Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Googlle redirect virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 unicorncrs

unicorncrs

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 28 August 2016 - 11:24 AM

Hi,

I am unable to use google, the search is redirected.

in chrome settings the default search settings is also changes, please refer to the pic below.

 

   

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 29 August 2016 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 unicorncrs

unicorncrs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 30 August 2016 - 09:45 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by AMIT (administrator) on AMIT-PC (30-08-2016 20:11:33)
Running from C:\Users\AMIT\Downloads
Loaded Profiles: AMIT (Available Profiles: AMIT)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsmngr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7emlpxy.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7fwsrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7rtscan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsecurity.exe
() C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SysMon.Exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-30] (Atheros Commnucations)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Limited)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [K7TSStart] => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe [222464 2016-03-15] (K7 Computing Pvt Ltd)
HKLM-x32\...\Run: [CheckNDISPort] => C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe [454656 2014-11-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\AMIT\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\MountPoints2: H - H:\Windows/AutoRun.exe
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\MountPoints2: I - I:\Windows/AutoRun.exe
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\MountPoints2: {788da4fb-0b86-11e5-83c8-742f68521dd0} - H:\Windows/AutoRun.exe
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\MountPoints2: {877110b0-9146-11e5-bb93-742f68521dd0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\MountPoints2: {a0c7a4bf-4338-11e5-ab11-742f68521dd0} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\MountPoints2: {d86ecead-06ba-11e5-865c-742f68521dd0} - H:\Windows/AutoRun.exe /autoinstall
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\...\MountPoints2: {d86eceb3-06ba-11e5-865c-742f68521dd0} - H:\Windows/AutoRun.exe
HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-06-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
Startup: C:\Users\AMIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-08-27]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
BootExecute: autocheck autochk * K7TSDbg
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01A011ED-56B6-4A76-8884-D1AA12842C3D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{49F8F70E-1683-49A7-87B5-146FA29005F5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A7E9EF9D-D9B2-4834-B6CB-A72700BA54D5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DA98BD88-4039-4372-B87D-898B34EEBFB3}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131110410746141884&GUID=09829258-6E33-4A42-A902-4B586E419119
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: No Name -> {FA63128A-029D-42D1-9187-D2B75B5030C3} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-23] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-09-30] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-23] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.co.in/"
CHR DefaultSearchURL: Default -> hxxp://www.ourstartpage.com/search/?q={searchTerms}&uid=ST9500325AS_S2W7CZTYXXXXS2W7CZTY&z=ee8c507021ce3780a258c12gdz0m5o0g8c6m8c9z7z&type=ds
CHR DefaultNewTabURL: Default -> hxxps://www.ourstartpage.com/
CHR Profile: C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-19]
CHR Extension: (Google Drive) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-19]
CHR Extension: (WhatsChrome) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-08-19]
CHR Extension: (YouTube) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-19]
CHR Extension: (Google+) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2016-08-19]
