Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Service Trojan Removal


  • This topic is locked This topic is locked
13 replies to this topic

#1 av1040

av1040

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 07 April 2017 - 02:41 PM

Kindly help me in removing the Smart Service Trojan/Rootkit. I have spent hours browsing this Forum. I cannot execute any of the suggested programs due to the resource already in use error? I followed the steps provided by Aura but cannot seem to be able to remove this Trojan?

 

 

Thanks!



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:19 PM

Posted 07 April 2017 - 03:31 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

 


Edited by JSntgRvr, 07 April 2017 - 03:35 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 av1040

av1040
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 07 April 2017 - 06:23 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by ashok (administrator) on NEWLAPTOP (07-04-2017 14:40:16)
Running from E:\
Loaded Profiles: ashok (Available Profiles: ashok & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-07] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] => C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe [54072 2015-09-10] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2017-03-26] (Glarysoft Ltd)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [Lync] => "C:\Program Files\Microsoft Office\root\Office16\lync.exe" /fromrunkey
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [GoogleChromeAutoLaunch_8B0A51ACF7E50E538A0F38314D1EC1C7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [folderclone] => C:\Program Files (x86)\FolderClone\folderclone.exe [1199304 2016-07-10] (Salty Brine Software)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [InterStat] => C:\Users\ashok\AppData\Roaming\InterStat\interstat.exe [2981720 2017-04-05] (Lead IT) <===== ATTENTION
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [eistis] => rundll32.exe "C:\Users\ashok\AppData\Local\eistis.dll",eistis <===== ATTENTION
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Run: [DriverMax_RESTART] => [X]
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [] => [X]
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{e83000a3-b61f-4c87-9d49-022f5c4dd0ae}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-421319782-3228657606-2084502403-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0ByCyByCyD0D0FyCtB0EtCyCyB0DtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtBzytDtA0F0ByEtGyBtDzy0EtGyB0CyB0CtGtD0F0ByCtG0B0FzzyEtBzyyByCtD0FzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDzzyCyBtDyDtGzz0CzzyDtGyEtA0D0CtGzzzztDzytG0B0B0EyEtDyDzyyCtAyDtB0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyCyBtB%26cr%3D230536113%26a%3Dwbf_btlrd_16_45%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0ByCyByCyD0D0FyCtB0EtCyCyB0DtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtBzytDtA0F0ByEtGyBtDzy0EtGyB0CyB0CtGtD0F0ByCtG0B0FzzyEtBzyyByCtD0FzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDzzyCyBtDyDtGzz0CzzyDtGyEtA0D0CtGzzzztDzytG0B0B0EyEtDyDzyyCtAyDtB0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyCyBtB%26cr%3D230536113%26a%3Dwbf_btlrd_16_45%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {26D065C0-FDE5-43C3-A19F-E60724A2F11B} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-563448c1&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0ByCyByCyD0D0FyCtB0EtCyCyB0DtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtBzytDtA0F0ByEtGyBtDzy0EtGyB0CyB0CtGtD0F0ByCtG0B0FzzyEtBzyyByCtD0FzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDzzyCyBtDyDtGzz0CzzyDtGyEtA0D0CtGzzzztDzytG0B0B0EyEtDyDzyyCtAyDtB0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyCyBtB%26cr%3D230536113%26a%3Dwbf_btlrd_16_45%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0ByCyByCyD0D0FyCtB0EtCyCyB0DtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtBzytDtA0F0ByEtGyBtDzy0EtGyB0CyB0CtGtD0F0ByCtG0B0FzzyEtBzyyByCtD0FzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDzzyCyBtDyDtGzz0CzzyDtGyEtA0D0CtGzzzztDzytG0B0B0EyEtDyDzyyCtAyDtB0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyCyBtB%26cr%3D230536113%26a%3Dwbf_btlrd_16_45%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-421319782-3228657606-2084502403-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={90483A2A-E668-4865-924A-FF75E147EA05}&mid=faf4dd00e5e847cf9c7f65ff30b91fc1-46b02682b7d37fadc317a94ec7565dcb6265b25f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-11-26 13:21:26&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-18] (Oracle Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-21] (AVG)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-18] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-18] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-21] (AVG)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-18] (Oracle Corporation)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\mcsniepl64.dll [2017-02-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-28] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ashok\AppData\Roaming\Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877 [2017-04-05]
