Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome/IE Redirection Problem - Getting redirected to xttaff.com !!


  • This topic is locked This topic is locked
16 replies to this topic

#1 swapnilba

swapnilba

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 29 June 2016 - 09:48 AM

Hello,

 

For the last couple of weeks I have been getting again redirected towards a website called xttaff.com (http://www.xttaff.com/rd.html or http://www.xttaff.com/goac/index.html ). Could you please help me in getting rid of this problem?

 

I have pasted and attached the FRST log and Addition.txt log also. Awaiting reply.

 

Some additional info:

About a year back I faced this chrome redirection malware that was redirecting me to adultube.info. I created a new topic and got immediate help by Gary. The problem did not resurface after that.

After the last year's problem, not only I removed all peer to peer softwares (torrents etc), but I have also been careful which websites I am visiting. This is my office laptop so i have anyway not installed anything for personal use from unauthorised websites.
This is the previous post:

http://www.bleepingcomputer.com/forums/t/573703/adultubeinfo-popup-in-chrome-and-ie/#entry3684688

 

**********************************************************************************************************************************************************************************************************

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016
Ran by bhandswa (administrator) on WL307676 (29-06-2016 20:00:21)
Running from C:\Users\bhandswa\Downloads
Loaded Profiles: bhandswa (Available Profiles: sawanshy & phaleroh & bhandswa & raiijana & gaikwnee & kacheaji)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32ST.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Miradore Ltd) C:\Program Files\Miradore\Client\mdclimgr.exe
(Pitney Bowes Software) C:\Program Files (x86)\Common Files\MapInfo\MapXtreme\7.2.0\MILicensingService.exe
(Miradore Ltd) C:\Program Files\Miradore\Client\mdpwrmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Oracle Corporation) C:\oracle\product\11.2.0\client_1\bin\omtsreco.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FIH32.exe
(Miradore Ltd) C:\Program Files\Miradore\Client\mdclient.exe
(Miradore Ltd) C:\Program Files\Miradore\Client\mdusgmon.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Miradore Ltd) C:\Program Files\Miradore\Client\mdscheduler.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Miradore Ltd) C:\Program Files\Miradore\Client\mdtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSM32.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
() C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-01-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2014-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2014-12-08] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2014-12-08] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2014-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RunAppInstall] => C:\WINDOWS\UDI\AppInstall.exe [68200 2014-12-08] (Microsoft)
HKLM\...\Run: [MiradoreTray] => C:\Program Files\Miradore\Client\mdtray.exe [4849048 2015-11-09] (Miradore Ltd)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [348712 2013-11-21] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1879080 2013-11-21] (F-Secure Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-18] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HIDESCAHEALTH] 1
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19105944 2015-02-10] (Microsoft Corporation)
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-03-23]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\bhandswa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-4162059163-1544859033-1701284029-16875] => hxxp://teiscpx1.ap.tieto.com/TE-ISCproxy.pac
Tcpip\Parameters: [DhcpNameServer] 31.3.244.141 31.3.244.139
Tcpip\..\Interfaces\{2A032440-92DC-44A4-BEBF-1066DA575EC8}: [DhcpNameServer] 31.3.244.141 31.3.244.139
Tcpip\..\Interfaces\{73436AE1-EAB3-4F3A-B10F-10F77657946A}: [DhcpNameServer] 192.168.42.129
ManualProxies: 0hxxp://teiscpx1.ap.tieto.com/TE-ISCproxy.pac
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intra.tieto.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4162059163-1544859033-1701284029-16875 -> DefaultScope {977F4EB2-CCB7-42DE-AB27-F982113FC844} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4162059163-1544859033-1701284029-16875 -> {977F4EB2-CCB7-42DE-AB27-F982113FC844} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: PDFXChange 2012 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\bhandswa\AppData\Roaming\Mozilla\Firefox\Profiles\o74e44m6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-09] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4162059163-1544859033-1701284029-16875: LWAPlugin15.8 -> C:\Users\bhandswa\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\bhandswa\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Extension: ERail Plugin for Firefox - C:\Users\bhandswa\AppData\Roaming\Mozilla\Firefox\Profiles\o74e44m6.default\Extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi [2015-09-24]
FF Extension: Adblock Plus - C:\Users\bhandswa\AppData\Roaming\Mozilla\Firefox\Profiles\o74e44m6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-10]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpohheobbibbehfjogminpinjhlpmg [2015-08-07]
CHR Extension: (Entanglement Web App) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-08-07]
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2015-12-30]
CHR Extension: (YouTube) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Google Search) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\konojmimochobcfkmnamhlhnpiofplkm [2016-06-14]
CHR Extension: (Floor plans and interior design) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2015-08-07]
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-06-29]
CHR Extension: (Gmail) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1773240 2015-04-14] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [671928 2015-04-14] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10820400 2014-09-26] (DisplayLink Corp.)
S3 F-Secure BlackLight Sensor; C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [167936 2015-09-12] (F-Secure Corporation) [File not signed]
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [224296 2013-11-21] (F-Secure Corporation)
S3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [217128 2013-11-21] (F-Secure Corporation)
R2 fsdevcon; C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe [527912 2013-11-21] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [853032 2013-11-21] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [206888 2013-11-21] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60456 2015-03-19] (F-Secure Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [323304 2014-03-04] (Microsoft Corporation)
R2 mdclient; C:\Program Files\Miradore\Client\mdclimgr.exe [3282336 2015-11-09] (Miradore Ltd)
R2 MILicensingService72; C:\Program Files (x86)\Common Files\MapInfo\MapXtreme\7.2.0\MILicensingService.exe [24576 2013-12-06] (Pitney Bowes Software) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 OracleMTSRecoveryService; C:\oracle\product\11.2.0\client_1\bin\omtsreco.exe [69632 2010-11-19] (Oracle Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2014-12-08] (Realtek Semiconductor)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [316600 2015-04-14] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmlehid; C:\Windows\system32\drivers\btmlehid.sys [76088 2014-12-08] (Motorola Solutions, Inc.)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495888 2014-12-08] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [208424 2015-11-18] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [106696 2016-04-21] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-01-12] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [44328 2013-11-21] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94056 2013-11-21] (F-Secure Corporation)
R3 fsni; C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [110272 2016-05-10] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [13352 2013-11-21] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2014-12-08] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2162648 2014-12-08] (Realtek Semiconductor Corp.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2014-12-20] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2014-12-20] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-12-08] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3584992 2014-12-08] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2014-12-08] (O2Micro )
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2014-12-08] (STMicroelectronics)
S3 swg3knmea05; C:\Windows\system32\drivers\swg3knmea05.sys [269488 2014-12-08] (Sierra Wireless Incorporated)
S3 swg3kser05; C:\Windows\system32\drivers\swg3kser05.sys [269488 2014-12-08] (Sierra Wireless Incorporated)
S3 swibus05; C:\Windows\system32\drivers\swibus05.sys [88848 2014-12-08] (Sierra Wireless Inc.)
S3 swibusflt05; C:\Windows\system32\drivers\swibusflt05.sys [88848 2014-12-08] (Sierra Wireless Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.)
R0 wPCI; C:\Windows\System32\drivers\wPci.sys [67224 2014-12-08] (Wilocity Ltd.)
S3 fsbl; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-29 19:58 - 2016-06-29 20:00 - 00026552 _____ C:\Users\bhandswa\Downloads\FRST.txt
2016-06-29 19:56 - 2016-06-29 20:00 - 00000000 ____D C:\FRST
2016-06-29 19:55 - 2016-06-29 19:56 - 02389504 _____ (Farbar) C:\Users\bhandswa\Downloads\FRST64.exe
2016-06-29 11:12 - 2016-06-29 11:12 - 00016412 _____ C:\Users\bhandswa\Downloads\38766_Swapnil Bhandarkar.pdf
