Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My is chrome infected with adware


  • Please log in to reply
4 replies to this topic

#1 naveen_talkin

naveen_talkin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 19 February 2017 - 08:50 AM

Every time my chrome home page is directed to http://search.queryrouter.com/?pid=exp or some watermelon-shake some thing like this.
 
I did FRST scan & here is the log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
Ran by Naveen (administrator) on NAVEEN-PC (19-02-2017 19:04:36)
Running from C:\Users\Naveen\Downloads\Programs
Loaded Profiles: Naveen (Available Profiles: Naveen)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3125950469-287673147-91360056-1000\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [52656 2015-08-05] (Locktime Software)
HKU\S-1-5-21-3125950469-287673147-91360056-1000\...\RunOnce: [Adobe Speed Launcher] => 1487509455
HKU\S-1-5-21-3125950469-287673147-91360056-1000\...\MountPoints2: {d4f7b01a-b877-11e6-be04-5c260a84c106} - I:\AutoRun.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2005-03-05] (Autodesk)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2017-02-13]
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2016-10-03]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3125950469-287673147-91360056-1000] => hxxp://notblocked.net/wpad.dat?5474a901cabfb1501cb62cfd4ed44d1b25308852
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{B3BDBBD0-A2CB-4874-B1B8-F68EAE6EEB70}: [DhcpNameServer] 192.168.43.1
ManualProxies: 0hxxp://notblocked.net/wpad.dat?5474a901cabfb1501cb62cfd4ed44d1b25308852