FF NewTab: Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877 -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877 -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877 -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_45&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByC0ByCyByCyD0D0FyCtB0EtCyCyB0DtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtBzytDtA0F0ByEtGyBtDzy0EtGyB0CyB0CtGtD0F0ByCtG0B0FzzyEtBzyyByCtD0FzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDzzyCyBtDyDtGzz0CzzyDtGyEtA0D0CtGzzzztDzytG0B0B0EyEtDyDzyyCtAyDtB0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyCyBtB%26cr%3D230536113%26a%3Dwbf_btlrd_16_45%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877 -> user_pref("keyword.URL", true);
FF Extension: (AVG Web TuneUp) - C:\Users\ashok\AppData\Roaming\Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877\Extensions\avg@toolbar.xpi [2017-02-21]
FF SearchPlugin: C:\Users\ashok\AppData\Roaming\Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877\searchplugins\avg-secure-search.xml [2017-02-21]
FF SearchPlugin: C:\Users\ashok\AppData\Roaming\Mozilla\Firefox\Profiles\7fc8ey75.default-1432519165877\searchplugins\yahoo! powered.xml [2016-11-08]
FF Extension: (Adblocker for Youtube) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A} [2017-04-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-03-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-03-20] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-03-31] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-18] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2017-02-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2017-02-28] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-421319782-3228657606-2084502403-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ashok\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-421319782-3228657606-2084502403-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\ashok\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll [2014-01-10] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\ashok\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-28] (Octoshape ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://msn.com/news
CHR StartupUrls: Default -> "hxxp://www.msn.com/","hxxps://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://npmoikddpdgbhgbkjgjemncoegpojpng/stubby.html"
CHR DefaultSearchKeyword: Default -> google.com__
CHR Profile: C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default [2017-04-07]
CHR Extension: (Wordpress Site Manager) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\allgackcccfpminjnninimgkmclmoafe [2016-09-26]
CHR Extension: (Google Drive) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (Print this page with CleanPrint) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\biafepndnnahkfldhobcjlclklffkibe [2016-09-26]
CHR Extension: (GRE Exam: Vocabulary) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmghokgpfdmfpfiaahbiimlmmnkeeffk [2016-07-29]
CHR Extension: (Ebates Cash Back) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-03-25]
CHR Extension: (Videostream for Google Chromecast) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-03-29]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2016-08-27]
CHR Extension: (Adobe Acrobat) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Calendar) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07]
CHR Extension: (Local Explorer - File Manager on web browser) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokekhgpaakbkfkmjjcbffibkencdfkl [2016-09-24]
CHR Extension: (Sprucemarks) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakeocdnmmmnokabaiflppclocckihoj [2017-03-04]
CHR Extension: (Pandora) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-09-26]
CHR Extension: (FeedlyTool) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fednanlonchmiaiekkfgndeecpmihahg [2016-09-26]
CHR Extension: (Wunderlist New Tab) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgikemaeelgbhjnhnnahcpkjpafaeion [2016-09-26]
CHR Extension: (Print this page with CleanPrint) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2016-09-26]
CHR Extension: (CloudPress - WordPress Site Designer) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\flaihkmgeeefplknifpdnhkdjebadhee [2016-09-26]
CHR Extension: (AdBIock PIus) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\foogbdgfoejebcocaknicpgihmlkkcfk [2016-06-29]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-30]
CHR Extension: (CAD, DXF, DWG Viewer for Drive) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidepcidnkaaknoajpadfmbiipmhiokm [2016-09-26]
CHR Extension: (Screenwise Meter) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2017-01-26]
CHR Extension: (Screenwise Meter) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmclfdibpffglligfnnppjocdlhgjbb [2017-01-26]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-09-26]
CHR Extension: (OkayFreedom) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnbbbkabnehoejfhcbbhdicagcoobji [2016-09-26]
CHR Extension: (Google Keep - notes and lists) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-03-29]
CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2016-11-14]
CHR Extension: (VIEW LATER - save links in a stack) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnolaplfoobcmgfmjphkmbjolinelpkb [2016-09-26]