2016-06-28 16:07 - 2016-05-17 04:52 - 00631176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-06-28 16:07 - 2016-05-17 04:49 - 05546216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-28 16:07 - 2016-05-17 04:49 - 00706280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-06-28 16:07 - 2016-05-17 04:49 - 00154856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-28 16:07 - 2016-05-17 04:49 - 00095464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-06-28 16:07 - 2016-05-17 04:48 - 03998952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntkrnlpa.exe
2016-06-28 16:07 - 2016-05-17 04:48 - 03943144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntoskrnl.exe
2016-06-28 16:07 - 2016-05-17 04:47 - 01732888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-06-28 16:07 - 2016-05-17 04:46 - 01314136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 01464320 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 01114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apisetschema.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 04:44 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 02:53 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2016-06-28 16:07 - 2016-05-17 02:53 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
2016-06-28 16:07 - 2016-05-17 02:53 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-06-28 16:07 - 2016-05-17 02:53 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-06-28 16:07 - 2016-05-17 02:49 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2016-06-28 16:07 - 2016-05-17 02:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2016-06-28 16:07 - 2016-05-17 02:46 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-06-28 16:07 - 2016-05-17 02:45 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-06-28 16:07 - 2016-05-17 02:45 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-06-28 16:07 - 2016-05-17 02:44 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2016-06-28 16:07 - 2016-05-17 02:44 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
2016-06-28 16:07 - 2016-05-17 02:44 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-06-28 16:07 - 2016-05-17 02:40 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2016-06-28 16:07 - 2016-05-17 02:40 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2016-06-28 16:07 - 2016-05-17 02:40 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2016-06-28 16:07 - 2016-05-17 02:40 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2016-06-28 16:07 - 2016-05-17 02:39 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
2016-06-28 16:07 - 2016-05-17 02:39 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 02:39 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 02:39 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-28 16:07 - 2016-05-17 02:39 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-28 16:07 - 2016-05-14 03:39 - 03156480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-06-28 16:07 - 2016-05-14 03:39 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-06-28 16:07 - 2016-05-14 03:39 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-06-28 16:07 - 2016-05-14 03:37 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2016-06-28 16:07 - 2016-05-14 03:25 - 02607104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-28 16:07 - 2016-05-14 03:23 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-28 16:07 - 2016-05-14 03:23 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-06-28 16:07 - 2016-05-14 03:22 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-28 16:07 - 2016-05-14 03:22 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-06-28 16:07 - 2016-05-14 03:22 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-28 16:07 - 2016-05-14 03:22 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2016-06-28 16:07 - 2016-05-14 03:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-06-28 16:07 - 2016-05-14 03:08 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-28 16:07 - 2016-05-14 03:08 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-06-28 16:07 - 2016-05-14 03:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-06-28 16:07 - 2016-05-14 03:08 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-28 16:07 - 2016-05-12 22:44 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-06-28 16:07 - 2016-05-12 22:44 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-06-28 16:07 - 2016-05-12 20:48 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-06-28 16:07 - 2016-05-12 20:48 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-28 16:07 - 2016-05-12 20:48 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-06-28 16:07 - 2016-05-04 22:51 - 00114408 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-28 16:07 - 2016-05-04 22:47 - 03244032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-28 16:07 - 2016-05-04 22:47 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-28 16:07 - 2016-05-04 22:47 - 01806848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-28 16:07 - 2016-05-04 22:47 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2016-06-28 16:07 - 2016-05-04 22:47 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2016-06-28 16:07 - 2016-05-04 22:47 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2016-06-28 16:07 - 2016-05-04 22:47 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2016-06-28 16:07 - 2016-05-04 22:46 - 01941504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-28 16:07 - 2016-05-04 22:46 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-28 16:07 - 2016-05-04 20:34 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-06-28 16:07 - 2016-05-04 20:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-06-28 16:06 - 2016-06-06 22:28 - 00041704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-28 16:06 - 2016-06-06 22:20 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-28 16:06 - 2016-06-03 18:35 - 01413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-28 16:06 - 2016-05-27 18:36 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-28 16:06 - 2016-05-27 18:36 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-28 16:06 - 2016-05-27 18:36 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-28 16:06 - 2016-05-27 18:36 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-28 16:06 - 2016-05-22 18:36 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-28 16:05 - 2016-05-12 22:45 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-06-28 16:05 - 2016-05-12 20:48 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-06-24 15:05 - 2016-06-24 15:05 - 01309872 _____ C:\WINDOWS\Minidump\062416-26410-01.dmp
2016-06-21 16:14 - 2016-05-14 03:45 - 00382184 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-21 16:14 - 2016-05-14 03:39 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-21 16:14 - 2016-05-14 03:39 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-21 16:14 - 2016-05-14 03:39 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-06-21 16:14 - 2016-05-14 03:39 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-06-21 16:14 - 2016-05-14 03:24 - 00308456 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-21 16:14 - 2016-05-14 03:20 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-06-21 16:14 - 2016-05-14 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-21 16:14 - 2016-05-14 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-06-21 16:14 - 2016-05-14 02:57 - 00034304 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-21 16:13 - 2016-05-11 22:32 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-21 16:13 - 2016-05-11 20:49 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-21 16:12 - 2016-05-24 05:07 - 00394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-21 16:12 - 2016-05-24 04:24 - 00346312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-06-21 16:12 - 2016-05-21 22:58 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-21 16:12 - 2016-05-21 22:27 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-21 16:12 - 2016-05-21 03:57 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-06-21 16:12 - 2016-05-21 03:57 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2016-06-21 16:12 - 2016-05-21 03:44 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-06-21 16:12 - 2016-05-21 03:40 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-06-21 16:12 - 2016-05-21 03:39 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-21 16:12 - 2016-05-21 03:39 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2016-06-21 16:12 - 2016-05-21 03:39 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2016-06-21 16:12 - 2016-05-21 03:38 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-21 16:12 - 2016-05-21 03:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2016-06-21 16:12 - 2016-05-21 03:32 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-21 16:12 - 2016-05-21 03:30 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-06-21 16:12 - 2016-05-21 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-06-21 16:12 - 2016-05-21 03:27 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-21 16:12 - 2016-05-21 03:27 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-06-21 16:12 - 2016-05-21 03:27 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2016-06-21 16:12 - 2016-05-21 03:26 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-06-21 16:12 - 2016-05-21 03:26 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2016-06-21 16:12 - 2016-05-21 03:25 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-06-21 16:12 - 2016-05-21 03:24 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-21 16:12 - 2016-05-21 03:24 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-06-21 16:12 - 2016-05-21 03:24 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2016-06-21 16:12 - 2016-05-21 03:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2016-06-21 16:12 - 2016-05-21 03:20 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-21 16:12 - 2016-05-21 03:19 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-06-21 16:12 - 2016-05-21 03:18 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-06-21 16:12 - 2016-05-21 03:15 