Internet Explorer:
==================
HKU\S-1-5-21-3125950469-287673147-91360056-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-10-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-10-03] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 0f84y0uz.default
FF ProfilePath: C:\Users\Naveen\AppData\Roaming\Mozilla\Firefox\Profiles\0f84y0uz.default [2017-02-17]
FF Homepage: Mozilla\Firefox\Profiles\0f84y0uz.default -> www.google.com
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Naveen\AppData\Roaming\Mozilla\Firefox\Profiles\0f84y0uz.default\features\{37cf4842-013f-44ff-89f3-381b237e0579}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF HKU\S-1-5-21-3125950469-287673147-91360056-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-09-21]
FF HKU\S-1-5-21-3125950469-287673147-91360056-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3125950469-287673147-91360056-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Naveen\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Naveen\AppData\Roaming\IDM\idmmzcc5 [2017-02-19] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-10-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-10-03] (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\2216649.js [2017-02-11] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\2216649.cfg [2017-02-11] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.in/
CHR StartupUrls: Default -> "hxxp://www.google.co.in/","hxxp://www.google.com/","hxxps://www.google.co.in/","hxxp://www.mysites123.com/?type=hp&ts=1449587597&z=9860d0a5dd2b6f97db2f4acg5z1z1t3w4bcm9w7t4z&from=amt&uid=ST500LM012XHN-M500MBB_S2X1JA0C871361871361"
CHR DefaultSearchKeyword: Default -> buyhatke
CHR Profile: C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default [2017-02-19]
CHR Extension: (Google Docs) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-03]
CHR Extension: (Google Drive) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-03]
CHR Extension: (Notepad) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2017-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-03]
CHR Extension: (AdBlock) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-17]
CHR Extension: (IE Tab) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2017-02-15]
CHR Extension: (BuyHatke) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2017-02-14]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-01-28]
CHR Extension: (IDM Integration Module) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Data Saver) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2016-10-03]
CHR Extension: (Outlook.com) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2016-10-03]
CHR Extension: (Gmail) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2017-02-13] (Autodesk)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-02-05] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-02-05] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-02-05] (BlueStack Systems, Inc.)
R2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [451848 2011-07-12] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2779136 2016-12-28] (ESET)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [322480 2015-08-05] (Locktime Software)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-10-05] (SolidWorks) [File not signed]
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2016-09-23] (SHAREit Technologies Co.Ltd)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-02-05] (BlueStack Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263296 2016-12-28] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199328 2016-06-23] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153248 2016-12-28] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208552 2016-06-23] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61608 2016-06-23] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-23] (ESET)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [120720 2015-08-04] (Locktime Software)
R0 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [86680 2016-10-19] (Dataram, Inc.)
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [27064 2016-07-06] (Windows ® Win 7 DDK provider)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-19 18:53 - 2017-02-19 19:04 - 00000000 ____D C:\FRST
2017-02-17 21:57 - 2017-02-17 21:57 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-17 21:56 - 2017-02-17 22:08 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-17 21:56 - 2017-02-17 22:08 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-17 21:28 - 2017-02-17 21:56 - 50403944 _____ (Google Inc.) C:\Users\Naveen\Downloads\ChromeStandaloneSetup64.exe
2017-02-17 09:47 - 2017-02-17 10:48 - 07680000 _____ C:\Program Files (x86)\GUT2A1D.tmp
2017-02-17 09:47 - 2017-02-17 09:47 - 00000000 ____D C:\Program Files (x86)\GUM2A1C.tmp
2017-02-17 09:23 - 2017-02-17 09:23 - 01129376 _____ (Google Inc.) C:\Users\Naveen\Downloads\ChromeSetup.exe
2017-02-16 18:31 - 2017-02-16 18:35 - 00780294 _____ C:\Users\Naveen\Desktop\English.pdf
2017-02-15 08:50 - 2017-02-15 08:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-02-15 08:49 - 2017-02-15 08:50 - 00000000 ____D C:\ProgramData\Adobe
2017-02-14 21:49 - 2017-02-17 09:17 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\Adobe
2017-02-14 21:49 - 2017-02-14 21:49 - 00000000 ____D C:\Users\Naveen\AppData\LocalLow\Adobe
2017-02-14 21:49 - 2017-02-14 21:49 - 00000000 ____D C:\Users\Naveen\AppData\Local\Adobe
2017-02-14 13:15 - 2017-02-14 13:15 - 00000000 ____D C:\Program Files\Common Files\Protexis
2017-02-14 13:14 - 2017-02-14 13:14 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-02-14 13:14 - 2017-02-14 13:14 - 00000000 ____D C:\ProgramData\Documents\Corel
2017-02-14 13:13 - 2017-02-14 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2017-02-14 13:13 - 2017-02-14 13:13 - 00000000 ____D C:\Program Files\Corel
2017-02-13 19:24 - 2017-02-13 19:25 - 00739169 _____ C:\Users\Naveen\Desktop\Shipping cover leaf.pdf.pdf
2017-02-13 15:01 - 2017-02-13 15:02 - 00000000 ____D C:\Program Files (x86)\AutoCAD 2006