CHR Extension: (Pandora) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpehbfocpddfedalkdifcjoeenfbhipe [2016-09-26]
CHR Extension: (Color Piano!) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2016-09-26]
CHR Extension: (Spell Checker for Chrome) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2016-09-26]
CHR Extension: (Zoom Player Deals) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhepckfebdcnjemeknooaegpociaaiae [2016-09-26]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2016-09-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-06-29]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-09-26]
CHR Extension: (ShareThis) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplpcpijdokpnbjcklakgabohjgneidi [2016-09-26]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-11-17]
CHR Extension: (Fitness Trainer) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjfeenpeepiedfggnhnajgfkcbpnkic [2016-09-26]
CHR Extension: (Sales Prospecting - Datanyze Insider) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlholfadgbpidekmhdibonbjhdmpmafd [2017-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (MyTransitGuide) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\npmoikddpdgbhgbkjgjemncoegpojpng [2017-02-09]
CHR Extension: (Fluid UI) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgmmkbgpilmggfkhganmcmpemnhimgg [2016-09-26]
CHR Extension: (Print Friendly & PDF) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-02-06]
CHR Extension: (Read Your AOL Mail) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp [2016-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31]
CHR Profile: C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-15]
CHR Profile: C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-15]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Cast) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-07]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddboljnbemvhs [2015-03-12]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-12]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (AdBlock) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-01]
CHR Extension: (No Name) - C:\Users\ashok\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-421319782-3228657606-2084502403-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-421319782-3228657606-2084502403-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-03-21] (Samsung)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 Backup4all5Srv; C:\Program Files (x86)\Softland\Backup4all 5\bService.exe [4647992 2014-11-21] (Softland)
S4 CachemanService; C:\Program Files (x86)\Cacheman\CachemanServ.exe [238152 2013-05-14] (Outertech)
S4 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752480 2017-02-24] (Intel Security)
S4 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3 Corporate\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.)
S4 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
S4 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S4 gsRAMService; C:\Program Files (x86)\Gilisoft\RAMDisk\gsRAMService.exe [222208 2015-04-13] () [File not signed]
S4 HDDC3Service; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3 Corporate\HDDC3Service.exe [324480 2015-02-02] ()
S4 HideMyIpSRV; C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [4375792 2015-08-13] (Hide My IP)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328472 2015-11-18] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S4 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S4 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
S4 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S4 MSSQL$TBESTEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.TBESTEXPRESS\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
S4 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
S2 NetUtils2016srv; C:\WINDOWS\SysWOW64\NetUtils2016.exe [470592 2017-04-05] ()
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2014-12-16] (Microsoft)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S4 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd)
S4 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 SamsungCloudPrintSvc; C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe [922928 2016-06-14] ()
S4 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24977128 2016-03-21] (Samsung Electronics CO., LTD.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S4 SQLAgent$TBESTEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.TBESTEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3296104 2016-11-08] (Samsung Electronics Co., Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S4 VentripotentialS; C:\Program Files (x86)\Ventripotentiallthhie\VentripotentialS.exe [131584 2017-03-21] (Stilla LLC) [File not signed]
S4 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-21] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\ashok\AppData\Local\yzqiudmu\ct.exe [947200 2017-03-29] () [File not signed] <==== ATTENTION
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [646904 2016-10-13] (WiseCleaner.com)
S4 Workflow Manager Spatial Notification Service; C:\Program Files (x86)\WMX\Desktop10.2\Bin\WMXSpatialNotificationService.exe [23992 2013-07-01] (ESRI)