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2016-06-21 16:12 - 2016-05-21 03:15 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2016-06-21 16:12 - 2016-05-21 03:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-21 16:12 - 2016-05-21 03:14 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2016-06-21 16:12 - 2016-05-21 03:13 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-06-21 16:12 - 2016-05-21 03:11 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2016-06-21 16:12 - 2016-05-21 03:03 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2016-06-21 16:12 - 2016-05-21 03:03 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2016-06-21 16:12 - 2016-05-21 03:02 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2016-06-21 16:12 - 2016-05-21 02:59 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-21 16:12 - 2016-05-21 02:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2016-06-21 16:12 - 2016-05-21 02:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-06-21 16:12 - 2016-05-21 02:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-21 16:12 - 2016-05-21 02:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2016-06-21 16:12 - 2016-05-21 02:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-06-21 16:12 - 2016-05-21 02:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2016-06-21 16:12 - 2016-05-21 02:53 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-06-21 16:12 - 2016-05-21 02:52 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2016-06-21 16:12 - 2016-05-21 02:51 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-06-21 16:12 - 2016-05-21 02:49 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2016-06-21 16:12 - 2016-05-21 02:44 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-21 16:12 - 2016-05-21 02:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-21 16:12 - 2016-05-21 02:41 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-21 16:12 - 2016-05-21 02:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-06-21 16:12 - 2016-05-21 02:39 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-06-21 16:12 - 2016-05-21 02:39 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-21 16:12 - 2016-05-21 02:38 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-21 16:12 - 2016-05-21 02:38 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-21 16:12 - 2016-05-21 02:37 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2016-06-21 16:12 - 2016-05-21 02:37 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2016-06-21 16:12 - 2016-05-21 02:36 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-21 16:12 - 2016-05-21 02:16 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-21 16:12 - 2016-05-21 02:12 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-21 16:12 - 2016-05-21 02:08 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-21 16:12 - 2016-05-21 02:08 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-06-21 16:12 - 2016-05-21 02:04 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-21 16:12 - 2016-05-21 01:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-06-21 16:12 - 2016-05-18 21:40 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-21 16:12 - 2016-05-18 21:39 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-21 16:10 - 2016-05-12 20:33 - 03217408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-21 16:09 - 2016-05-12 22:45 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipsec.dll
2016-06-21 16:09 - 2016-05-12 22:44 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-21 16:09 - 2016-05-12 22:44 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-21 16:09 - 2016-05-12 22:44 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-21 16:09 - 2016-05-12 22:44 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-21 16:09 - 2016-05-12 22:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-21 16:09 - 2016-05-12 22:44 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-21 16:09 - 2016-05-12 22:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-21 16:09 - 2016-05-12 20:48 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-21 16:09 - 2016-05-12 20:48 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-21 16:09 - 2016-05-12 20:48 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-21 16:09 - 2016-05-12 20:48 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipsec.dll
2016-06-21 16:09 - 2016-05-12 20:48 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-21 16:09 - 2016-05-12 20:36 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2016-06-21 16:09 - 2016-05-12 20:27 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-21 16:09 - 2016-05-12 20:27 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2016-06-21 16:09 - 2016-05-11 22:32 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-21 16:09 - 2016-05-11 22:32 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-21 16:09 - 2016-05-11 22:32 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-21 16:09 - 2016-05-11 20:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-21 16:09 - 2016-05-11 20:49 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-21 16:09 - 2016-05-11 20:49 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-21 16:09 - 2016-05-11 20:41 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbtugc.exe
2016-06-21 16:09 - 2016-05-11 20:31 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netbtugc.exe
2016-06-21 16:09 - 2016-05-11 20:28 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-21 16:08 - 2016-05-12 20:28 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-21 16:08 - 2016-05-12 20:28 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-21 16:08 - 2016-05-12 20:28 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-21 16:08 - 2016-05-12 18:35 - 00459640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-21 16:08 - 2016-05-12 18:35 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-21 16:08 - 2016-05-12 18:34 - 00249352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-20 15:40 - 2016-06-20 15:43 - 00000000 ____D C:\Users\bhandswa\Downloads\E-Meditek Card Medical Insurance
2016-06-16 13:03 - 2016-06-16 13:03 - 00750592 _____ C:\Users\bhandswa\Desktop\Spoilt_Error_Log_V_0.0.6.xls
2016-06-13 17:39 - 2016-06-13 17:39 - 00568111 _____ C:\Users\bhandswa\Desktop\HotelVoucher_NH2106927337604
2016-06-06 11:43 - 2016-06-06 11:43 - 00000000 ____D C:\Users\bhandswa\Desktop\attachments
2016-06-05 00:36 - 2016-06-05 00:36 - 01318920 _____ C:\WINDOWS\Minidump\060516-27253-01.dmp
2016-06-03 15:18 - 2016-06-03 15:31 - 00267354 _____ C:\Users\bhandswa\Desktop\Email statement From Oct-2015 till Jun 2016 ver1.0.xlsx
2016-06-03 13:47 - 2016-06-03 13:47 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-06-03 13:36 - 2016-06-03 13:36 - 00000000 ____D C:\Users\bhandswa\AppData\Local\IsolatedStorage
2016-05-30 12:11 - 2016-05-30 12:19 - 00000000 ____D C:\UPM
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-29 20:00 - 2015-04-25 12:00 - 00085829 _____ C:\Users\bhandswa\Network_Meter_Data.js
2016-06-29 19:58 - 2015-01-27 16:26 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-29 19:41 - 2015-09-28 16:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-29 19:25 - 2015-03-20 20:41 - 00000000 ____D C:\Users\bhandswa\Documents\Outlook Files
2016-06-29 19:25 - 2015-03-17 00:07 - 01410048 _____ C:\Bhandarkar_Swapnil.pst
2016-06-29 19:25 - 2015-03-16 23:56 - 00000000 ____D C:\Mails
2016-06-29 18:13 - 2015-01-27 17:21 - 00001594 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Center.lnk
2016-06-29 17:37 - 2015-01-27 11:34 - 00001408 _____ C:\WINDOWS\system32\config\netlogon.ftl
2016-06-29 16:42 - 2009-07-14 08:50 - 00000000 ____D C:\WINDOWS\rescache
2016-06-29 15:19 - 2015-01-27 11:36 - 00000000 ____D C:\WINDOWS\ccmsetup
2016-06-29 14:52 - 2015-03-19 14:55 - 00000000 ____D C:\Users\bhandswa\AppData\Local\VirtualStore
2016-06-29 11:15 - 2009-07-14 10:15 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-29 11:15 - 2009-07-14 10:15 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-29 11:03 - 2009-07-14 10:43 - 00885676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-29 11:03 - 2009-07-14 08:50 - 00000000 ____D C:\WINDOWS\inf
2016-06-29 11:02 - 2015-01-27 11:36 - 00000600 _____ C:\WINDOWS\SMSCFG.INI
2016-06-29 11:01 - 2015-04-25 12:10 - 00152060 _____ C:\Users\bhandswa\IP_Log_Data.js
2016-06-29 10:59 - 2015-05-14 15:24 - 00003286 _____ C:\WINDOWS\System32\Tasks\Scheduled scanning task
2016-06-29 10:59 - 2015-05-14 15:24 - 00000512 _____ C:\WINDOWS\Tasks\Scheduled scanning task.job
2016-06-29 10:59 - 2015-01-27 16:26 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-29 10:57 - 2009-07-14 10:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-28 20:17 - 2015-04-18 23:41 - 00000027 _____ C:\Users\bhandswa\AppData\Roaming\Network Meter_Usage.ini
2016-06-28 16:15 - 2015-01-27 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-28 16:13 - 2009-07-14 08:04 - 00000478 _____ C:\WINDOWS\win.ini
2016-06-28 16:07 - 2015-07-29 10:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-27 13:24 - 2015-01-27 16:10 - 00000000 ____D C:\WINDOWS\ccmcache
2016-06-27 13:14 - 2015-01-27 17:18 - 00039062 __RSH C:\ProgramData\ntuser.pol
2016-06-24 15:05 - 2015-03-24 11:21 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-24 15:04 - 2015-03-24 11:21 - 806232145 _____ C:\WINDOWS\MEMORY.DMP
2016-06-22 11:01 - 2009-07-14 10:15 - 00436048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-18 14:00 - 2015-04-19 15:03 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 22:23 - 2016-05-27 14:50 - 00001472 _____ C:\Users\bhandswa\ccm.user.properties
2016-06-16 18:59 - 2015-03-16 23:55 - 00000000 ____D C:\Users\bhandswa\Documents\Visual Studio 2010
2016-06-06 12:38 - 2015-03-19 14:55 - 00011300 __RSH C:\Users\bhandswa\ntuser.pol
2016-06-06 12:38 - 2015-03-19 14:54 - 00000000 ____D C:\Users\bhandswa
2016-06-03 15:46 - 2015-03-16 23:19 - 00000000 ____D C:\Swapnil Office
2016-06-03 15:26 - 2016-05-27 11:23 - 00000000 ____D C:\Users\bhandswa\AppData\Roaming\SQL Developer
 