CHR Extension: (Google Sheets) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Gmail) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-19]
CHR Extension: (Chrome Media Router) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKU\S-1-5-21-3382591198-3469168507-1486274051-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-30] (Atheros Commnucations) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 AVHealthMon; C:\Windows\AVHealthMonitor\HealthMon.exe [114712 2014-04-05] (K7 Computing Pvt. Ltd.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-20] (Dropbox, Inc.)
R2 K7CrvSvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
R2 K7EmlPxy; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7EmlPxy.exe [154136 2015-08-07] (K7 Computing Pvt Ltd)
R2 K7FWSrvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7FWSrvc.exe [258072 2015-09-08] (K7 Computing Pvt Ltd)
R2 K7RTScan; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7RTScan.exe [294712 2016-06-27] (K7 Computing Pvt Ltd)
R2 K7TSMngr; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSMngr.exe [314320 2016-07-04] (K7 Computing Pvt Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-22] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 K7FWHlpr; C:\Windows\System32\drivers\K7FWHlpr.sys [110544 2015-01-22] (K7 Computing Pvt Ltd)
R0 K7Sentry; C:\Windows\System32\drivers\K7Sentry.sys [190800 2016-07-27] (K7 Computing Pvt Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 20:11 - 2016-08-30 20:11 - 00024844 _____ C:\Users\AMIT\Downloads\FRST.txt
2016-08-30 20:11 - 2016-08-30 20:11 - 00000000 ____D C:\FRST
2016-08-30 20:10 - 2016-08-30 20:11 - 02397696 _____ (Farbar) C:\Users\AMIT\Downloads\FRST64.exe
2016-08-30 20:09 - 2016-08-30 20:10 - 00216110 _____ C:\TDSSKiller.3.1.0.11_30.08.2016_20.09.00_log.txt
2016-08-30 20:08 - 2016-08-30 20:08 - 04747704 _____ (AO Kaspersky Lab) C:\Users\AMIT\Downloads\tdsskiller.exe
2016-08-30 19:34 - 2016-08-30 19:34 - 07504157 _____ C:\Users\AMIT\Desktop\vento_ebrochure.pdf
2016-08-28 23:25 - 2016-08-28 23:25 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-28 19:24 - 2016-08-28 19:44 - 00427252 _____ C:\TDSSKiller.3.1.0.11_28.08.2016_19.24.40_log.txt
2016-08-28 15:49 - 2016-08-28 15:50 - 00216572 _____ C:\TDSSKiller.3.1.0.11_28.08.2016_15.49.34_log.txt
2016-08-27 11:00 - 2016-08-30 19:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-27 10:59 - 2016-08-28 20:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-27 10:59 - 2016-08-28 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-27 10:59 - 2016-08-27 10:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-27 10:59 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-27 10:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-27 10:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-26 09:52 - 2016-08-26 09:52 - 00002966 _____ C:\Windows\System32\Tasks\{A7683DBF-83C3-4185-B6F7-0DF0DFA8F276}
2016-08-26 09:24 - 2016-08-26 09:24 - 00000000 ____D C:\Users\Public\Documents\chrome
2016-08-25 20:25 - 2016-08-25 20:25 - 00000007 _____ C:\Windows\SysWOW64\wsx9240.tmp
2016-08-25 20:25 - 2016-08-25 20:25 - 00000000 ____D C:\Users\AMIT\AppData\Local\Jamben
2016-08-25 20:24 - 2016-08-25 20:24 - 00003540 _____ C:\Windows\System32\Tasks\JambenUpdateTaskMachineCore
2016-08-25 20:24 - 2016-08-25 20:24 - 00003456 _____ C:\Windows\System32\Tasks\JambenUpdateTaskMachineUA
2016-08-25 20:24 - 2016-08-25 20:24 - 00000000 ____D C:\Program Files (x86)\Jamben
2016-08-25 20:07 - 2016-08-27 10:24 - 00000000 _____ C:\Users\Public\Documents\report1.dat
2016-08-25 20:07 - 2016-08-25 20:07 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-08-25 09:43 - 2016-08-25 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-25 09:18 - 2016-08-25 09:18 - 00000000 _____ C:\Windows\SysWOW64\tmp6.html
2016-08-24 21:50 - 2016-08-27 11:42 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-08-24 12:07 - 2016-08-24 12:07 - 00000000 ____D C:\Program Files (x86)\dza56zrf
2016-08-24 12:07 - 2016-08-24 12:07 - 00000000 ____D C:\Program Files (x86)\{80C42412-57FD-4E8F-B01E-63FDCB5ED885}
2016-08-23 17:45 - 2016-08-27 10:04 - 00000000 ____D C:\AdwCleaner
2016-08-23 16:09 - 2016-08-25 21:29 - 00000001 _____ C:\Windows\SysWOW64\us.html