S4 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-21] ()
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [55800 2015-06-02] ()
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R0 GsRamDsk; C:\WINDOWS\System32\drivers\GsRamDsk.sys [55288 2015-04-13] ()
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-05-23] (Glarysoft Ltd)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
S2 hmip; C:\WINDOWS\system32\Drivers\hmip64.sys [43920 2015-08-13] (Hide My IP)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-20] (REALiX)
S2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2017-04-07] (Highresolution Enterprises [www.highrez.co.uk])
S3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 Leawo_VAD; C:\WINDOWS\system32\drivers\leawo_vad.sys [36120 2014-11-13] (Shenzhen Moyea Software)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [192216 2017-04-07] (Malwarebytes)
S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
S3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
S0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
S3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-04-05] () <==== ATTENTION
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-08-20] (Intel Corporation)
S2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [38392 2012-11-23] (IObit Information Technology)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32168 2015-12-09] (EldoS Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-06-27] (Realtek )
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2599128 2015-08-20] (Realtek Semiconductor Corp.)
S1 SDiskWindows10; C:\WINDOWS\System32\DRIVERS\SDiskWindows10.sys [111320 2016-03-21] (Samsung Inc.)
S1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [92848 2016-08-19] ()
S1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [26800 2016-08-19] ()
S1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [484528 2016-08-19] ()
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 VASDeviceDrm; C:\WINDOWS\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2017-04-05] (wisecleaner.com)
S3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [29616 2017-02-15] (WiseCleaner.com)
S3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-04] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-07 14:27 - 2017-04-07 14:27 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-07 13:20 - 2017-04-07 14:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-07 13:20 - 2017-04-07 13:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-07 13:20 - 2017-04-07 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-07 13:18 - 2017-04-07 13:18 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-07 12:46 - 2017-04-07 14:40 - 00000000 ____D C:\FRST
2017-04-07 12:12 - 2017-04-07 14:36 - 01286800 _____ C:\WINDOWS\ntbtlog.txt
2017-04-07 12:11 - 2017-04-07 12:11 - 00000000 ____D C:\WINDOWS\pss
2017-04-07 11:26 - 2017-04-07 12:11 - 00028754 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-04-07 11:19 - 2017-04-07 11:19 - 00001313 _____ C:\Users\Public\Desktop\Network Activity.lnk
2017-04-07 11:15 - 2017-04-07 11:15 - 00001325 _____ C:\Users\Public\Desktop\Windows Services.lnk
2017-04-07 11:13 - 2017-04-07 11:13 - 00001319 _____ C:\Users\Public\Desktop\Running Processes.lnk
2017-04-07 11:11 - 2017-04-07 11:11 - 00001319 _____ C:\Users\Public\Desktop\Installed Software.lnk
2017-04-07 11:07 - 2017-04-07 11:07 - 00001353 _____ C:\Users\Public\Desktop\Windows Startup.lnk
2017-04-07 11:06 - 2017-04-07 11:06 - 00001335 _____ C:\Users\Public\Desktop\System Information.lnk
2017-04-07 11:04 - 2017-04-07 11:04 - 00001323 _____ C:\Users\Public\Desktop\Locked Files.lnk
2017-04-07 11:00 - 2017-04-07 11:00 - 00003306 _____ C:\WINDOWS\System32\Tasks\Kerish Doctor
2017-04-07 10:59 - 2017-04-07 11:00 - 00001241 _____ C:\Users\Public\Desktop\Kerish Doctor 2017.lnk
2017-04-07 10:59 - 2017-04-07 10:59 - 00015008 _____ (Highresolution Enterprises [www.highrez.co.uk]) C:\WINDOWS\system32\Drivers\inpoutx64.sys
2017-04-07 10:59 - 2017-04-07 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerish Doctor
2017-04-07 10:59 - 2016-08-09 09:35 - 00059880 _____ (Kerish Products) C:\WINDOWS\SysWOW64\GPUTemp.dll
2017-04-07 10:59 - 2011-01-20 01:07 - 00098304 _____ (Highresolution Enterprises) C:\WINDOWS\SysWOW64\inpout32.dll
2017-04-07 10:25 - 2017-04-07 10:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ashok\Desktop\rkill.scr
2017-04-07 10:17 - 2017-04-07 10:21 - 00000000 ____D C:\bleeping
2017-04-07 10:10 - 2017-04-07 10:10 - 00004062 _____ C:\WINDOWS\System32\Tasks\DriverMaxWelcome
2017-04-07 10:10 - 2017-04-07 10:10 - 00003770 _____ C:\WINDOWS\System32\Tasks\DriverMax Notification
2017-04-07 10:10 - 2017-04-07 10:10 - 00003742 _____ C:\WINDOWS\System32\Tasks\DriverMaxAgent
2017-04-07 10:10 - 2017-04-07 10:10 - 00003610 _____ C:\WINDOWS\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2017-04-07 10:10 - 2017-04-07 10:10 - 00000000 ____D C:\Users\ashok\AppData\Roaming\Innovative Solutions
2017-04-07 10:09 - 2017-04-07 10:09 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ashok\Desktop\rkill.com
2017-04-07 10:09 - 2017-04-07 10:09 - 00001319 _____ C:\Users\ashok\Desktop\DriverMax.lnk
