Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ADWARE


  • This topic is locked This topic is locked
17 replies to this topic

#1 deepak123

deepak123

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 07 May 2017 - 12:38 PM

So once again I am on this Forum for Help.
 
I followed the Advice given in the Following page.https://www.bleepingcomputer.com/virus-removal/how-to-remove-adware-on-a-pc
 
So I ended up installing programs on my computer I would not have installed otherwise.I will try to uninstall some of the programs.
 
My anti-virus gave some warnings earlier. perhaps the issue might be related to only web browsers, as anti-malware is not detecting anything.
 
I did the FRST scan in Safe- mode & I have attached the logs. Help will be appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-05-2017
Ran by Admin (administrator) on USER-PC (07-05-2017 22:07:47)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files\Secunia\PSI\psi.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [181424 2015-12-09] (Quick Heal Technologies Ltd.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [5905320 2017-04-24] (Emsisoft Ltd)
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-05-06]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.162.9.197 8.8.4.4
Tcpip\..\Interfaces\{B21CE88C-A8D4-4A7C-9F65-4AB22B08E39C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C863AB6C-FF29-45C4-8BAE-54C083D9178D}: [DhcpNameServer] 185.162.9.197 8.8.4.4

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: gx1jtmf3.default-1493636883684
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5rrkxf25.SafeBank [2006-01-01]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gx1jtmf3.default-1493636883684 [2017-05-07]
FF Extension: (Google Viewer) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gx1jtmf3.default-1493636883684\Extensions\googleviewer@brandon.siegel.xpi [2017-05-01]
FF Extension: (pdfViewerSwitcher) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gx1jtmf3.default-1493636883684\Extensions\jid1-UXDr6c69BeyPVw@jetpack.xpi [2017-05-01]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5386960 2017-04-24] (Emsisoft Ltd)
S2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [224368 2016-09-30] (Quick Heal Technologies Ltd.)
S2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [34944 2017-02-20] (Quick Heal Technologies Ltd.)
S2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [51376 2015-12-09] (Quick Heal Technologies Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [237696 2006-01-01] (Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [237696 2006-01-01] (Quick Heal Technologies Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
S2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [53912 2015-12-24] (Quick Heal Technologies Ltd.)
S2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [136880 2015-12-09] (Quick Heal Technologies Ltd.)
S2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [37552 2015-12-09] (Quick Heal Technologies Ltd.)
S2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [289504 2016-01-19] (Quick Heal Technologies Ltd.)
S2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [452760 2016-02-08] (Quick Heal Technologies Ltd.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [71680 2016-09-30] (Quick Heal Technologies Ltd.)
S3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [44784 2016-01-21] (Quick Heal Technologies Ltd.)
S1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [281048 2017-02-20] (Quick Heal Technologies Ltd.)
S1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [30992 2017-02-20] (Quick Heal Technologies Ltd.)
S3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [76728 2016-09-30] (Quick Heal Technologies Ltd.)
S2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [148424 2016-01-19] (Quick Heal Technologies Ltd.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2016-07-07] (DT Soft Ltd)
S2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [42200 2015-12-09] (Quick Heal Technologies Ltd.)
S1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [105248 2016-11-23] (Emsisoft Ltd)
S1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [72224 2016-01-07] (Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\System32\DRIVERS\kbfltr.sys [27144 2016-01-19] (Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [69128 2015-12-16] (Quick Heal Technologies Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [220088 2006-01-01] (Malwarebytes)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [44656 2015-12-09] (Quick Heal Technologies Ltd.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R0 webssx; C:\Windows\System32\drivers\webssx.sys [71144 2016-01-19] (Quick Heal Technologies Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [42144 2015-11-23] (Quick Heal Technologies Ltd.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-07 22:07 - 2017-05-07 22:08 - 00008306 _____ C:\Users\Admin\Downloads\FRST.txt