==================== Files in the root of some directories =======
 
2015-12-14 12:59 - 2015-12-17 10:58 - 0013002 _____ () C:\Users\bhandswa\AppData\Roaming\Comma Separated Values.CAL
2015-09-24 14:59 - 2015-10-17 16:09 - 0001097 _____ () C:\Users\bhandswa\AppData\Roaming\Network Meter_Settings.ini
2015-04-18 23:41 - 2016-06-28 20:17 - 0000027 _____ () C:\Users\bhandswa\AppData\Roaming\Network Meter_Usage.ini
 
Files to move or delete:
====================
C:\Users\bhandswa\IP_Log_Data.js
C:\Users\bhandswa\Network_Meter_Data.js
 
 
Some files in TEMP:
====================
C:\Users\bhandswa\AppData\Local\Temp\20151116114518885jniverify.dll
C:\Users\bhandswa\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\bhandswa\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\bhandswa\AppData\Local\Temp\nls-checker-xp.exe
C:\Users\bhandswa\AppData\Local\Temp\nls-smart-installer-xp.exe
C:\Users\bhandswa\AppData\Local\Temp\Quarantine.exe
C:\Users\bhandswa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\bhandswa\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-28 12:57
 
==================== End of FRST.txt ============================

 

**************************************************************************************************************************************************************************************************