2017-02-13 15:01 - 2017-02-13 15:01 - 00000000 ____D C:\Program Files (x86)\AnswerWorks 4.0
2017-02-13 12:29 - 2017-02-13 12:29 - 00005568 _____ C:\Users\Naveen\Downloads\Bureau_of_Indian_Standards_Logo.svg
2017-02-13 12:05 - 2017-02-13 12:05 - 00007016 _____ C:\Users\Naveen\Downloads\Age_warning_symbol.svg
2017-02-12 16:13 - 2017-02-12 16:14 - 00135544 _____ C:\Users\Naveen\Desktop\Kannada.pdf
2017-02-12 09:57 - 2017-02-12 09:57 - 00000169 _____ C:\Windows\Nudi.INI
2017-02-12 08:43 - 2017-02-12 08:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Indic Input 2
2017-02-12 08:43 - 2017-02-12 08:43 - 00000000 ____D C:\Program Files (x86)\Webdunia
2017-02-11 19:34 - 2017-02-11 19:34 - 00000000 ____D C:\ProgramData\Bitstream
2017-02-11 19:32 - 2017-02-11 19:32 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nudi 4.0
2017-02-11 19:32 - 2017-02-11 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nudi 4.0
2017-02-11 19:32 - 2017-02-11 19:32 - 00000000 ____D C:\Program Files (x86)\Nudi 4.0
2017-02-11 19:26 - 2017-02-11 19:26 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\Baraha Software
2017-02-11 19:00 - 2017-02-11 19:00 - 00000000 ____D C:\Windows\XSxS
2017-02-11 19:00 - 2017-02-11 19:00 - 00000000 ____D C:\Program Files (x86)\Xenocode
2017-02-09 10:30 - 2017-02-09 10:30 - 04310528 _____ (Omnesys Technologies) C:\Users\Naveen\Downloads\NestPlus.nap
2017-02-09 09:54 - 2017-02-09 10:30 - 00000000 ____D C:\NEST3
2017-02-07 12:08 - 2017-02-07 12:18 - 02099691 _____ C:\Users\Naveen\Desktop\main plate 1.pdf
2017-02-07 09:50 - 2017-02-07 09:50 - 00057421 _____ C:\Users\Naveen\Downloads\How_and_Where_to_get_MUDRA_loan.pdf
2017-02-07 09:49 - 2017-02-07 09:49 - 00032196 _____ C:\Users\Naveen\Downloads\eligibility-criteria_eng.pdf
2017-02-06 21:41 - 2017-02-06 21:41 - 00008778 _____ C:\Users\Naveen\Desktop\traffic.html
2017-02-06 21:41 - 2017-02-06 21:41 - 00000000 ____D C:\Users\Naveen\Desktop\traffic_files
2017-02-06 12:05 - 2017-02-06 12:06 - 00076797 _____ C:\Users\Naveen\Downloads\Knob.PDF
2017-02-05 10:50 - 2017-02-07 12:06 - 00303785 _____ C:\Users\Naveen\Desktop\main plate.pdf
2017-02-04 20:34 - 2017-02-17 21:57 - 00000000 ____D C:\Users\Naveen\AppData\LocalLow\Mozilla
2017-02-01 12:36 - 2017-02-01 12:36 - 00054919 _____ C:\Users\Naveen\Downloads\Flag_of_Fiji.svg
2017-01-28 11:33 - 2017-02-17 21:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-23 15:10 - 2017-01-23 15:10 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\YCanPDF
2017-01-23 14:38 - 2017-01-23 14:38 - 00000000 ____D C:\Users\Naveen\AppData\Local\TriSun_Software_Limited
2017-01-23 14:38 - 2017-01-23 14:38 - 00000000 ____D C:\Program Files (x86)\PDF Helper
2017-01-21 08:46 - 2017-01-21 08:46 - 00071702 _____ C:\Users\Naveen\Downloads\shapes - screen printing.cdr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-19 19:04 - 2016-10-03 15:22 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\DMCache
2017-02-19 18:42 - 2009-07-14 10:15 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-19 18:42 - 2009-07-14 10:15 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-19 18:38 - 2009-07-14 10:43 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-19 18:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2017-02-19 18:35 - 2016-10-08 17:36 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\Nitro PDF
2017-02-19 18:35 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\Registration
2017-02-19 18:34 - 2016-10-05 08:20 - 00000000 ____D C:\Temp
2017-02-19 18:34 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 21:56 - 2016-10-03 15:13 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-17 08:53 - 2016-10-03 15:04 - 00000000 ____D C:\Program Files (x86)\AmiBroker
2017-02-16 22:23 - 2016-10-08 09:56 - 00000374 _____ C:\Users\Naveen\Desktop\New Text Document.txt
2017-02-16 17:57 - 2016-10-05 08:27 - 00000000 ____D C:\Users\Naveen\AppData\Local\TempSWBackupDirectory
2017-02-16 17:41 - 2016-10-05 08:10 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\SolidWorks
2017-02-16 11:30 - 2016-10-03 15:22 - 00000000 ____D C:\Users\Naveen\Downloads\Compressed
2017-02-16 10:43 - 2016-10-12 13:09 - 00000000 ____D C:\Users\Naveen\Documents\My Palettes
2017-02-15 08:50 - 2016-10-11 15:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-14 22:45 - 2016-10-03 15:22 - 00000000 ____D C:\Users\Naveen\Downloads\Video
2017-02-14 22:42 - 2016-11-20 13:46 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2017-02-14 22:38 - 2016-10-05 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-02-14 20:46 - 2016-10-03 14:35 - 00189968 _____ C:\Users\Naveen\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-14 20:44 - 2009-07-14 10:15 - 00603944 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-14 17:52 - 2016-10-12 13:05 - 00000000 ____D C:\ProgramData\Corel
2017-02-14 13:16 - 2016-10-12 13:03 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2017-02-14 13:16 - 2009-07-14 08:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-14 13:02 - 2016-10-12 13:07 - 00000000 ____D C:\ProgramData\Protexis64
2017-02-14 12:23 - 2016-10-14 12:56 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\vlc
2017-02-14 07:43 - 2009-07-14 10:38 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-13 15:01 - 2016-10-05 08:07 - 00000000 ____D C:\ProgramData\Autodesk
2017-02-13 15:01 - 2016-10-05 08:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-13 15:01 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\Help
2017-02-12 10:00 - 2016-10-03 17:26 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-10 10:08 - 2016-10-16 18:14 - 00000000 ____D C:\Users\Naveen\AppData\Roaming\uTorrent
2017-02-10 09:53 - 2016-10-16 18:16 - 00000000 ___SD C:\Users\Naveen\AppData\LocalLow\Temp
2017-02-09 10:05 - 2016-11-13 11:31 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-09 09:56 - 2016-10-03 15:40 - 00000000 ____D C:\Program Files (x86)\Omnesys
2017-02-09 09:51 - 2016-10-19 09:57 - 00000000 ____D C:\RTD_1.40
2017-02-09 09:30 - 2016-10-19 09:57 - 00000612 _____ C:\Users\Naveen\Desktop\RTD_1.40.lnk