2017-04-07 10:09 - 2017-04-07 10:09 - 00000000 ____D C:\Users\ashok\AppData\Local\Innovative Solutions
2017-04-07 10:09 - 2017-04-07 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2017-04-07 10:09 - 2017-04-07 10:09 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2017-04-07 08:14 - 2017-04-07 08:14 - 05659546 _____ (Swearware) C:\Users\ashok\Desktop\ComboFix.exe
2017-04-07 08:13 - 2017-04-07 08:13 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ashok\Desktop\tdsskiller.exe
2017-04-07 08:12 - 2017-04-07 08:12 - 01663904 _____ (Malwarebytes) C:\Users\ashok\Desktop\JRT.exe
2017-04-07 08:11 - 2017-04-07 08:12 - 04089296 _____ C:\Users\ashok\Desktop\AdwCleaner (1).exe
2017-04-07 08:11 - 2017-04-07 08:11 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ashok\Desktop\iExplore.exe
2017-04-07 06:56 - 2017-04-07 06:56 - 19592417 _____ C:\np540u3c_user_manual.pdf
2017-04-07 06:35 - 2017-04-07 06:35 - 25109334 _____ C:\SWUpdate_2.2.8.32.ZIP
2017-04-07 06:19 - 2017-04-07 06:19 - 48870880 _____ (Samsung) C:\SideSync_4.7.0.84.exe
2017-04-07 05:14 - 2017-04-07 05:14 - 05721297 _____ C:\DriverMaxPro923-db82ao.zip
2017-04-05 21:50 - 2017-04-05 21:50 - 05136480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-05 21:41 - 2017-04-05 21:41 - 00014800 _____ (wisecleaner.com) C:\WINDOWS\WiseHDInfo64.dll
2017-04-05 17:44 - 2017-04-05 17:44 - 00003236 _____ C:\WINDOWS\System32\Tasks\{E541A41A-1C48-4756-99CD-1637B3AD2B37}
2017-04-05 15:33 - 2017-04-05 15:34 - 00000000 ____D C:\WINDOWS\LastGood
2017-04-05 14:49 - 2017-04-05 14:49 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-04-05 13:33 - 2017-04-05 13:33 - 00140288 _____ C:\Users\ashok\AppData\Roaming\Installer.dat
2017-04-05 13:33 - 2017-04-05 13:33 - 00011568 _____ C:\Users\ashok\AppData\Roaming\InstallationConfiguration.xml
2017-04-05 13:32 - 2017-04-05 13:32 - 00000000 ____D C:\Users\ashok\AppData\Local\ntuserlitelist
2017-04-05 13:32 - 2015-12-27 21:33 - 00055664 _____ C:\WINDOWS\system32\Drivers\adspiderex.sys
2017-04-05 13:31 - 2017-04-05 13:31 - 00000000 ____D C:\Program Files\KF5CNGJ1ZD
2017-04-05 13:21 - 2017-04-05 13:21 - 00000000 ____D C:\Program Files\C4H10LXJPK
2017-04-05 13:14 - 2017-04-05 13:14 - 00000000 ____D C:\Program Files\1V3BZEN6RK
2017-04-05 13:13 - 2017-04-05 13:13 - 00003708 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-04-05 13:13 - 2017-04-05 13:13 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-04-05 13:13 - 2017-04-05 13:13 - 00000000 ____D C:\ProgramData\2c2862fb-6f37-1
2017-04-05 13:13 - 2017-04-05 13:13 - 00000000 ____D C:\ProgramData\2c2862fb-00b3-0
2017-04-05 13:11 - 2017-04-05 13:13 - 00000000 ____D C:\Program Files\86HTV84JBR
2017-04-05 13:11 - 2017-04-05 13:11 - 00000000 ____D C:\Users\ashok\AppData\Local\yzqiudmu
2017-04-05 13:11 - 2017-04-05 13:11 - 00000000 ____D C:\Users\ashok\AppData\Local\ssdfr
2017-04-05 13:09 - 2017-04-05 13:09 - 00000000 ____D C:\Program Files\D6CVOUP0PE
2017-04-05 13:08 - 2017-04-05 13:08 - 00000258 __RSH C:\Users\ashok\ntuser.pol
2017-04-05 13:02 - 2017-04-07 11:29 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-04-05 13:02 - 2017-04-05 17:43 - 00000000 ____D C:\Program Files (x86)\HDWallPaper
2017-04-05 13:02 - 2017-04-05 17:42 - 00000000 ____D C:\Program Files (x86)\Spoutly
2017-04-05 13:02 - 2017-04-05 17:38 - 00000000 ____D C:\Program Files (x86)\s5
2017-04-05 13:02 - 2017-04-05 13:13 - 00470592 _____ C:\WINDOWS\SysWOW64\NetUtils2016.exe
2017-04-05 13:02 - 2017-04-05 13:11 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-04-05 13:02 - 2017-04-05 13:10 - 00002048 _____ C:\Users\ashok\AppData\Local\uninstallro.exe
2017-04-05 13:02 - 2017-04-05 13:02 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-04-05 13:02 - 2017-04-05 13:02 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-04-05 13:02 - 2017-04-05 13:02 - 00000000 ____D C:\Users\ashok\AppData\Roaming\Screenshot Pro
2017-04-05 13:02 - 2017-04-05 13:02 - 00000000 ____D C:\Users\ashok\AppData\Roaming\c
2017-04-05 13:02 - 2017-04-05 13:02 - 00000000 ____D C:\Users\ashok\AppData\Local\sclks
2017-04-05 13:02 - 2017-04-05 13:02 - 00000000 ____D C:\Program Files\FIFERAWT8S
2017-04-05 13:02 - 2017-04-05 13:02 - 00000000 ____D C:\Program Files (x86)\ScreenshotPro
2017-04-05 13:01 - 2017-04-05 13:04 - 00000324 _____ C:\WINDOWS\Tasks\Update Service for E3605470-291B-44EB-8648-745EE356599A.job
2017-04-05 13:01 - 2017-04-05 13:01 - 00002724 _____ C:\WINDOWS\System32\Tasks\Update Service for E3605470-291B-44EB-8648-745EE356599A
2017-04-05 13:01 - 2017-04-05 13:01 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-05 13:01 - 2017-04-05 13:01 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockU
2017-04-05 13:01 - 2017-04-05 13:01 - 00000000 ____D C:\Program Files (x86)\ProxyGate
2017-04-05 13:00 - 2017-04-05 17:42 - 00000000 ____D C:\Program Files (x86)\SpeeDownloader
2017-04-05 13:00 - 2017-04-05 13:01 - 00000000 ____D C:\Users\ashok\AppData\Local\AppTrailers
2017-04-05 13:00 - 2017-04-05 13:01 - 00000000 ____D C:\Program Files\C457V86RGR
2017-04-05 12:59 - 2017-04-05 13:00 - 00000000 ____D C:\Program Files\ZNPS0BUQSE
2017-04-05 12:59 - 2017-04-05 12:59 - 36526426 _____ C:\Users\ashok\Downloads\Boilsoft_Video_Cutter,Joiner,Splitter_win8.rar
2017-04-05 12:59 - 2017-04-05 12:59 - 00000000 ____D C:\Users\ashok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InterStat