2017-05-07 22:07 - 2017-05-07 22:07 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2017-05-07 22:07 - 2017-05-07 22:07 - 00000000 ____D C:\FRST
2017-05-06 11:21 - 2017-05-06 11:21 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-05-06 11:20 - 2017-05-06 11:20 - 00000000 ____D C:\Program Files\Secunia
2017-05-06 10:26 - 2017-05-06 09:37 - 04102600 _____ C:\Users\Admin\Desktop\adwcleaner_6.046.exe
2017-05-06 09:37 - 2017-05-06 09:37 - 04102600 _____ C:\Users\Admin\Downloads\adwcleaner_6.046.exe
2017-05-06 09:18 - 2017-04-24 01:30 - 04089296 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2017-05-06 00:47 - 2006-01-01 00:26 - 00035269 _____ C:\Windows\ZAM.krnl.trace
2017-05-06 00:47 - 2006-01-01 00:03 - 00008714 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-06 00:47 - 2006-01-01 00:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-05-06 00:46 - 2017-05-06 00:46 - 00000000 ____D C:\Users\Admin\AppData\Local\Zemana
2017-05-06 00:43 - 2017-05-06 00:57 - 00000000 ____D C:\ProgramData\Emsisoft
2017-05-05 23:55 - 2017-05-05 23:55 - 00001049 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-05-05 23:55 - 2017-05-05 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-05-05 23:52 - 2006-01-01 00:02 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-05-05 23:23 - 2017-05-05 23:23 - 04002104 _____ (Secunia) C:\Users\Admin\Downloads\PSISetup.exe
2017-05-05 23:20 - 2017-05-05 23:20 - 05774688 _____ (Zemana Ltd. ) C:\Users\Admin\Downloads\Zemana.AntiMalware.Setup.exe
2017-05-05 22:48 - 2017-05-05 22:48 - 04477574 _____ C:\Users\Admin\Documents\How to Remove Adware from a PC.pdf
2017-05-05 22:41 - 2017-05-05 22:58 - 228173432 _____ (Emsisoft Ltd. ) C:\Users\Admin\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2017-05-05 22:38 - 2017-05-05 22:38 - 00000000 _____ C:\Users\Admin\defogger_reenable
2017-05-05 22:38 - 2017-05-05 22:31 - 00050477 _____ C:\Users\Admin\Desktop\Defogger.exe
2017-05-05 22:33 - 2017-05-07 22:07 - 01769984 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2017-05-05 22:31 - 2017-05-05 22:31 - 00050477 _____ C:\Users\Admin\Downloads\Defogger.exe
2017-05-05 17:36 - 2017-05-05 17:36 - 00514675 _____ C:\Users\Admin\Downloads\Notice - Research Work.pdf
2017-05-01 23:11 - 2017-05-01 23:11 - 00248661 _____ C:\Users\Admin\Downloads\m2l7.pdf
2017-05-01 18:46 - 2017-05-01 18:46 - 00021443 _____ C:\Users\Admin\Downloads\T78213.pdf
2017-05-01 18:44 - 2017-05-01 18:44 - 00088739 _____ C:\Users\Admin\Downloads\IV-CBSGS-FH-2017.pdf
2017-05-01 18:41 - 2017-05-01 18:42 - 00105578 _____ C:\Users\Admin\Downloads\VI-CBSGS-FH-2017.pdf
2017-05-01 15:34 - 2017-05-01 15:35 - 00048363 _____ C:\Users\Admin\Downloads\MTB.txt
2017-04-24 06:11 - 2017-04-24 06:27 - 00602448 _____ C:\TDSSKiller.3.1.0.15_24.04.2017_06.11.54_log.txt
2017-04-24 06:08 - 2017-04-24 06:09 - 00004894 _____ C:\TDSSKiller.3.1.0.15_24.04.2017_06.08.38_log.txt
2017-04-24 01:30 - 2017-05-06 10:47 - 00000000 ____D C:\AdwCleaner
2017-04-23 18:28 - 2017-04-23 18:28 - 00000850 _____ C:\Users\Admin\Desktop\HOSTS.txt
2017-04-23 16:53 - 2017-04-23 16:55 - 00003498 _____ C:\Users\Admin\Desktop\Rkill. 23042017.txt
2017-04-17 00:10 - 2017-04-17 00:24 - 02228224 _____ C:\Users\Admin\file.db
2017-04-17 00:10 - 2017-04-17 00:10 - 02162688 _____ C:\Users\Admin\file.dbb
2017-04-17 00:01 - 2017-04-17 00:01 - 00065536 _____ C:\Users\Admin\file.esav
2017-04-17 00:00 - 2017-04-17 00:01 - 00327680 _____ C:\Users\Admin\file.rst
2017-04-17 00:00 - 2017-04-17 00:01 - 00065536 _____ C:\Users\Admin\file.full
2017-04-17 00:00 - 2017-04-17 00:00 - 00002261 _____ C:\Users\Admin\file.BCS
2017-04-17 00:00 - 2017-04-17 00:00 - 00000737 _____ C:\Users\Admin\file.mntr
2017-04-17 00:00 - 2017-04-17 00:00 - 00000154 _____ C:\Users\Admin\file.stat
2017-04-16 20:24 - 2017-04-16 20:24 - 00093731 _____ C:\Users\Admin\Downloads\496_1.pdf
2017-04-16 17:51 - 2017-04-16 17:51 - 00046107 _____ C:\Users\Admin\Downloads\fctech.pdf
2017-04-16 17:47 - 2017-04-16 17:47 - 01063478 _____ C:\Users\Admin\Downloads\4.32-A-T.Y.B.Sc-Physcis.pdf
2017-04-16 17:42 - 2017-04-16 17:43 - 00204959 _____ C:\Users\Admin\Downloads\4.40-FYBSc-Physics-CBSGS.pdf
2017-04-16 02:12 - 2017-04-16 02:12 - 00005030 _____ C:\Users\Admin\Downloads\Journals Publishing Help REFRENCES.htm