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by bhandswa (2016-06-29 20:00:39)
Running from C:\Users\bhandswa\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2015-01-27 10:44:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Guest (S-1-5-21-2844068973-666158474-3208556734-501 - Limited - Disabled)
localtecos (S-1-5-21-2844068973-666158474-3208556734-500 - Administrator - Enabled)
MiradoreClient (S-1-5-21-2844068973-666158474-3208556734-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: F-Secure Client Security Premium 11.50 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: F-Secure Client Security Premium 11.50 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: F-Secure Client Security Premium 11.50 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.06020 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.06020 - Cisco Systems, Inc.) Hidden
Cisco IP Communicator (HKLM-x32\...\{C450E640-716E-478E-A9B9-BD0EFD53C9CD}) (Version: 7.0.5.0 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)
ComponentOne Preview for .NET (HKLM-x32\...\{5D908563-1364-4A54-924E-1D838AA0FEF3}) (Version: 1.0.20053 - ComponentOne, LLC)
ComponentOne Reports for .NET (HKLM-x32\...\{D93A6ADE-4E0E-4ED7-A77C-E93C7C0561D0}) (Version: 2.5.20053 - ComponentOne, LLC)
Configuration Manager Client (Version: 5.00.8239.1000 - Microsoft Corporation) Hidden
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
DisplayLink Core Software (HKLM\...\{16A951F0-1A5B-450F-B828-8E26CB8FB08F}) (Version: 7.7.57957.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{249173FD-D060-4D5A-9C14-040D5A25D6D4}) (Version: 7.7.57957.0 - DisplayLink Corp.)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
F-Secure Client Security Premium - Browsing protection (HKLM-x32\...\F-Secure Browsing Protection) (Version: 2.00.492 - F-Secure Corporation)
F-Secure Client Security Premium - DeepGuard (HKLM-x32\...\F-Secure HIPS) (Version: 5.0.411 - F-Secure Corporation)
F-Secure Client Security Premium - Device control (HKLM-x32\...\F-Secure Device Control) (Version: 1.00.17496 - F-Secure Corporation)
F-Secure Client Security Premium - E-Mail Scanning (HKLM-x32\...\F-Secure E-mail Scanning) (Version: 6.00.533 - F-Secure Corporation)
F-Secure Client Security Premium - Internet Shield (HKLM-x32\...\F-Secure Internet Shield) (Version: 6.40 - F-Secure Corporation)
F-Secure Client Security Premium - Virus & Spy Protection (HKLM-x32\...\F-Secure Anti-Virus) (Version: 9.51.110 - F-Secure Corporation)
F-Secure Client Security Premium - Web traffic scanning (HKLM-x32\...\F-Secure Protocol Scanner) (Version: 3.00.909 - F-Secure Corporation)
Git version 2.8.2 (HKLM\...\Git_is1) (Version: 2.8.2 - The Git Development Community)
GMATPrep (HKLM-x32\...\GMATPrep 2.3.322) (Version: 2.3.322 - Graduate Management Admission Council (GMAC))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{ADA8583A-C20B-414B-8CB7-3AA7A89F7952}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hangouts Plugin for Microsoft Outlook® 1.0.65.0 (x86) (HKLM-x32\...\{217449B4-9083-4A44-BA87-5C51DAE738BE}) (Version: 1.0.65.0 - Google, Inc.)
IBM Rational Synergy 7.2.1 (HKLM-x32\...\{2C5D0DE7-743A-4FA4-BE64-1B98AA5A4F52}) (Version: 7.2.1.4481 - IBM Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3257 - Intel Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Juniper Installer Service (HKLM-x32\...\{0081D6E7-0CF1-4C19-ADBB-94EEC2476DCC}) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Host Checker (HKU\.DEFAULT\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Network Connect 7.1.0.20169 EN [1.0] (x32 Version: 1.0 - <no manufacturer>) Hidden
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.5.31739 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\...\Juniper_Setup_Client) (Version: 8.0.5.47721 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
K-Lite Codec Pack 11.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.5 - )
MapXtreme 7.2.0 x64 NCP (HKLM\...\{DED7CF9C-B65F-4924-AF3B-09D0EB72D4DF}) (Version: 7.2.0 - Pitney Bowes Software)
MapXtreme v7.0.0 Runtime NCP (HKLM-x32\...\{59B55BA8-D833-4022-B1AA-0E43C27BE594}) (Version: 7.0.0 - Pitney Bowes Business Insight)
MDOP MBAM (HKLM\...\{1B0FF767-2365-4E2B-91D1-93D442944055}) (Version: 2.5.0244.0 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{C507C5D2-661A-44B7-A395-E62EBFB6C401}) (Version: 15.8.8308.872 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Miradore client 3.4.0 64-bit (HKLM\...\{B0E27273-5CBF-4BE5-9996-B58A452173D6}) (Version: 3.4.0 - Miradore)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Node.js (HKLM\...\{318E6DE3-4619-421A-83DA-91686F8BD978}) (Version: 4.4.4 - Node.js Foundation)
ODAC Documentation for Visual Studio 2010 (HKLM-x32\...\{E95D9D0D-7C7F-48DC-B8FD-A52B862FAFA8}) (Version: 11.2.02 - Oracle Corporation)
Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF-XChange 2012 Pro (HKLM\...\{BEBACD1C-6CA9-4828-BA61-9E1E54C889D9}) (Version: 5.0.259.0 - Tracker Software Products (Canada) Ltd.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5978 - Realtek Semiconductor Corp.)
RSA SecurID Software Token (HKLM-x32\...\{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}) (Version: 4.1.0 - RSA, The Security Division of EMC)
Self-service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spread.NET 6 (HKLM-x32\...\{56CEA9E1-1AE5-4077-A2F5-A6AF5729AB55}) (Version: 6.0.2005.2008 - GrapeCity Inc.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steelray Project Viewer (HKLM-x32\...\{0BFC41AC-3156-474F-890E-CD809BFB7EA6}) (Version: 5.1.0.0 - Steelray Software)
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Terminals (HKLM-x32\...\{15A062CE-E1A0-4677-8477-BD160497943B}) (Version: 3.5.0.0 - Robert Chartier)
Tieto Image Bank 2.2 EN [1.0] (HKLM-x32\...\{4DD6F1E9-4C07-4D1C-934E-5F305F14B817}) (Version: 1.0 - Tieto)
Tieto PowerPoint Wizard 2.2 EN [1.1] (HKLM-x32\...\{05B5BF6E-284A-4837-9EB2-6DA499E95481}) (Version: 1.1 - Tieto)
Tieto Word Templates 1.2 MUL [1.0] (HKLM-x32\...\{3AC903F9-B864-414F-8F02-422A38A39704}) (Version: 1.0 - Tieto)
Tieto Word Templates 2.0 MUL [1.1] (HKLM-x32\...\{1D32CD34-04BB-4B7E-A401-ED138F1ECEF4}) (Version: 1.1 - Tieto)
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version:  - )