2016-08-23 16:09 - 2016-08-24 12:07 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\setup1
2016-08-23 16:09 - 2016-08-23 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-08-23 16:08 - 2016-08-23 16:09 - 00000000 ____D C:\Program Files (x86)\fwvzak9y
2016-08-23 16:08 - 2016-08-23 16:09 - 00000000 ____D C:\Program Files (x86)\{1485C64A-FCA6-4374-B4CC-486AC7965813}
2016-08-23 13:04 - 2016-08-23 13:04 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\Sun
2016-08-23 13:04 - 2016-08-23 13:04 - 00000000 ____D C:\Users\AMIT\.oracle_jre_usage
2016-08-22 13:11 - 2016-08-22 13:11 - 00000000 ____D C:\Windows\SupportAppPBMblaze_Home
2016-08-21 13:23 - 2016-08-21 13:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-21 13:22 - 2016-08-21 13:22 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-21 13:22 - 2016-08-21 13:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-21 13:21 - 2016-08-21 13:21 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-20 17:25 - 2016-08-20 17:25 - 00000000 ____D C:\Program Files\GoDaddy
2016-08-19 18:24 - 2016-08-19 18:24 - 00000000 ____D C:\Users\AMIT\AppData\Local\GoDaddy
2016-08-19 12:50 - 2016-08-25 20:24 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-08-19 12:40 - 2016-08-19 12:40 - 00000000 ___HD C:\OneDriveTemp
2016-08-19 12:38 - 2016-08-23 22:50 - 00000000 ___RD C:\Users\AMIT\OneDrive
2016-08-19 12:38 - 2016-08-19 12:38 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-19 12:38 - 2016-08-19 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-08-19 10:52 - 2016-08-19 10:52 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-19 10:52 - 2016-08-19 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-19 10:52 - 2016-08-19 10:52 - 00000000 ____D C:\Program Files\CCleaner
2016-08-19 01:03 - 2016-08-19 01:03 - 00000000 ____D C:\Users\AMIT\AppData\LocalLow\uTorrent
2016-08-17 02:08 - 2016-08-23 13:13 - 00000000 ____D C:\ProgramData\Oracle
2016-08-17 02:08 - 2016-08-23 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-17 02:08 - 2016-08-23 13:03 - 00269888 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-08-17 02:08 - 2016-08-23 13:03 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-17 02:07 - 2016-08-23 13:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-16 17:28 - 2016-08-16 17:28 - 00000000 ____D C:\ProgramData\Sun
2016-08-16 17:23 - 2016-08-16 17:23 - 00000000 ____D C:\Users\AMIT\AppData\LocalLow\Sun
2016-08-16 12:08 - 2016-08-16 12:08 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-16 12:07 - 2016-08-16 12:07 - 00000000 ___HD C:\Program Files (x86)\5375C74
2016-08-16 12:06 - 2016-08-27 11:31 - 00000000 ____D C:\Program Files\XBox
2016-08-16 12:06 - 2016-08-27 10:11 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-08-16 12:06 - 2016-08-23 16:17 - 00000000 ____D C:\Program Files (x86)\sbqh
2016-08-16 12:05 - 2016-08-16 12:11 - 00000000 ____D C:\Users\AMIT\AppData\Local\comapyreawecultetesp
2016-08-16 12:04 - 2016-08-16 12:04 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\Links2
2016-08-14 00:25 - 2016-08-27 11:41 - 00002591 _____ C:\Users\AMIT\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-08-14 00:25 - 2016-08-19 11:09 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\uTorrent
2016-07-31 12:54 - 2016-07-31 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 20:09 - 2015-06-18 18:19 - 00000000 ____D C:\Users\AMIT\Documents\Outlook Files
2016-08-30 19:43 - 2015-07-18 19:43 - 00000332 _____ C:\Windows\Tasks\KeyboardBoost.job
2016-08-30 19:36 - 2015-05-30 18:20 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-30 19:29 - 2015-05-30 14:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-30 19:24 - 2015-08-02 12:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 18:46 - 2015-05-30 18:20 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-30 18:40 - 2015-08-02 12:40 - 00000332 _____ C:\Windows\Tasks\JustWrite.job
2016-08-30 18:36 - 2015-08-02 16:12 - 00001022 _____ C:\Windows\Tasks\e4aIEGCJckDcsgr0Ix0xzvHGBXU.job
2016-08-30 18:36 - 2015-08-02 16:06 - 00000994 _____ C:\Windows\Tasks\NzOS8PXcIYz6s.job
2016-08-30 18:36 - 2015-08-02 15:32 - 00000988 _____ C:\Windows\Tasks\cdOqky0mac.job