==================== Files in the root of some directories =======

2017-02-17 09:47 - 2017-02-17 10:48 - 7680000 _____ () C:\Program Files (x86)\GUT2A1D.tmp
2016-10-04 12:59 - 2016-12-28 10:37 - 0007607 _____ () C:\Users\Naveen\AppData\Local\Resmon.ResmonCfg
2017-02-11 19:12 - 2017-02-11 19:12 - 0004286 _____ () C:\ProgramData\Diamonds Match3.ico
2016-10-03 16:53 - 2016-10-04 14:56 - 0000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
2017-02-11 19:32 - 2017-02-11 19:32 - 0055296 _____ () C:\Users\Naveen\AppData\Local\Temp\ginstall.dll
2017-02-11 19:12 - 2017-02-11 19:12 - 0553984 _____ () C:\Users\Naveen\AppData\Local\Temp\is-TTUMF.tmpkannada_fonts_for_coreldraw.exe
2016-11-13 11:51 - 2016-11-13 11:51 - 0023040 _____ () C:\Users\Naveen\AppData\Local\Temp\LZMA.DLL
2016-11-13 11:51 - 2016-11-13 11:51 - 0245248 _____ (NEEMedia) C:\Users\Naveen\AppData\Local\Temp\USkinDLL.dll
2017-02-17 10:49 - 2017-02-17 10:49 - 0000000 _____ () C:\Users\Naveen\AppData\Local\Temp\{A3F0584F-103E-416D-AD8B-FCCB9D97195A}-56.0.2924.87_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 10:57