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2EAD046E-DE48-4832-B4DC-8DC0566F5C20} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2015-04-14] (Microsoft Corporation)
Task: {4A3654C5-4C84-466E-AAAC-098CD2F54D76} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\Anti-Virus\fsav.exe [2016-06-06] (F-Secure Corporation)
Task: {5D6C0858-86CF-4718-A3AC-5EAFF0CF5CCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {71C4FCBD-1DEF-419C-93C3-3FEC24204B12} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {7E7E55EC-AD70-4E8E-99EA-F9BE0E7590B5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {C7C84F79-F294-4E93-BC31-E1C71FC52429} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {D9864E81-8EC0-4F5E-9882-49CCE6F1C794} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DDE9ECB4-6E9C-4AF6-A9BF-E2D2C1A91388} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-24] ()
Task: {E65FCFD6-8FFC-47FA-ADDA-7BAC6BD6A7B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F4E3F0F6-45C7-4332-B867-2B21648DB83E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Scheduled scanning task.job => C:\PROGRA~2\F-Secure\ANTI-V~1\fsav.exeJ /HARD /POLICY /SCHED /REPORT C:\PROGRA~2\F-Secure\ANTI-V~1\report.txt
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-27 16:42 - 2013-11-21 16:31 - 00273448 _____ () c:\program files (x86)\f-secure\daas2\daas2_x64.dll
2015-01-21 14:59 - 2015-01-21 14:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-10 14:13 - 2015-02-10 14:13 - 06486176 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
2015-09-23 23:23 - 2015-09-23 23:23 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2015-01-27 16:42 - 2013-11-21 16:31 - 00220200 _____ () c:\program files (x86)\f-secure\daas2\daas2.dll
2015-01-27 18:04 - 2016-04-21 10:57 - 00093152 _____ () C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll
2015-01-27 16:42 - 2016-06-06 11:29 - 00292832 _____ () C:\Program Files (x86)\F-Secure\Gemini\fsgem.dll
2015-01-27 16:42 - 2013-11-21 15:28 - 00038400 _____ () C:\Program Files (x86)\F-Secure\Anti-Virus\FSAVHRES.ENG
2015-02-10 14:13 - 2015-02-10 14:13 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2013-11-15 03:30 - 2013-11-15 03:30 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2015-01-27 16:42 - 2013-11-21 16:29 - 00642088 _____ () C:\Program Files (x86)\F-Secure\FSGUI\about.dll
2015-01-27 16:42 - 2013-11-21 16:29 - 00089128 _____ () C:\Program Files (x86)\F-Secure\FSGUI\aboutres.dll
2015-01-27 16:42 - 2013-11-21 15:28 - 00118784 _____ () C:\Program Files (x86)\F-Secure\FSGUI\strres.ENG
2015-01-27 16:42 - 2013-11-21 16:29 - 00601128 _____ () C:\Program Files (x86)\F-Secure\FSGUI\gres.dll
2015-01-27 16:42 - 2013-11-21 15:28 - 00045056 _____ () C:\Program Files (x86)\F-Secure\FSGUI\fsavures.ENG
2015-01-27 16:42 - 2013-11-21 15:28 - 00147456 _____ () C:\Program Files (x86)\F-Secure\FSGUI\flyerres.ENG
2009-11-04 20:14 - 2009-11-04 20:14 - 02028280 _____ () C:\Program Files (x86)\RSA SecurID Token Common\QtCore4.dll
2009-11-04 20:14 - 2009-11-04 20:14 - 07275256 _____ () C:\Program Files (x86)\RSA SecurID Token Common\QtGui4.dll
2016-06-18 14:00 - 2016-06-15 14:45 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 14:00 - 2016-06-15 14:45 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2016-05-27 14:04 - 00000850 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
194.137.216.195 uranium
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\Control Panel\Desktop\\Wallpaper -> C:\Users\bhandswa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 31.3.244.141 - 31.3.244.139
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3E9C942B-8D63-47A2-A717-738BC8238DCA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C5BC54E-7C05-4229-B18B-DF80FB13D349}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7281AF7C-DC58-4230-9855-CFE28D4A659F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{4B909AE0-544C-43C0-8545-231C7B763F63}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{46D20201-0860-48E2-A2BC-2F61ED336106}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A302DAFF-F16A-4C1B-B5F5-80C4EE7E0CCF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{984B6D49-50C2-4BFD-B53A-F78081D2AA3C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{819EA3F9-209C-41E8-8A22-9E9B080074CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F6D69D9B-5B24-45C0-9A1D-1CD025CE987F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4C8DDC17-6AD1-4AD8-8DB9-F68BA9B6E820}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CB9BD073-8A9A-4EDC-A75A-CCE499F4B4A1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7F4CF665-B6D3-4CCB-B825-FCF1935ACAD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BC5910B0-3702-4AAA-9916-24BD39F89029}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{90D8DBE5-8E8E-4966-A1D7-DEB3634E791E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F49D21D5-F5C7-4996-A605-61415A0F9FE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D7F1ABA-BB9E-4EFD-9ECF-060F362A64A8}] => (Allow) C:\Program Files\Miradore\Client\mdclient.exe
FirewallRules: [{326BAA80-2819-471E-B67B-4D7D64204F85}] => (Allow) C:\Program Files\Miradore\Client\mdclient.exe
FirewallRules: [{C8C9CCF9-6BDD-42AF-951B-F3489C5968B4}] => (Allow) C:\Program Files\Miradore\Client\mdscheduler.exe
FirewallRules: [{7D5AA6EA-822A-4828-8EEB-EABCFA428465}] => (Allow) C:\Program Files\Miradore\Client\mdscheduler.exe
FirewallRules: [{55780C94-268E-4EA1-A669-423F76C38891}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-05-2016 15:48:34 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
27-05-2016 16:26:25 Installed MapXtreme 7.2.0 x64 NCP.
03-06-2016 13:43:19 Windows Update
15-06-2016 14:16:49 Scheduled Checkpoint
21-06-2016 16:07:27 Windows Update
28-06-2016 16:05:17 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/29/2016 11:02:58 AM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1  2016-06-29  11:02:58+05:30  wl307676  AP\bhandswa  F-Secure Management Agent
 The F-Secure installation process could not be started because of problems with internal communication in F-Secure Management Agent. You can try closing some programs or rebooting the machine. If you see this message frequently contact the system administrator.
 