2016-08-30 10:24 - 2015-08-02 12:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 08:50 - 2009-07-14 10:15 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-30 08:50 - 2009-07-14 10:15 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-30 08:45 - 2016-07-28 20:03 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-08-30 08:43 - 2015-06-09 13:44 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\stickies
2016-08-30 08:43 - 2015-05-30 17:13 - 00000000 ____D C:\Program Files (x86)\Mblaze_Home
2016-08-30 08:43 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-29 12:07 - 2015-08-17 19:24 - 00000000 ____D C:\Users\AMIT\Desktop\New folder
2016-08-29 11:23 - 2009-07-14 10:43 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-29 11:23 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-08-28 23:25 - 2015-05-30 16:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-28 22:58 - 2015-05-30 14:15 - 00000000 ____D C:\Users\AMIT\AppData\Local\Google
2016-08-28 22:19 - 2015-08-02 20:22 - 00001447 _____ C:\Users\AMIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-28 20:30 - 2016-02-16 13:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-27 11:42 - 2016-02-18 15:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-27 11:42 - 2015-08-02 12:47 - 00002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2016-08-27 11:42 - 2015-05-31 01:55 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-08-27 11:42 - 2015-05-31 01:55 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-08-27 11:42 - 2009-07-14 10:27 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-27 11:42 - 2009-07-14 10:27 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-08-27 11:42 - 2009-07-14 10:27 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-08-27 11:42 - 2009-07-14 10:24 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-08-27 11:41 - 2015-05-30 19:05 - 00000707 _____ C:\Users\AMIT\Desktop\Corporate Realty.lnk
2016-08-27 11:41 - 2009-07-14 10:31 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-08-27 11:41 - 2009-07-14 10:19 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-08-27 11:32 - 2015-05-30 23:42 - 00002160 _____ C:\Windows\system32\ServiceFilter.ini
2016-08-25 21:36 - 2015-05-30 18:20 - 00145120 _____ C:\Users\AMIT\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-25 20:32 - 2015-06-18 15:51 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\TeamViewer
2016-08-25 09:43 - 2015-05-30 17:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-25 09:17 - 2009-07-14 10:15 - 00519464 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-24 21:00 - 2015-06-09 13:05 - 00000000 ____D C:\Users\AMIT\AppData\Local\CrashDumps
2016-08-23 22:37 - 2015-12-15 11:18 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\vlc
2016-08-23 21:21 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2016-08-23 17:48 - 2015-07-10 09:00 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\Yahoo!
2016-08-23 13:04 - 2015-05-30 13:33 - 00000000 ____D C:\Users\AMIT
2016-08-21 15:22 - 2015-06-08 11:15 - 00000000 ____D C:\Users\AMIT\AppData\Roaming\PrimoPDF
2016-08-21 13:26 - 2015-06-05 08:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-21 13:23 - 2009-07-14 13:16 - 00000000 ____D C:\Windows\ShellNew
2016-08-21 13:23 - 2009-07-14 08:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-08-21 13:22 - 2015-06-05 08:43 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-21 13:15 - 2009-07-14 08:04 - 00000478 _____ C:\Windows\win.ini
2016-08-21 09:43 - 2015-11-23 00:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-19 21:11 - 2015-05-30 23:42 - 00002182 _____ C:\Windows\system32\AutoRunFilter.ini
2016-08-19 11:15 - 2015-05-31 02:50 - 00000000 ____D C:\Windows\Panther
2016-08-19 11:15 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\ModemLogs
2016-08-19 11:02 - 2016-04-21 15:17 - 00000000 ____D C:\Windows\Minidump
2016-08-17 10:44 - 2016-06-07 16:39 - 00001945 _____ C:\Windows\epplauncher.mif
2016-08-17 01:49 - 2009-07-14 10:38 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-16 08:33 - 2015-06-01 19:45 - 00000000 ____D C:\Users\AMIT\AppData\LocalLow\Temp
2016-08-16 02:33 - 2015-05-30 18:24 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-14 02:23 - 2015-06-07 16:07 - 00000000 ____D C:\Windows\System32\Tasks\Games
 