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
Ran by Naveen (19-02-2017 19:05:17)
Running from C:\Users\Naveen\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-03 08:55:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3125950469-287673147-91360056-500 - Administrator - Disabled)
Guest (S-1-5-21-3125950469-287673147-91360056-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3125950469-287673147-91360056-1002 - Limited - Enabled)
Naveen (S-1-5-21-3125950469-287673147-91360056-1000 - Administrator - Enabled) => C:\Users\Naveen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.402.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.402.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3125950469-287673147-91360056-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AmiBroker 6.00.2 (HKLM-x32\...\AmiBroker_is1) (Version: 6.00 - AmiBroker.com)
AutoCAD 2006 - English (HKLM-x32\...\{5783F2D7-4001-0409-0002-0060B0CE6BBA}) (Version: 16.2.54.10 - Autodesk)
BlueStacks App Player (HKLM-x32\...\{AF0D9073-1AE0-4C21-AA70-41294AEFBDFD}) (Version: 2.0.8.5638 - BlueStack Systems, Inc.)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Debug Diagnostics 1.2 (HKLM\...\{9C5CABF2-B1F7-41ED-A86C-CE2F35B2C330}) (Version: 1.2.0.52 - Microsoft Corporation)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{55E79447-F6B0-46CB-9F58-F82DAC9C2286}) (Version: 2.1.2.187 - Broadcom Corporation)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell System Manager (HKLM\...\{9CC89928-4787-4ED5-9942-4EBF6C2468E6}) (Version: 1.7.10000 - Dell Inc.)
ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
GCI MT4 (HKLM-x32\...\GCI MT4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IDM Crack 6.25 build 15 (HKLM-x32\...\IDM Crack 6.25 build 15) (Version: build 15 - SandySeedings Team)
IDM Crack 6.26 build 3 (HKLM-x32\...\IDM Crack 6.26 build 3) (Version: build 7 - Crackingpatching.com Team)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kannada Indic Input 2 (HKLM-x32\...\{FA9B844B-1488-4532-8D4D-728A11EC9B20}) (Version: 1.0.0 - Webdunia)
K-Lite Codec Pack 11.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.5 - )
Launcher NOW version 1.13.3.4 (HKLM-x32\...\{7b30b6a1-57d6-406a-8eec-83d9798f8f47}_is1) (Version: 1.13.3.4 - Omnesys Technologies Pvt. Ltd.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nest Trader version 3.11.4.5 (HKLM-x32\...\{60a07c0b-08e1-46f7-8573-314aad0ac05e}_is1) (Version: 3.11.4.5 - Omnesys Technologies Pvt. Ltd.)
NestPlus (HKLM-x32\...\{023E0B19-8E10-43C7-8CC8-4E483B7E32A8}) (Version: 2.9.00001 - Omnesys)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.13.0) (Version: 4.0.13.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.13.0 - Locktime Software) Hidden
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Nudi 4.0 (HKLM-x32\...\Nudi 4.0) (Version: - )
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Pi (HKLM-x32\...\{AF6D353A-B1BE-4A56-BA7D-19E3FD9CF0B4}) (Version: 1.0.06 - Tradelab Software Pvt Ltd)
RAMDisk (HKLM-x32\...\{08051769-4EA7-48EA-BB07-8BB683433F62}) (Version: 4.4.0.36 - Dataram, Inc.)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.4.152 - SHAREit Technologies Co.Ltd)
Snooker147 & Poolster (HKLM-x32\...\{59EC383E-BD67-4764-A839-46B562A5B525}) (Version: 1.3 - JHC Software Limited)
SolidWorks 2012 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20120-40400-1100-100) (Version: 20.4.0.64 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP04 (Version: 20.140.64 - SolidWorks) Hidden
UltraISO Premium V9.66 (HKLM-x32\...\UltraISO_is1) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02458D7D-62C4-44E9-98D4-351D8AE9E86E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-17] (Google Inc.)
Task: {123C867E-D066-4F68-8BD9-DFEF6B9F5B41} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()
Task: {5D8779DB-3B18-4442-BB9B-A66E3D414A8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-17] (Google Inc.)
Task: {90B60FB3-AFBF-4F04-8F57-272DB30A6F3C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-08-04 02:56 - 2015-08-04 02:56 - 00040448 _____ () C:\Program Files\Locktime Software\NetLimiter 4\CoreLibNet.dll
2015-05-26 20:50 - 2015-05-26 20:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-23 11:07 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2016-12-23 10:57 - 2012-09-05 12:51 - 00686744 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2015-08-04 02:56 - 2015-08-04 02:56 - 00180736 _____ () C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.Core.dll
2015-08-04 02:56 - 2015-08-04 02:56 - 00360960 _____ () C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.Modules.dll
2015-08-04 02:56 - 2015-08-04 02:56 - 00030720 _____ () C:\Program Files\Locktime Software\NetLimiter 4\LightTheme.dll
2017-02-17 21:57 - 2017-02-01 15:17 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-17 21:57 - 2017-02-01 15:17 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-15 20:17 - 2017-02-15 20:17 - 31178840 _____ () C:\Users\Naveen\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll
2014-04-07 20:01 - 2014-04-07 20:01 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3125950469-287673147-91360056-1000\Software\Classes\.scr: AutoCADScriptFile => "C:\Windows\SysWOW64\notepad.exe" "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3125950469-287673147-91360056-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Naveen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk => C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{127B9515-143A-4989-AAF6-15A47B3A9DE0}C:\program files (x86)\truedata\truedata velocity 2.0\truedata.velocity2.exe] => (Allow) C:\program files (x86)\truedata\truedata velocity 2.0\truedata.velocity2.exe
FirewallRules: [UDP Query User{E2E8EFFF-D795-4FD6-831E-C2B4F0AA4DC3}C:\program files (x86)\truedata\truedata velocity 2.0\truedata.velocity2.exe] => (Allow) C:\program files (x86)\truedata\truedata velocity 2.0\truedata.velocity2.exe
FirewallRules: [TCP Query User{4E5BDC75-84B3-4E47-A2CA-31F144CFA0AC}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe
FirewallRules: [UDP Query User{91D022D6-876C-41A8-96B8-35A541B979AB}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe
FirewallRules: [TCP Query User{CD244B54-A31A-4CF5-9CA8-C1F567DEDF17}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe
FirewallRules: [UDP Query User{EAEAB386-EFA7-437F-BAED-038694181BA6}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe
FirewallRules: [TCP Query User{1C943CB8-08DF-4C4D-8F7E-11263406C094}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe
FirewallRules: [UDP Query User{13F68A80-5660-44FD-BBA8-5ECB5318714C}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe
FirewallRules: [{57E65969-52BA-44B8-B379-0A3838F5AAED}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{BEAEF43E-3A13-4960-A74A-0A7659D4056B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{449B70F5-504D-4E06-89A3-2C3DADDE2D8C}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{C893FBD8-1695-40EE-A183-86B896F55DE3}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{0D841527-2D1B-4ED5-84E1-4E9521C3DFC6}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{B34FBEA8-AD11-4A05-B350-9FD70D8DED90}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{EB2612A4-B813-40A4-886E-E38A5AE2BF21}] => (Allow) C:\Users\Naveen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2BEB9BE3-5A87-4639-B4F7-1AF1A45D8426}] => (Allow) C:\Users\Naveen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{16F7013D-790A-4215-BDF3-24C54F29D08A}] => (Allow) C:\Users\Naveen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02AA0674-4660-4559-A723-41FB7B798596}] => (Allow) C:\Users\Naveen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4AC55918-3A54-43D2-910A-CB22000D413E}] => (Allow) C:\Users\Naveen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0638F547-9E7F-49CD-A9A6-64BA200DF303}] => (Allow) C:\Users\Naveen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{12D8BE9E-EC06-4CEF-9A75-85D7F3A2D078}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8BA2AC85-A4A3-4CE4-BF36-A4C3B5458C4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC04FCF1-0BDC-42B9-93BF-EE9F9E094B53}] => (Allow) C:\Program Files (x86)\Mr DJ\Age Of Empires II HD The Forgotten\AoK HD.exe
FirewallRules: [{F99CB305-5E96-4290-B8DE-9B10D332D9C9}] => (Allow) C:\Program Files (x86)\Mr DJ\Age Of Empires II HD The Forgotten\AoK HD.exe
FirewallRules: [{C06DC1CD-C853-4AC7-A43E-9AA55CF1DFD7}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{C500FA51-7672-46B7-90D4-8846639FA1C7}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{6B6A279D-87CB-4D54-8F99-896E88BFB277}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{53E25ACC-D434-421F-B3E0-BEA07D23601C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{339F5E11-6E63-4D2E-AE9F-8F3B07483917}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-02-2017 22:38:07 Removed Adobe Acrobat Reader DC.
14-02-2017 22:40:27 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
14-02-2017 22:40:55 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
14-02-2017 22:41:12 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
14-02-2017 22:41:35 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
15-02-2017 08:50:11 Installed Adobe Reader XI.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2017 06:34:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 04:25:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 10:07:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 09:27:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/18/2017 09:03:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/18/2017 08:41:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/18/2017 05:30:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/18/2017 10:37:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/18/2017 09:12:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/17/2017 09:21:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/19/2017 10:20:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \...\DR22.

