06DC54644}] => (Allow) C:\Users\Vineet\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A6FDD7C3-D605-4B61-A3EE-1672BC22BA71}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{88FD594C-6DB2-4CFB-B60D-3E6259139A0A}] => (Allow) D:\Visual studio express 2012\Common7\IDE\WDExpress.exe
FirewallRules: [{61C9A57C-EF73-4D52-BCFF-82A7D8368FE6}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EB41E41-299E-41EF-B6E2-4792F1334F0D}] => (Allow) LPort=2869
FirewallRules: [{0268569B-B15F-4591-8536-54C77C660349}] => (Allow) LPort=1900
FirewallRules: [{BDF51AD7-0687-424A-927A-B91FD29A22C6}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{F9E6C492-A20F-4527-9ED5-9C55376E91D1}D:\program files\videolan\vlc\vlc.exe] => (Block) D:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{2378255C-8CF7-4D69-ABB7-E7E5A2FC2237}D:\program files\videolan\vlc\vlc.exe] => (Block) D:\program files\videolan\vlc\vlc.exe
FirewallRules: [{23B7860E-1965-4161-A43C-51D30E55A13F}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{E34EF344-F06F-4268-8E99-7AEA98E6C18F}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{71927CF7-171A-4D56-AC9B-0ADF9204D7A9}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{049A7245-D97F-4425-BAD2-34E4FFD63A6E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1B7D836F-A021-4229-AC0D-49CAC529740E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FC8A4D53-3ADE-455F-87F7-9A02E61392F2}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{87C012AB-01A4-4F1D-B6CF-ECAD4ECF470C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{0ED1B8B9-8430-42D2-8CD7-39905100D86C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{20531EF8-FFB9-465B-B612-687B674EB37C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9A9D3FE2-ADF8-4C0B-B422-357575A92576}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2016 03:38:55 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x0)

Error: (05/17/2016 03:31:12 PM) (Source: MsiInstaller) (EventID: 1024) (User: Viniyak-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/17/2016 03:02:25 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1152) WebCacheLocal: An attempt to open the file "C:\Users\Vineet\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/16/2016 08:53:12 PM) (Source: MsiInstaller) (EventID: 1024) (User: Viniyak-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/16/2016 02:34:14 PM) (Source: MsiInstaller) (EventID: 1024) (User: Viniyak-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/11/2016 02:51:11 PM) (Source: ESENT) (EventID: 104) (User: )
Description: taskhost (404) WebCacheLocal: The database engine stopped the instance (0) with error (-1032).

Error: (05/11/2016 02:51:11 PM) (Source: ESENT) (EventID: 439) (User: )
Description: taskhost (404) WebCacheLocal: Unable to write a shadowed header for file C:\Users\Vineet\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

Error: (05/11/2016 02:51:11 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (404) WebCacheLocal: An attempt to open the file "C:\Users\Vineet\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/03/2016 10:13:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bac

Start Time: 01d18dc01b1ef317

Termination Time: 31

Application Path: C:\Windows\explorer.exe

Report Id: e068fed7-f9ba-11e5-b968-c44619b81d37

Error: (03/26/2016 03:57:52 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3604) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.


System errors:
=============
Error: (05/17/2016 02:59:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/16/2016 08:36:37 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/16/2016 08:36:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/16/2016 08:36:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/16/2016 08:36:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/16/2016 08:36:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/16/2016 08:36:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/16/2016 08:36:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/16/2016 08:36:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/16/2016 08:36:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 74%
Total physical RAM: 1910.9 MB
Available physical RAM: 489.27 MB
Total Virtual: 3821.8 MB
Available Virtual: 1729.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.5 GB) (Free:1.19 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Vinayak) (Fixed) (Total:97.65 GB) (Free:74.3 GB) NTFS
Drive e: () (Fixed) (Total:127.09 GB) (Free:77.81 GB) NTFS
Drive f: (Vineet) (Fixed) (Total:14.75 GB) (Free:3.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5C73C726)
Partition 1: (Active) - (Size=58.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=224.7 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

The problem has really increased in magnitude after i switched off mbam and avast.It is not even allowing me to log into bleeping computer.At each and every click it is redirecting me to some other website.Can i switch either of mbam or avast ?



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 17 May 2016 - 05:39 PM

Hi again,

 

I understand my friend. My apologies for the delay.

 

Please do the following.

 

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

===================================================

İs there still septoms ?

 

Have a nice day.


Edited by olgun52, 17 May 2016 - 05:42 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Vintech

Vintech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 May 2016 - 10:51 AM

Hey there,

Here's the report.