Error: (06/29/2016 10:58:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2016 04:07:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2016 11:28:22 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/24/2016 07:27:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2016-06-24  19:27:50+05:30  wl307676  AP\bhandswa  F-Secure Anti-Virus
 Crash detected.
 [F-Secure Anti-Virus Client Security - TE FIN]
 
Error: (06/24/2016 03:06:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2016 06:12:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4833.1000, time stamp: 0x573ac2c1
Faulting module name: MSOIDCLIL.DLL_unloaded, version: 0.0.0.0, time stamp: 0x52a767ee
Exception code: 0xc0000005
Fault offset: 0x6bd36a11
Faulting process id: 0x2420
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
 
Error: (06/22/2016 11:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/21/2016 11:18:22 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2016-06-21  11:18:19+05:30  wl307676  AP\bhandswa  F-Secure Anti-Virus
 Scanning of \DEVICE\HARDDISKVOLUME1\ORACLE\PRODUCT\11.2.0\CLIENT_1\BIN\OMTSRECOEVNTUS.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
 
Error: (06/20/2016 11:22:46 AM) (Source: Configuration Manager Agent) (EventID: 10021) (User: )
Description: FIA204A91The program for deployment "FIA204A9" failed ("FIA0043D" - "Configuration Manager Client Upgrade Program"). The program was able to be executed but the system was restarted unexpectedly before the program could be completed or before status could be recorded. No installation status MIF was found after the system restarted.FIA204A92
 
Possible cause: The program performs a restart of the client computer when it completes, but the 'After running' setting in the program's properties is not set to Program restarts computer, or the client machine was restarted while the program was running.
Solution: Verify the above. If the program does a restart when it completes, even if it only requires a restart in some cases, modify the program's properties and set 'After running' to 'Program restarts computer'.
 
 
System errors:
=============
Error: (06/29/2016 07:34:50 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: AP)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (06/29/2016 07:34:50 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain AP due to the following: 
%%1311 = There are currently no logon servers available to service the logon request.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (06/29/2016 07:27:56 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/29/2016 07:26:51 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/29/2016 07:26:46 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/29/2016 07:26:31 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/29/2016 07:26:18 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/29/2016 02:30:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/29/2016 02:28:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (06/29/2016 02:28:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4310U CPU @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 8097.46 MB
Available physical RAM: 3968.38 MB
Total Virtual: 16193.11 MB
Available Virtual: 11510.82 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:465.47 GB) (Free:281.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E3F0755)
Partition 1: (Not Active) - (Size=465.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
 

 

==================== End of Addition.txt ============================
 
 
*******************************************************************************************************************************************************************************************************

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:01 AM

Posted 02 July 2016 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-06-29]
S3 fsbl; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys [X]
C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please post the logs and let me know if the problem persists.

#3 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 02 July 2016 - 12:50 PM

Hello Nasdaq,

 

I have done all the steps as mentioned in your reply. Yet the problem doesn't seem to go away. I am randomly redirected to the same set of websites on mouse clicks on certain websites (including bleepingcomputers.com).

 

Here are all the logs pasted. 