==================== Files in the root of some directories =======
 
2016-06-08 10:53 - 2007-04-11 11:11 - 0511328 _____ (Microsoft Corporation) C:\Program Files (x86)\capicom.dll
2015-04-19 17:50 - 2015-04-19 17:50 - 0005872 _____ () C:\Users\AMIT\AppData\Roaming\cdOqky0mac
2015-08-24 19:50 - 2016-03-29 10:39 - 0032466 _____ () C:\Users\AMIT\AppData\Roaming\Comma Separated Values.ADR
2015-09-26 10:30 - 2016-07-13 22:29 - 0016132 _____ () C:\Users\AMIT\AppData\Roaming\Comma Separated Values.EML
2015-04-19 17:50 - 2015-04-19 17:50 - 0005872 _____ () C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU
2015-04-19 17:50 - 2015-04-19 17:50 - 0005872 _____ () C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s
2015-11-23 00:03 - 2015-11-23 00:13 - 0000231 _____ () C:\Users\AMIT\AppData\Roaming\Rim.Desktop.Exception.log
2015-11-23 00:02 - 2015-11-23 00:39 - 0001905 _____ () C:\Users\AMIT\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-11-23 00:03 - 2015-11-23 00:13 - 0000231 _____ () C:\Users\AMIT\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-09-09 15:30 - 2015-09-09 15:32 - 0011776 ___SH () C:\Users\AMIT\AppData\Roaming\Thumbs.db
2015-09-07 10:12 - 2015-09-07 10:12 - 0768573 _____ () C:\Users\AMIT\AppData\Roaming\UserTile.png
2016-02-04 14:50 - 2016-02-04 14:50 - 0000000 ____H () C:\Users\AMIT\AppData\Local\BIT3545.tmp
2008-01-01 16:43 - 2008-01-01 16:43 - 0000000 ____H () C:\Users\AMIT\AppData\Local\BIT7DAC.tmp
2016-01-19 18:26 - 2016-01-19 18:26 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{006466B3-9E0A-47DB-8BE4-FF1DA6BA47A2}
2016-02-04 14:49 - 2016-02-04 14:50 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{03C0761A-02AE-4A9B-9765-5E2E5258F072}
2016-01-19 09:09 - 2016-01-19 09:09 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{0A98712E-9FC0-4442-BC3B-913B1A2B54D4}
2008-01-01 16:42 - 2008-01-01 16:43 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{3886BC38-5C3F-40E9-B9AB-B51CA387AD31}
2016-03-08 13:49 - 2016-03-08 13:49 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{5D169340-004C-4751-8CA8-DA22E1C6A1C8}
2015-08-02 22:57 - 2015-08-02 22:57 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{6AC5AC0A-271F-488E-8B96-607E20A2AB69}
2016-03-08 09:15 - 2016-03-08 09:15 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{6E0ED300-4C12-406C-933A-083761122EC2}
2015-11-03 20:23 - 2015-11-03 20:23 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{8A708B77-9E4F-46A2-8560-13B88EB759C6}
2015-08-02 22:55 - 2015-08-02 22:56 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{AE740A39-D45A-448D-9B56-ADE557E4E170}
2016-01-19 19:52 - 2016-01-19 19:52 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{BE97D487-C77B-4945-AD89-9C7EB9D6DC55}
2015-09-06 16:48 - 2015-09-06 16:48 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{DA64D6A5-50F2-4A04-9FB9-F60516432965}
2016-01-19 19:52 - 2016-01-19 19:52 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{DAC539FB-125E-4D16-AB18-9E7FB81B8612}
2015-07-20 10:47 - 2015-07-20 10:47 - 0000000 _____ () C:\Users\AMIT\AppData\Local\{E5BF3FA7-B662-4225-A42D-87620D80CDE4}
2016-04-30 00:51 - 2016-07-30 19:54 - 0000275 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-28 18:41
 
==================== End of FRST.txt ============================


#4 unicorncrs

unicorncrs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 30 August 2016 - 09:55 AM

Hi

Attached file.