 

Zemana AntiMalware 2.20.2.613 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016-5-18
Operating System       : Windows 7 32-bit
Processor              : 2X Intel® Pentium® CPU P6100 @ 2.00GHz
BIOS Mode              : Legacy
CUID                   : 00269EFC6659D942E15555
Scan Type              : Smart Scan
Duration               : 11m 34s
Scanned Objects        : 14963
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects
 



#6 Vintech

Vintech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 May 2016 - 11:15 AM

I am sorry to say that there is no improvement in the state of my computer.I restarted my computer after the scan. I haveclicked some snapshots so as to give you idea of the redirected pages.

 

Attached File  malware 2.PNG   366.3KB   0 downloads

Attached File  malware photo.png   331.32KB   0 downloads

 

(Note the address in the address bar and the domain name in the dialog box of malwarebytes.)



#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 19 May 2016 - 02:02 PM

Hi again.

Thank you for the information.

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   4.29KB   8 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Vintech

Vintech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 21 May 2016 - 01:13 AM

Phew ! You won't believe it, but it took me almost a day to log into my account due to this malware. Also, I was not able to write my reply because the text field was not getting activated. Can this adware Change my password? I was able to log in with my password the day before but today, i was unable to do so. I tried for almost a day!

Fix result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Vineet (2016-05-20 16:42:45) Run:1
Running from C:\Users\Viniyak\Downloads
Loaded Profiles: Vineet (Available Profiles: Viniyak & Vineet & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {D2CA2109-2FFB-470D-98C1-A468DA094153} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3920636551-2414387381-559609500-1001
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
FirewallRules: [{23B7860E-1965-4161-A43C-51D30E55A13F}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{E34EF344-F06F-4268-8E99-7AEA98E6C18F}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\...\MountPoints2: {44625bec-e415-11e1-8c21-c44619b81d37} - I:\AutoRun.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShortcutTarget: Dropbox.lnk -> C:\Users\Viniyak\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Toolbar: HKU\S-1-5-21-3920636551-2414387381-559609500-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF ProfilePath: C:\Users\Viniyak\AppData\Roaming\Mozilla\Firefox\Profiles\plbtiqn7.default-1433688834771
FF Plugin HKU\S-1-5-21-3920636551-2414387381-559609500-1000: wondershare.com/FantashowPlugin -> F:\Program Files\Wondershare\Fantashow\npFantashowPlugin.dll [No File]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-03-22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe" /f
MSCONFIG\startupreg: c87da4e => C:\Users\Viniyak\AppData\Roaming\c87da4e\c87da4e.exe
CHR Extension: (Avira Browser Safety) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-21] ()
Reg: reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
C:\Users\Vineet\Desktop\Old Firefox Data
2016-05-13 15:20 - 2015-01-16 15:15 - 00000000 ____D C:\Users\Vineet\AppData\Roaming\littlealchemy-c7de5d8adcfd810d98ec68069ab57bd9
C:\Users\Vineet\AppData\Local\Temp\avgnt.exe
C:\Users\Vineet\AppData\Local\Temp\{09D34DDE-B2AE-48EB-8FE6-838D9E51D7CE}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{2AE66F41-775D-4E86-9072-0D215D161BF1}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{31CBE042-0512-498A-84DC-3118B88F7727}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{7969AAA8-9A1D-406A-AC90-BC8350DCA1BE}-DropboxClient_3.20.1.exe
C:\Users\Viniyak\AppData\Local\Temp\avgnt.exe
C:\Users\Viniyak\AppData\Local\Temp\libeay32.dll
C:\Users\Viniyak\AppData\Local\Temp\msvcr120.dll
C:\Users\Viniyak\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
Emptytemp:
Reboot:
End




*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2CA2109-2FFB-470D-98C1-A468DA094153} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3920636551-2414387381-559609500-1001 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3920636551-2414387381-559609500-1001 => key could not remove. Access Denied.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

ERROR: Access is denied.



========= End of Reg: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23B7860E-1965-4161-A43C-51D30E55A13F} => value could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E34EF344-F06F-4268-8E99-7AEA98E6C18F} => value could not remove.
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44625bec-e415-11e1-8c21-c44619b81d37} => key not found.
HKCR\CLSID\{44625bec-e415-11e1-8c21-c44619b81d37} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value could not remove.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value could not remove.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value could not remove.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key could not remove. Access Denied.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key could not remove. Access Denied.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key could not remove. Access Denied.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
C:\Users\Viniyak\AppData\Roaming\Dropbox\bin\Dropbox.exe => not found.
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
FF ProfilePath: C:\Users\Viniyak\AppData\Roaming\Mozilla\Firefox\Profiles\plbtiqn7.default-1433688834771 => FRST is scripted not to move this directory.
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\MozillaPlugins\wondershare.com/FantashowPlugin => key not found.
F:\Program Files\Wondershare\Fantashow\npFantashowPlugin.dll => not found.
Could not move "C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml" => Scheduled to move on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe => Error: No automatic fix found for this entry.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