2017-04-05 12:58 - 2017-04-05 12:58 - 00000000 ____D C:\Users\ashok\AppData\Roaming\InterStat
2017-04-05 12:58 - 2017-04-05 12:58 - 00000000 ____D C:\ProgramData\Microleaves
2017-04-05 12:56 - 2017-04-05 12:57 - 00000000 ____D C:\Program Files (x86)\Ventripotentiallthhie
2017-04-05 12:55 - 2017-04-05 13:04 - 00000408 _____ C:\WINDOWS\Tasks\Online Application Updater.job
2017-04-05 12:55 - 2017-04-05 13:04 - 00000362 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-04-05 12:55 - 2017-04-05 13:04 - 00000362 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-04-05 12:55 - 2017-04-05 13:04 - 00000362 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-04-05 12:55 - 2017-04-05 13:04 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v2.job
2017-04-05 12:55 - 2017-04-05 13:04 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
2017-04-05 12:55 - 2017-04-05 13:04 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
2017-04-05 12:55 - 2017-04-05 12:56 - 00000000 ____D C:\Users\ashok\AppData\Roaming\Microleaves
2017-04-05 12:55 - 2017-04-05 12:55 - 00003302 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-04-05 12:55 - 2017-04-05 12:55 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-04-05 12:55 - 2017-04-05 12:55 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-04-05 12:55 - 2017-04-05 12:55 - 00003254 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-04-05 12:55 - 2017-04-05 12:55 - 00003250 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-04-05 12:55 - 2017-04-05 12:55 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-04-05 12:55 - 2017-04-05 12:55 - 00003236 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-04-05 12:55 - 2017-04-05 12:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-04-05 12:55 - 2017-04-05 12:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-04-05 12:55 - 2017-04-05 12:55 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-04-05 12:53 - 2017-04-05 12:57 - 00000000 ____D C:\Users\ashok\Downloads\Boilsoft Video CutterJoinerSplitter win8rar
2017-04-05 12:52 - 2017-04-05 12:53 - 01615872 _____ C:\Users\ashok\Downloads\Boilsoft Video CutterJoinerSplitter win8rar.iso
2017-04-05 11:27 - 2017-04-05 12:02 - 213687838 _____ C:\Users\ashok\Downloads\df5696InfntSklsLrngAdbPrmrePr0CCTrng.part3.rar
2017-04-03 22:54 - 2017-04-03 22:54 - 00001032 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2017-04-03 22:53 - 2016-12-02 15:20 - 01250304 _____ (CineForm Inc.) C:\WINDOWS\system32\CFDecode64.ax
2017-04-03 22:52 - 2017-04-03 23:02 - 00000000 ____D C:\Users\ashok\Documents\Wondershare Filmora
2017-04-03 22:52 - 2017-04-03 22:52 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2017-04-03 22:52 - 2017-04-03 22:52 - 00000000 ____D C:\Program Files\Wondershare
2017-04-03 17:22 - 2017-04-03 22:58 - 2040109465 _____ C:\Users\ashok\Downloads\df5696InfntSklsLrngAdbPrmrePr0CCTrng.part1.rar
2017-04-02 21:15 - 2017-04-04 08:57 - 00000000 ____D C:\Users\ashok\Downloads\KeyGen
2017-04-02 21:11 - 2015-11-24 12:12 - 00154606 _____ C:\Users\ashok\Downloads\KeyGen.zip
2017-04-02 16:21 - 2017-04-02 16:26 - 186921443 _____ C:\Users\ashok\Downloads\BeTheme v17.5 Responsive Multi-Purpose WordPress Theme.zip
2017-04-02 16:15 - 2017-04-02 16:16 - 44576496 _____ C:\Users\ashok\Downloads\Bridge v10.1.2 Creative Multi-Purpose WordPress Theme.zip
2017-04-02 16:08 - 2017-04-02 16:08 - 06176539 _____ C:\Users\ashok\Downloads\Bookly v13.2 Responsive Appointment Booking and Scheduling Plugin.zip
2017-04-02 16:04 - 2017-04-02 16:12 - 245742515 _____ C:\Users\ashok\Downloads\Download 100 Yithemes Plugin Latest Version 1-April-2017.zip
2017-04-02 16:01 - 2017-04-02 17:18 - 235838259 _____ C:\Users\ashok\Downloads\Adobe Premiere Pro CC 2015.4 v10.4.0-vpsamz.part2.rar
2017-04-02 10:04 - 2017-04-02 10:04 - 00099211 _____ C:\Users\ashok\Downloads\60 day notice proof of service 2017-04-02_100419.pdf
2017-04-02 10:03 - 2017-04-02 10:03 - 00055975 _____ C:\Users\ashok\Downloads\60 day notice 2.pdf
2017-04-02 10:02 - 2017-04-02 10:02 - 00078604 _____ C:\Users\ashok\Downloads\60 day notice top.pdf
2017-04-02 08:11 - 2017-04-02 13:37 - 996147200 _____ C:\Users\ashok\Downloads\Adobe Premiere Pro CC 2015.4 v10.4.0-vpsamz.part1.rar
2017-03-31 20:03 - 2017-01-20 10:07 - 00487184 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeaack.sys
2017-03-31 20:03 - 2017-01-20 10:07 - 00366328 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2017-03-31 20:03 - 2017-01-20 10:07 - 00110256 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeplk.sys
2017-03-31 20:03 - 2017-01-18 12:56 - 00343792 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2017-03-31 20:02 - 2017-03-31 20:02 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-03-31 08:26 - 2017-03-31 08:26 - 00003384 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-03-31 08:26 - 2017-03-31 08:26 - 00003030 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-03-31 08:25 - 2017-03-31 08:25 - 16790376 _____ C:\Users\ashok\Downloads\gup5setup (1).exe
2017-03-30 13:23 - 2017-03-30 13:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-30 13:22 - 2017-03-30 13:22 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe
2017-03-28 11:31 - 2017-03-28 11:32 - 00351343 _____ C:\Users\ashok\Downloads\igeeksblog.com-What To Do Before Selling Your Old iPhoneiPad 10 Things You Must Do.pdf
2017-03-20 13:20 - 2017-03-20 13:20 - 00001339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\IncredibleCharts Pro.lnk
2017-03-20 13:20 - 2017-03-20 13:20 - 00001333 _____ C:\Users\Public\Desktop\IncredibleCharts Pro.lnk
2017-03-20 07:33 - 2017-03-20 07:33 - 00000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2017-03-20 07:00 - 2017-03-20 07:00 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-03-19 22:32 - 2017-03-19 22:32 - 00000000 ___SH C:\DkHyperbootSync
2017-03-19 18:39 - 2017-03-19 18:39 - 00002401 _____ C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk
2017-03-19 18:38 - 2015-06-25 00:53 - 00094208 ____N C:\WINDOWS\SysWOW64\ssdevm.dll
2017-03-19 18:38 - 2015-06-25 00:53 - 00087552 ____N C:\WINDOWS\system32\ssdevm64.dll
2017-03-19 18:37 - 2013-11-28 01:31 - 00011576 ____N (Samsung Electronics) C:\WINDOWS\system32\Drivers\SSPORT.SYS
2017-03-19 18:36 - 2017-03-19 18:36 - 51467064 _____ C:\Users\ashok\Downloads\M283x_Series_WIN_SPL_PCL_V3.13.12.05.12_CDV1.17.exe
2017-03-19 18:26 - 2017-03-19 18:26 - 00000045 _____ C:\WINDOWS\WF-2630.ini
2017-03-19 18:26 - 2017-03-19 18:26 - 00000000 ____D C:\Users\ashok\AppData\Roaming\Leadertech
2017-03-19 18:24 - 2017-03-20 06:18 - 00000939 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {FA42D43B-10EE-484D-B4A4-A5C962538109}.job
2017-03-19 18:24 - 2017-03-19 18:24 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {FA42D43B-10EE-484D-B4A4-A5C962538109}
2017-03-19 18:22 - 2017-03-19 18:22 - 00000165 _____ C:\Users\Public\Desktop\Epson WF-2630 Users Guide.url
2017-03-19 18:21 - 2017-03-19 18:24 - 00000000 ____D C:\Users\ashok\AppData\Roaming\Epson
2017-03-19 18:19 - 2017-03-19 18:19 - 00000000 ____D C:\Program Files\EPSON
2017-03-19 18:18 - 2017-03-20 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-03-19 18:17 - 2017-03-20 22:13 - 00000000 ____D C:\Program Files (x86)\epson
2017-03-19 18:17 - 2017-03-19 18:17 - 00001040 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-03-19 18:17 - 2017-03-19 18:17 - 00000000 ____D C:\Program Files\EpsonNet
2017-03-19 18:17 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2017-03-19 18:17 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2017-03-19 18:17 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\twaindsm.dll
2017-03-19 18:16 - 2017-03-20 06:18 - 00000939 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {7B44FC25-DA42-4674-9322-44CCBF6D95E6}.job
2017-03-19 18:16 - 2017-03-19 18:16 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {7B44FC25-DA42-4674-9322-44CCBF6D95E6}
2017-03-19 18:16 - 2017-03-19 18:16 - 00000000 ____D C:\Program Files\Common Files\EPSON
2017-03-19 18:14 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YLMBMDE.DLL
2017-03-19 18:14 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_YD4BMDE.DLL
2017-03-19 18:14 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2017-03-19 18:03 - 2017-03-19 18:03 - 03377899 _____ C:\Users\ashok\Downloads\cpd40876.pdf
2017-03-19 17:45 - 2017-03-19 17:47 - 160233400 _____ C:\Users\ashok\Documents\epson15786.exe
2017-03-19 13:35 - 2017-03-19 13:35 - 10474361 _____ C:\Users\ashok\Downloads\Divi v3.0.37 Elegant Themes WordPress Theme.zip
2017-03-18 13:47 - 2017-03-20 22:17 - 00000000 ____D C:\Program Files (x86)\Epson Software
2017-03-18 13:47 - 2017-03-19 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-03-18 13:46 - 2017-03-18 13:46 - 03590144 _____ C:\Users\ashok\Downloads\epson18104.exe
2017-03-18 08:55 - 2017-03-18 12:15 - 00002458 _____ C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2017-03-16 20:53 - 2017-03-16 20:53 - 00001333 _____ C:\Users\ashok\Desktop\SoftOrbits Background Remover.lnk
2017-03-16 20:53 - 2017-03-16 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftOrbits Background Remover
2017-03-16 20:52 - 2017-03-16 20:53 - 00000000 ____D C:\Program Files (x86)\SoftOrbits Background Remover
2017-03-16 20:51 - 2017-03-16 20:51 - 00000000 ____D C:\Users\ashok\Downloads\PhotoBackgroundRemover21-q91jnw
2017-03-16 20:50 - 2017-03-16 20:50 - 09813551 _____ C:\Users\ashok\Downloads\PhotoBackgroundRemover21-q91jnw.zip
2017-03-16 03:28 - 2017-03-20 06:18 - 00000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForashok.job
2017-03-16 03:28 - 2017-03-18 12:13 - 00002848 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForashok
2017-03-15 12:48 - 2017-03-15 12:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-15 12:48 - 2017-03-15 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-15 11:53 - 2017-03-18 12:15 - 00003652 _____ C:\WINDOWS\System32\Tasks\Wise Care 365 PC Checkup Task
2017-03-14 20:58 - 2017-03-14 20:58 - 01185172 _____ C:\Users\ashok\Downloads\ATPP1.1_ByRadiXX11.zip
2017-03-14 20:57 - 2017-03-14 20:58 - 08672576 _____ (Auslogics Labs Pty Ltd ) C:\Users\ashok\Downloads\driver-updater-setup.exe
2017-03-14 17:52 - 2017-03-14 17:52 - 01347584 _____ C:\Users\ashok\Downloads\Auslogics Disk Defreg Pro v 4800rar.iso
2017-03-14 17:48 - 2017-03-14 17:49 - 16330770 _____ C:\Users\ashok\Downloads\Auslogics BoostSpeed 9.1.2.0.rar
2017-03-14 16:46 - 2017-03-14 16:46 - 00000000 ___HD C:\OneDriveTemp
2017-03-14 1