Regards

Amit 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 31 August 2016 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs > Programs and Features.
WinZip (HKLM-x32\...\WinZip) (Version: 2.3.0 - Winzipper Pvt Ltd.) <==== ATTENTION

===
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {FA63128A-029D-42D1-9187-D2B75B5030C3} -> No File
CHR DefaultSearchURL: Default -> hxxp://www.ourstartpage.com/search/?q={searchTerms}&uid=ST9500325AS_S2W7CZTYXXXXS2W7CZTY&z=ee8c507021ce3780a258c12gdz0m5o0g8c6m8c9z7z&type=ds
CHR DefaultNewTabURL: Default -> hxxps://www.ourstartpage.com/
CHR Extension: (Chrome Web Store Payments) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-3382591198-3469168507-1486274051-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\AMIT\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
Task: -D651-45C9-B51F-08C79C502691} - System32\Tasks\JambenUpdateTaskMachineUA => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe <==== ATTENTION
Task: {13B60DAC-793E-48C3-BEFC-E1B35D265AE5} - System32\Tasks\JustWrite => c:\programdata\{e8c73ad4-6e5c-3201-e8c7-73ad46e5eb51}\sevensetup.exe <==== ATTENTION
Task: {52EC8052-7613-4697-8CC3-0E1E207F3C50} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-28] ()
Task: {5AF52451-860C-4343-A171-E86DF5ABD779} - System32\Tasks\KeyboardBoost => c:\programdata\{5eff4159-0cfc-17ab-5eff-f41590cf0564}\sevensetup.exe <==== ATTENTION
Task: {64FA1C55-3B9D-4243-A18C-6796026EBCB0} - System32\Tasks\e4aIEGCJckDcsgr0Ix0xzvHGBXU => C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe <==== ATTENTION
Task: {71CF1D53-1BEF-4C91-9E02-70C68312E3B5} - System32\Tasks\JambenUpdateTaskMachineCore => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe <==== ATTENTION
Task: {94F27ECB-22CD-4F88-9D4C-1CABA0FF5C0D} - System32\Tasks\69193BE3-D759-4644-8410-243BF4CF327 => C:\Users\AMIT\AppData\Local\69193BE3-D759-4644-8410-243BF4CF327\69193BE3-D759-4644-8410-243BF4CF327.exe <==== ATTENTION
Task: {A28E83A4-37CB-4304-BE57-6FF7C0F9FF91} - System32\Tasks\cdOqky0mac => C:\Users\AMIT\AppData\Roaming\cdOqky0mac.exe <==== ATTENTION
Task: {B2D1BBC4-49B9-43F1-AA13-DA54C854DC16} - System32\Tasks\NzOS8PXcIYz6s => C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4aIEGCJckDcsgr0Ix0xzvHGBXU.job => C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe <==== ATTENTION
Task: C:\Windows\Tasks\JustWrite.job => c:\programdata\{e8c73ad4-6e5c-3201-e8c7-73ad46e5eb51}\sevensetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\KeyboardBoost.job => c:\programdata\{5eff4159-0cfc-17ab-5eff-f41590cf0564}\sevensetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\NzOS8PXcIYz6s.job => C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s.exe <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
FirewallRules: [{71DAA6ED-509B-4CBD-BE18-E13F9FB1EB53}] => (Allow) C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe
C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files (x86)\Jamben
c:\programdata\{e8c73ad4-6e5c-3201-e8c7-73ad46e5eb51}
C:\Windows\AutoKMS
c:\programdata\{5eff4159-0cfc-17ab-5eff-f41590cf0564}
C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe
C:\Users\AMIT\AppData\Local\69193BE3-D759-4644-8410-243BF4CF327
C:\Users\AMIT\AppData\Roaming\cdOqky0mac.exe
C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s.exe
C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe
C:\Windows\pss\SmartWeb.lnk.Startup

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

===

Please post the Fixlog.txt and let me know if the problem persists.

#6 unicorncrs

unicorncrs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 31 August 2016 - 11:45 AM

Hello Nasdaq,

Seems like everything is back to normal. WOW you are a STAR, Thanks a tonne.