MSCONFIG\startupreg: c87da4e => C:\Users\Viniyak\AppData\Roaming\c87da4e\c87da4e.exe => Error: No automatic fix found for this entry.
C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key could not remove. Access Denied.
EsgScanner => service could not remove

========= reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

tsusbhub => service could not remove
VGPU => service could not remove
Synth3dVsc => service could not remove
C:\Users\Vineet\Desktop\Old Firefox Data => moved successfully
C:\Users\Vineet\AppData\Roaming\littlealchemy-c7de5d8adcfd810d98ec68069ab57bd9 => moved successfully
"C:\Users\Vineet\AppData\Local\Temp\avgnt.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{09D34DDE-B2AE-48EB-8FE6-838D9E51D7CE}-DropboxClient_3.20.1.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{2AE66F41-775D-4E86-9072-0D215D161BF1}-DropboxClient_3.20.1.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{31CBE042-0512-498A-84DC-3118B88F7727}-DropboxClient_3.20.1.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{7969AAA8-9A1D-406A-AC90-BC8350DCA1BE}-DropboxClient_3.20.1.exe" => not found.
C:\Users\Viniyak\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\Viniyak\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Viniyak\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Viniyak\AppData\Local\Temp\sqlite3.dll => moved successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========

The requested operation requires elevation (Run as administrator).


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, failed.
The requested operation requires elevation (Run as administrator).
Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
Reseting Unicast Address, failed.
The requested operation requires elevation (Run as administrator).
Reseting Route, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.


========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 214.5 MB temporary data Removed.
 

# AdwCleaner v5.117 - Logfile created 20/05/2016 at 17:01:40
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Viniyak - VINIYAK-PC
# Running from : C:\Users\Vineet\Downloads\adwcleaner_5.117.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\Vineet\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Vineet\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

\AdwCleaner\AdwCleaner[C1].txt - [2787 bytes] - [16/05/2016 20:36:07]
\AdwCleaner\AdwCleaner[S1].txt - [2707 bytes] - [16/05/2016 20:25:28]
\AdwCleaner\AdwCleaner[S2].txt - [1005 bytes] - [20/05/2016 17:01:40]

########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [1076 bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x86
Ran by Viniyak (Administrator) on 20-May-16 at 17:16:22.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Viniyak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DC9OKVV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Viniyak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW9N4GRW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Viniyak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYILUZVV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Viniyak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4LKAXBA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DC9OKVV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW9N4GRW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYILUZVV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4LKAXBA (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20-May-16 at 17:19:05.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Also, i would not be able to reply to you for the next ten days. I will get back to you after 31st.

Thank You for your patience. :)

 

 



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 23 May 2016 - 10:46 AM

Hi again,

 

in Windows 7.

  • To enable permissions you: type 'cmd' in the search box
  • Right click on the cmd promt and open as administrator
  • type: net user administrator /active:yes
  • exit the cmd window
  • log off and log back on as administrator

Please run Frst fixlist (Step 1) process again.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Vintech

Vintech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 02 June 2016 - 03:28 AM

Hey there,

 

When I clicked on Frst for the first time, it automatically was showing a message that my computer had been fixed. However, i clicked on it after some time and and was able to press the 'fix' button. Here is the Fixlog

 

Fix result of Farbar Recovery Scan Tool (x86) Version:01-06-2016
Ran by Viniyak (2016-06-02 11:30:05) Run:2
Running from C:\Users\Viniyak\Downloads
Loaded Profiles: Viniyak (Available Profiles: Viniyak & Vineet & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {D2CA2109-2FFB-470D-98C1-A468DA094153} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3920636551-2414387381-559609500-1001
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
FirewallRules: [{23B7860E-1965-4161-A43C-51D30E55A13F}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{E34EF344-F06F-4268-8E99-7AEA98E6C18F}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\...\MountPoints2: {44625bec-e415-11e1-8c21-c44619b81d37} - I:\AutoRun.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShortcutTarget: Dropbox.lnk -> C:\Users\Viniyak\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Toolbar: HKU\S-1-5-21-3920636551-2414387381-559609500-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF ProfilePath: C:\Users\Viniyak\AppData\Roaming\Mozilla\Firefox\Profiles\plbtiqn7.default-1433688834771
FF Plugin HKU\S-1-5-21-3920636551-2414387381-559609500-1000: wondershare.com/FantashowPlugin -> F:\Program Files\Wondershare\Fantashow\npFantashowPlugin.dll [No File]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-03-22]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe" /f
MSCONFIG\startupreg: c87da4e => C:\Users\Viniyak\AppData\Roaming\c87da4e\c87da4e.exe
CHR Extension: (Avira Browser Safety) - C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-21] ()
Reg: reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
C:\Users\Vineet\Desktop\Old Firefox Data
2016-05-13 15:20 - 2015-01-16 15:15 - 00000000 ____D C:\Users\Vineet\AppData\Roaming\littlealchemy-c7de5d8adcfd810d98ec68069ab57bd9
C:\Users\Vineet\AppData\Local\Temp\avgnt.exe
C:\Users\Vineet\AppData\Local\Temp\{09D34DDE-B2AE-48EB-8FE6-838D9E51D7CE}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{2AE66F41-775D-4E86-9072-0D215D161BF1}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{31CBE042-0512-498A-84DC-3118B88F7727}-DropboxClient_3.20.1.exe
C:\Users\Vineet\AppData\Local\Temp\{7969AAA8-9A1D-406A-AC90-BC8350DCA1BE}-DropboxClient_3.20.1.exe
C:\Users\Viniyak\AppData\Local\Temp\avgnt.exe
C:\Users\Viniyak\AppData\Local\Temp\libeay32.dll
C:\Users\Viniyak\AppData\Local\Temp\msvcr120.dll
C:\Users\Viniyak\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
Emptytemp:
Reboot:
End