Error: (02/17/2017 10:11:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/17/2017 10:08:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/17/2017 09:27:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/14/2017 07:01:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/14/2017 05:36:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/14/2017 04:17:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/14/2017 01:11:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/14/2017 12:11:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/14/2017 07:46:44 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the System Event Notification Service service, but this action failed with the following error:
An instance of the service is already running.


CodeIntegrity:
===================================
Date: 2016-11-28 08:52:53.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-28 08:52:53.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 14:59:20.183
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 14:59:20.183
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 11:32:28.136
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 11:32:28.136
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 10:22:46.089
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 10:22:46.089
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 09:02:25.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 09:02:25.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 70%
Total physical RAM: 3977.05 MB
Available physical RAM: 1162.75 MB
Total Virtual: 7952.28 MB
Available Virtual: 4935.58 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:66.12 GB) (Free:10.23 GB) NTFS
Drive d: (Backup) (Fixed) (Total:53.02 GB) (Free:45.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 5 MB) (Disk ID: 9CA2A29C)
Partition 1: (Active) - (Size=5 MB) - (Type=06)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D308230A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=66.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 19 February 2017 - 07:57 PM.
Posted logs


BC AdBot (Login to Remove)

 


#2 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:05:57 AM

Posted 19 February 2017 - 01:51 PM

Hello naveen_talkin and :welcome: to Bleeping Computer's Malware Response Forums

I am CKing123 and I will be assisting you with your malware issue. Before we begin, please read this:
 
  • The logs that you will post will take time for me to analyze, and so I will not post immediately, but I will reply in 24 hours or at the maximum in 48 hours, but I will let you know if it will take longer for me.
  • While you are being assisted, I ask that you do not seek assistance elsewhere while we work on this issue. This is so that we are on the same page of what happens on the system. If you are going to do any modifications on you own, please let me know.
  • If you are having any problem following the instructions, just ask!
  • I am still in training, so my posts will be delayed so that the instructor can approve them
  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses
  • Backup your data! Malware removal can be tricky and can result in unpredictable behaviour including losing all your data!
 
Now, let's get started in removing the malware off your system (and into oblivion) :warrior:
 
Allow me some time to review over the logs :)
 
-CKing

If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#3 naveen_talkin

naveen_talkin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 19 February 2017 - 08:36 PM

 

Hello naveen_talkin and :welcome: to Bleeping Computer's Malware Response Forums

I am CKing123 and I will be assisting you with your malware issue. Before we begin, please read this:
 
  • The logs that you will post will take time for me to analyze, and so I will not post immediately, but I will reply in 24 hours or at the maximum in 48 hours, but I will let you know if it will take longer for me.
  • While you are being assisted, I ask that you do not seek assistance elsewhere while we work on this issue. This is so that we are on the same page of what happens on the system. If you are going to do any modifications on you own, please let me know.
  • If you are having any problem following the instructions, just ask!
  • I am still in training, so my posts will be delayed so that the instructor can approve them
  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses
  • Backup your data! Malware removal can be tricky and can result in unpredictable behaviour including losing all your data!
 
Now, let's get started in removing the malware off your system (and into oblivion) :warrior:
 
Allow me some time to review over the logs :)
 
-CKing

 

Thanks CKing

Take your time no issue.



#4 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:05:57 AM

Posted 20 February 2017 - 05:51 PM

Hi

 

Reviewing over the logs, I noticed evidence of illegal software on your computer. I am going to request you completely uninstall Internet Download Manager and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

 

If you decide to remove the program(s) please run this after removal.

 

CKScanner

1. Download CKScanner and save it to your Desktop

2. Double click CKScanner

3. Select Search For Files

4. Once completed select Save List to File

5. A ckfiles.txt document will be placed on your Desktop

6. Copy and paste the results of that report in your reply

 

 

Regards,

-CKing

=====================

Things I would like to see in your next reply

    CKScanner report

    FRST report

    Additions report


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#5 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:05:57 AM

Posted 24 February 2017 - 11:51 AM

Hi

 

It has been a while since you last responded. Do you need help? If you are confused about something, just let me know :)

 

If you don't respond to this topic in 48 hours, this topic will be closed.

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users