Utter Genius.

Warm Regards,

Amit

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016

Ran by AMIT (31-08-2016 22:00:13) Run:1
Running from C:\Users\AMIT\Downloads
Loaded Profiles: AMIT (Available Profiles: AMIT)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {FA63128A-029D-42D1-9187-D2B75B5030C3} -> No File
CHR DefaultSearchURL: Default -> hxxp://www.ourstartpage.com/search/?q={searchTerms}&uid=ST9500325AS_S2W7CZTYXXXXS2W7CZTY&z=ee8c507021ce3780a258c12gdz0m5o0g8c6m8c9z7z&type=ds
CHR DefaultNewTabURL: Default -> hxxps://www.ourstartpage.com/
CHR Extension: (Chrome Web Store Payments) - C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-3382591198-3469168507-1486274051-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\AMIT\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
Task: -D651-45C9-B51F-08C79C502691} - System32\Tasks\JambenUpdateTaskMachineUA => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe <==== ATTENTION
Task: {13B60DAC-793E-48C3-BEFC-E1B35D265AE5} - System32\Tasks\JustWrite => c:\programdata\{e8c73ad4-6e5c-3201-e8c7-73ad46e5eb51}\sevensetup.exe <==== ATTENTION
Task: {52EC8052-7613-4697-8CC3-0E1E207F3C50} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-28] ()
Task: {5AF52451-860C-4343-A171-E86DF5ABD779} - System32\Tasks\KeyboardBoost => c:\programdata\{5eff4159-0cfc-17ab-5eff-f41590cf0564}\sevensetup.exe <==== ATTENTION
Task: {64FA1C55-3B9D-4243-A18C-6796026EBCB0} - System32\Tasks\e4aIEGCJckDcsgr0Ix0xzvHGBXU => C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe <==== ATTENTION
Task: {71CF1D53-1BEF-4C91-9E02-70C68312E3B5} - System32\Tasks\JambenUpdateTaskMachineCore => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe <==== ATTENTION
Task: {94F27ECB-22CD-4F88-9D4C-1CABA0FF5C0D} - System32\Tasks\69193BE3-D759-4644-8410-243BF4CF327 => C:\Users\AMIT\AppData\Local\69193BE3-D759-4644-8410-243BF4CF327\69193BE3-D759-4644-8410-243BF4CF327.exe <==== ATTENTION
Task: {A28E83A4-37CB-4304-BE57-6FF7C0F9FF91} - System32\Tasks\cdOqky0mac => C:\Users\AMIT\AppData\Roaming\cdOqky0mac.exe <==== ATTENTION
Task: {B2D1BBC4-49B9-43F1-AA13-DA54C854DC16} - System32\Tasks\NzOS8PXcIYz6s => C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4aIEGCJckDcsgr0Ix0xzvHGBXU.job => C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe <==== ATTENTION
Task: C:\Windows\Tasks\JustWrite.job => c:\programdata\{e8c73ad4-6e5c-3201-e8c7-73ad46e5eb51}\sevensetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\KeyboardBoost.job => c:\programdata\{5eff4159-0cfc-17ab-5eff-f41590cf0564}\sevensetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\NzOS8PXcIYz6s.job => C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s.exe <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
FirewallRules: [{71DAA6ED-509B-4CBD-BE18-E13F9FB1EB53}] => (Allow) C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe
C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files (x86)\Jamben
c:\programdata\{e8c73ad4-6e5c-3201-e8c7-73ad46e5eb51}
C:\Windows\AutoKMS
c:\programdata\{5eff4159-0cfc-17ab-5eff-f41590cf0564}
C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe
C:\Users\AMIT\AppData\Local\69193BE3-D759-4644-8410-243BF4CF327
C:\Users\AMIT\AppData\Roaming\cdOqky0mac.exe
C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s.exe
C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe
C:\Windows\pss\SmartWeb.lnk.Startup
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA63128A-029D-42D1-9187-D2B75B5030C3}" => key removed successfully
HKCR\CLSID\{FA63128A-029D-42D1-9187-D2B75B5030C3} => key not found. 
Chrome DefaultSearchURL => removed successfully
Chrome DefaultNewTabURL => removed successfully
C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"HKU\S-1-5-21-3382591198-3469168507-1486274051-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
Task: -D651-45C9-B51F-08C79C502691} - System32\Tasks\JambenUpdateTaskMachineUA => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13B60DAC-793E-48C3-BEFC-E1B35D265AE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13B60DAC-793E-48C3-BEFC-E1B35D265AE5}" => key removed successfully