*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2CA2109-2FFB-470D-98C1-A468DA094153}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2CA2109-2FFB-470D-98C1-A468DA094153}" => key removed successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3920636551-2414387381-559609500-1001 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3920636551-2414387381-559609500-1001" => key removed successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

The operation completed successfully.



========= End of Reg: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23B7860E-1965-4161-A43C-51D30E55A13F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E34EF344-F06F-4268-8E99-7AEA98E6C18F} => value removed successfully.
"HKU\S-1-5-21-3920636551-2414387381-559609500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44625bec-e415-11e1-8c21-c44619b81d37}" => key removed successfully.
HKCR\CLSID\{44625bec-e415-11e1-8c21-c44619b81d37} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
C:\Users\Viniyak\AppData\Roaming\Dropbox\bin\Dropbox.exe => not found.
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
FF ProfilePath: C:\Users\Viniyak\AppData\Roaming\Mozilla\Firefox\Profiles\plbtiqn7.default-1433688834771 => FRST is scripted not to move this directory.
"HKU\S-1-5-21-3920636551-2414387381-559609500-1000\Software\MozillaPlugins\wondershare.com/FantashowPlugin" => key removed successfully.
F:\Program Files\Wondershare\Fantashow\npFantashowPlugin.dll => not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml" => not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe => Error: No automatic fix found for this entry.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\c87da4e\c87da4e.exe" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

MSCONFIG\startupreg: c87da4e => C:\Users\Viniyak\AppData\Roaming\c87da4e\c87da4e.exe => Error: No automatic fix found for this entry.
C:\Users\Viniyak\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully.
EsgScanner => service removed successfully.

========= reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-1165542537-406238932-3098476465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

tsusbhub => service removed successfully.
VGPU => service removed successfully.
Synth3dVsc => service removed successfully.
"C:\Users\Vineet\Desktop\Old Firefox Data" => not found.
"C:\Users\Vineet\AppData\Roaming\littlealchemy-c7de5d8adcfd810d98ec68069ab57bd9" => not found.
"C:\Users\Vineet\AppData\Local\Temp\avgnt.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{09D34DDE-B2AE-48EB-8FE6-838D9E51D7CE}-DropboxClient_3.20.1.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{2AE66F41-775D-4E86-9072-0D215D161BF1}-DropboxClient_3.20.1.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{31CBE042-0512-498A-84DC-3118B88F7727}-DropboxClient_3.20.1.exe" => not found.
"C:\Users\Vineet\AppData\Local\Temp\{7969AAA8-9A1D-406A-AC90-BC8350DCA1BE}-DropboxClient_3.20.1.exe" => not found.
"C:\Users\Viniyak\AppData\Local\Temp\avgnt.exe" => not found.
"C:\Users\Viniyak\AppData\Local\Temp\libeay32.dll" => not found.
"C:\Users\Viniyak\AppData\Local\Temp\msvcr120.dll" => not found.
"C:\Users\Viniyak\AppData\Local\Temp\sqlite3.dll" => not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 51 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:31:38 ====

 

 

 

Also, should i switch my WiFi router off while scanning my computer ?

 

Thanks in advance

Vintech :thumbup2:



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 08 June 2016 - 04:09 PM

Hello Vintech,

I am sorry. i completely forgot this topic.

 

Are you still with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Vintech

Vintech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 11 June 2016 - 12:00 AM

Yes, i am still there. I am waiting for your further instructions.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 11 June 2016 - 06:20 PM

Thank you for the feedback. Sorry again.

 

Please do the following

 

Step1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step2:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users