 

************************************************************************************************************************************************

 

Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by bhandswa (2016-07-02 21:00:28) Run:1
Running from C:\Users\bhandswa\Downloads
Loaded Profiles: bhandswa (Available Profiles: sawanshy & phaleroh & bhandswa & raiijana & gaikwnee & kacheaji)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (A Quotation) - C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-06-29]
S3 fsbl; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys [X]
C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4162059163-1544859033-1701284029-16875\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh => moved successfully
fsbl => service removed successfully
"C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 115233909 B
Java, Flash, Steam htmlcache => 14539 B
Windows/system/drivers => 92150505 B
Edge => 0 B
Chrome => 590509308 B
Firefox => 377581897 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 71550 B
sawanshy => 0 B
phaleroh => 0 B
bhandswa => 2357038288 B
raiijana => 1253569 B
gaikwnee => 244920 B
kacheaji => 0 B
 
RecycleBin => 11808454844 B
EmptyTemp: => 14.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:07:09 ====

 

 

********************************************************************************************************************************************************************************

 

 

Malwarebytes Scan Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 02-Jul-16
Scan Time: 9:40 PM
Logfile: Malwarebytes Scan Log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.02.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: bhandswa
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 520918
Time Elapsed: 13 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

********************************************************************************************************************************************************************************

 

 

AdwCleaner Log:

 

# AdwCleaner v5.201 - Logfile created 02/07/2016 at 22:53:32
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (X64)
# Username : bhandswa - WL307676
# Running from : C:\Users\bhandswa\Desktop\adwcleaner_5.201.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\WINDOWS\ms
[x] Folder Not Deleted : C:\Users\bhandswa\Desktop\Search
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : picasa.en.softonic.com
[-] [C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : microsoft-office-2010.en.softonic.com
[-] [C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : epub-reader-for-windows.en.softonic.com
[-] [C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : shutterstock.com
[-] [C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\bhandswa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1893 bytes] - [02/07/2016 22:53:32]
C:\AdwCleaner\AdwCleaner[R0].txt - [832 bytes] - [13/05/2015 13:56:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1964 bytes] - [02/07/2016 22:49:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2111 bytes] ##########

 

 
 
****************************************************************************************************************************************************************************************************
 
 
 
I hope these are all the logs that were needed. Please let me know if anything else is needed from my end.
 
Regards,
Swapnil


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:01 AM

Posted 03 July 2016 - 07:53 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#5 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 04 July 2016 - 04:45 AM

Hello again,

 

Please find below the report content.


 

 

********************************************************************************************************************************************************************************

 

rkill.exe

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/04/2016 12:39:24 AM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  194.137.216.195 uranium
 
Program finished at: 07/04/2016 12:43:16 AM
Execution time: 0 hours(s), 3 minute(s), and 52 seconds(s)
 
 
************************************************************************************************************************************************************************************
 
 
Roguekiller.exe log
 
 
RogueKiller V12.3.6.0 [Jun 27 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bhandswa [Administrator]
Started from : C:\Users\bhandswa\Downloads\RogueKiller.exe
Mode : Scan -- Date : 07/04/2016 15:01:37
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\F-Secure BlackLight Sensor (C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F-Secure BlackLight Sensor (C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\F-Secure BlackLight Sensor (C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : http://teiscpx1.ap.tieto.com/TE-ISCproxy.pac  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : http://teiscpx1.ap.tieto.com/TE-ISCproxy.pac  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://teiscpx1.ap.tieto.com/TE-ISCproxy.pac  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://teiscpx1.ap.tieto.com/TE-ISCproxy.pac  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://teiscpx1.ap.tieto.com/TE-ISCproxy.pac  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Internet Explorer\Main | Start Page : http://intra.tieto.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Internet Explorer\Main | Start Page : http://intra.tieto.com/  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.83.192.192 194.110.47.22 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.83.192.192 194.110.47.22 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40788F9C-4020-47A5-911F-74CFC7FD9103} | DhcpNameServer : 10.83.192.192 194.110.47.22 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{40788F9C-4020-47A5-911F-74CFC7FD9103} | DhcpNameServer : 10.83.192.192 194.110.47.22 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{40788F9C-4020-47A5-911F-74CFC7FD9103} | DhcpNameServer : 10.83.192.192 194.110.47.22 ([X][X])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4162059163-1544859033-1701284029-16875\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 SCSI Disk Device +++++
--- User ---
[MBR] 092b4d1353b99130b0161be8b2e1c5f6
[BSP] c4cee93d4e7285f784d8095d522924f1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476638 MB [Unknown Bootstrap | Unknown Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 976156672 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )
 
 
********************************************************************************************************************************************************************************************************************************
 
The rogue killer log looks incomplete somehow. But this is the entire log.
 
 
 
 
 
 
 


#6 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 04 July 2016 - 04:49 AM

Sorry I missed to mention that in the report there was no RED item (you mentioned to click the Remove button to delete the items in RED). There were 3 orange items at the top of the log with keyword "Suspicious.Path". I did not delete them.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:01 AM

Posted 04 July 2016 - 07:32 AM

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:01 AM

Posted 10 July 2016 - 07:28 AM

Are you still with me?

#9 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 10 July 2016 - 12:28 PM

Hello Nasdaq,

 

So sorry I could not get back. I have been slightly caught up at work so could not reset my router yet. I am yet to do it but will positively do it within next couple of days. Please keep the thread active till then.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:01 AM

Posted 10 July 2016 - 01:03 PM

No problems.

#11 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 13 July 2016 - 10:35 AM

Hi again,

 

I have reset the router and reconfigured the settings. Is there anything else that should be done?

 

Regards,

Swapnil



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:01 AM

Posted 13 July 2016 - 12:05 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


If any issues please explain.

#13 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 16 July 2016 - 09:56 AM

Hi Nasdaq,

 

I haven't faced the issue again after resetting the router. So far it looks good. Thanks a lot for all your help !

 

Regards,

Swapnil



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:01 AM

Posted 16 July 2016 - 10:00 AM

Glad we could help.

#15 swapnilba

swapnilba
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 18 July 2016 - 09:52 AM

Hi, Can I remove the softwares/tools that I installed ? (adwcleaner, roguekiller etc)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users