C:\Windows\System32\Tasks\JustWrite => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JustWrite" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{52EC8052-7613-4697-8CC3-0E1E207F3C50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52EC8052-7613-4697-8CC3-0E1E207F3C50}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AF52451-860C-4343-A171-E86DF5ABD779}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AF52451-860C-4343-A171-E86DF5ABD779}" => key removed successfully
C:\Windows\System32\Tasks\KeyboardBoost => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KeyboardBoost" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64FA1C55-3B9D-4243-A18C-6796026EBCB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64FA1C55-3B9D-4243-A18C-6796026EBCB0}" => key removed successfully
C:\Windows\System32\Tasks\e4aIEGCJckDcsgr0Ix0xzvHGBXU => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e4aIEGCJckDcsgr0Ix0xzvHGBXU" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71CF1D53-1BEF-4C91-9E02-70C68312E3B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71CF1D53-1BEF-4C91-9E02-70C68312E3B5}" => key removed successfully
C:\Windows\System32\Tasks\JambenUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JambenUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94F27ECB-22CD-4F88-9D4C-1CABA0FF5C0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F27ECB-22CD-4F88-9D4C-1CABA0FF5C0D}" => key removed successfully
C:\Windows\System32\Tasks\69193BE3-D759-4644-8410-243BF4CF327 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\69193BE3-D759-4644-8410-243BF4CF327" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A28E83A4-37CB-4304-BE57-6FF7C0F9FF91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A28E83A4-37CB-4304-BE57-6FF7C0F9FF91}" => key removed successfully
C:\Windows\System32\Tasks\cdOqky0mac => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cdOqky0mac" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2D1BBC4-49B9-43F1-AA13-DA54C854DC16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D1BBC4-49B9-43F1-AA13-DA54C854DC16}" => key removed successfully
C:\Windows\System32\Tasks\NzOS8PXcIYz6s => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NzOS8PXcIYz6s" => key removed successfully
C:\Windows\Tasks\e4aIEGCJckDcsgr0Ix0xzvHGBXU.job => moved successfully
C:\Windows\Tasks\JustWrite.job => moved successfully
C:\Windows\Tasks\KeyboardBoost.job => moved successfully
C:\Windows\Tasks\NzOS8PXcIYz6s.job => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71DAA6ED-509B-4CBD-BE18-E13F9FB1EB53} => value removed successfully
"C:\Users\AMIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Program Files (x86)\Jamben => moved successfully
"c:\programdata\{e8c73ad4-6e5c-3201-e8c7-73ad46e5eb51}" => not found.
C:\Windows\AutoKMS => moved successfully
"c:\programdata\{5eff4159-0cfc-17ab-5eff-f41590cf0564}" => not found.
"C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe" => not found.
C:\Users\AMIT\AppData\Local\69193BE3-D759-4644-8410-243BF4CF327 => moved successfully
"C:\Users\AMIT\AppData\Roaming\cdOqky0mac.exe" => not found.
"C:\Users\AMIT\AppData\Roaming\NzOS8PXcIYz6s.exe" => not found.
"C:\Users\AMIT\AppData\Roaming\e4aIEGCJckDcsgr0Ix0xzvHGBXU.exe" => not found.
C:\Windows\pss\SmartWeb.lnk.Startup => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21470905 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 59191414 B
Edge => 0 B
Chrome => 515469567 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 117784 B
systemprofile32 => 116054 B
LocalService => 132244 B
NetworkService => 3213204 B
AMIT => 24092263 B
 
RecycleBin => 0 B
EmptyTemp: => 603 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:01:16 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 31 August 2016 - 01:13 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 06 September 2016 - 12:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users