#4 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:19 PM

Posted 07 April 2017 - 06:31 PM

@av1040 #3

 

When replying to topics or posting logs as above remember in future to click on the 'Reply' button, not the 'Report' one.

 

Chris Cosgrove



#5 av1040

av1040
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 07 April 2017 - 07:06 PM

Here are the report files generated by FARBAR

 

Please advise about the next step.

 

Thanks!

 

 

Attached Files



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:19 PM

Posted 07 April 2017 - 07:28 PM

Please follow the instructions below to remove the infection.

 

  • Download version 1.09.4.1001 of Malwarebytes Anti Rootkit (MBAR)
      
  • Run the exe.
      
  • After extraction MBAR should start. Click next.
      
  • Update by hitting the update button.
      
  • After the update completes hit next.
      
  • Hit the scan button. Please let it finish the scan. This rootkit may slow your machine down but MBAR will continue to scan.
      
  • Once the scan is complete, press the cleanup button and allow MBAR to remove what is found and allow your computer to restart
      

Post the log produced in the MBAR folder as mbar-log-TODAY'S-DATE.txt.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 av1040

av1040
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 07 April 2017 - 08:16 PM

Thanks for your reply. Unfortunately, I cannot execute Mbar from the extracted directory because of "resource already in use error". I even tried executing Mbar.Cmd from the Dos prompt but I get the error

 

..\AppData Local\mbar.vbs

 

Access is denied.

 

Kindly, suggest the next steps.



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:19 PM

Posted 07 April 2017 - 08:24 PM

Welcome. :)

Open an Administrator Command prompt (Click on the Start button, type in CMD and press CTRL+SHIFT+ENTER).

Copy the entire set of commands below  on the prompt and Press Enter.

bcdedit.exe /set {bootmgr} displaybootmenu Yes
bcdedit.exe /set {current} bootstatuspolicy DisplayAllFailures
bcdedit.exe /set {current} recoveryenabled Yes
Exit

 
We will need to run the fix from the Recovery Environment. Certain parts of the fix may not be processed, but we can go back into Normal Mode to complete the fix. You will need a USB Flash drive. Download the enclosed file to a USB Flash Drive. , then download Farbar Recovery Scan Tool and save it to the same location in the flash drive the Fixlist.txt was saved.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Insert the USB flash drive into the computer and reach the Recovery Environment Command prompt.
 
Entry points into WinRE

Your users can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart  now.
  • Boot to recovery media.
  • Use a hardware recovery button (or button combination) configured by the OEM.

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. If your users select a WinRE feature from this menu, the PC restarts into WinRE and the selected feature is launched.

WinRE starts automatically after detecting the following issues:

  • Two consecutive failed attempts to start Windows.
  • Two consecutive unexpected shutdowns that occur within two minutes of boot completion.
  • A Secure Boot error (except for issues related to Bootmgr.efi).
  • A BitLocker error on touch-only devices.

Boot options menu

This menu enables your users to perform these actions:

  • Start recovery, troubleshooting, and diagnostic tools.
  • Boot from a device (UEFI only).
  • Access the Firmware menu (UEFI only).
  • Choose which operating system to boot, if multiple operating systems are installed on the PC.

You will choose the troubleshooting options to reach the Command prompt.
dep-winre-menu.png
 
Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

Edited by JSntgRvr, 07 April 2017 - 08:26 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:19 PM

Posted 07 April 2017 - 08:25 PM

Once done the above, retry MBAR.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 av1040

av1040
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 07 April 2017 - 10:54 PM

I could execute the four line DOS command but when I selected Restart, I saw Windows 10 but I didn't see the following choices in the menu

 

  • From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart  now.
  • Boot to recovery media.

There was an option to press F8  but it didn't present the recovery option under Advanced Startup

 

My computer again started in the safe mode without the recovery option?

 

Any other way to access Recovery?

 

Thanks!



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:19 PM

Posted 07 April 2017 - 11:38 PM

Turn on the computer and before windows loads, press the power button and do a hard shutdown. Repeat this process a couple of times, until the advanced menu appears.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 av1040

av1040
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 10 April 2017 - 01:51 PM

Master Surgeon General,

 

Thanks for all your help and guidance. Your readers may find this helpful....I was able to run RougeKiller in the safe mode. This is the only program that can execute with "resource already in use" problem. However, I was able to execute Zemana AntiMalware from the USB Stick. This program helped a lot in cleaning out some viruses  and Trojans, In fact, this program restored the wireless connectivity which was knocked out by other viruses. However, Zemana AntiMalware couldn't get ride of the "resource in use" issue. I was also able to execute RougeKiller which removed some more viruses. After the successful execution of RougeKiller, I was able to execute MBAR from a USB stick, as you had suggested. And, MBAR finally got rid off all the remaining viruses and Trojans and got rid of the resource in use problem. Finally, I was able to execute adwCleaner and JunkRemovalTool to complete the clean up process.

 

Please keep up the good work in combating trojans and viruses. I have made a donation through PayPal to support the ongoing malware work. Thanks again!



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:19 PM

Posted 10 April 2017 - 02:50 PM

Thanks for the feedback.

 

Best regards. :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:19 PM

Posted 10 April 2017 - 10:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users