2017-04-16 02:12 - 2017-04-16 02:12 - 00000000 ____D C:\Users\Admin\Downloads\Journals Publishing Help REFRENCES_files
2017-04-16 01:28 - 2017-04-16 01:28 - 00725546 _____ C:\Users\Admin\Downloads\citing_references.pdf
2017-04-15 00:03 - 2017-03-27 22:58 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-15 00:03 - 2017-03-26 01:09 - 20284416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-15 00:03 - 2017-03-26 00:37 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-15 00:03 - 2017-03-26 00:36 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-15 00:03 - 2017-03-26 00:25 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-15 00:03 - 2017-03-26 00:22 - 02289152 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-15 00:03 - 2017-03-26 00:21 - 01313280 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-15 00:03 - 2017-03-26 00:18 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-15 00:03 - 2017-03-26 00:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-15 00:03 - 2017-03-26 00:17 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-15 00:03 - 2017-03-26 00:17 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-15 00:03 - 2017-03-26 00:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-15 00:03 - 2017-03-26 00:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-15 00:03 - 2017-03-26 00:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-15 00:03 - 2017-03-26 00:15 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-15 00:03 - 2017-03-26 00:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-15 00:03 - 2017-03-26 00:15 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-15 00:03 - 2017-03-26 00:15 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-15 00:03 - 2017-03-26 00:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-15 00:03 - 2017-03-26 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-15 00:03 - 2017-03-26 00:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-15 00:03 - 2017-03-26 00:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-15 00:03 - 2017-03-26 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-15 00:03 - 2017-03-26 00:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-15 00:03 - 2017-03-25 22:49 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-15 00:03 - 2017-03-25 22:36 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-15 00:03 - 2017-03-25 22:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-15 00:03 - 2017-03-25 21:57 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-15 00:03 - 2017-03-25 04:11 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-15 00:03 - 2017-03-22 20:54 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-15 00:03 - 2017-03-22 20:54 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-15 00:03 - 2017-03-22 20:50 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-15 00:03 - 2017-03-22 20:36 - 02091520 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-15 00:03 - 2017-03-22 20:35 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-15 00:03 - 2017-03-22 20:35 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-15 00:03 - 2017-03-22 20:35 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-15 00:03 - 2017-03-22 20:35 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-15 00:03 - 2017-03-22 20:35 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-15 00:03 - 2017-03-22 20:35 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-15 00:03 - 2017-03-22 20:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-15 00:03 - 2017-03-14 20:53 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-15 00:03 - 2017-03-14 20:53 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-15 00:03 - 2017-03-14 20:47 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-15 00:03 - 2017-03-10 21:57 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-15 00:03 - 2017-03-10 21:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-15 00:03 - 2017-03-10 21:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-15 00:03 - 2017-03-10 21:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-15 00:03 - 2017-03-10 21:24 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-15 00:03 - 2017-03-10 21:23 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-15 00:03 - 2017-03-09 01:40 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-15 00:03 - 2017-03-08 09:56 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-04-15 00:03 - 2017-03-08 09:56 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-15 00:03 - 2017-03-08 09:56 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-15 00:03 - 2017-03-08 09:56 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-15 00:03 - 2017-03-08 09:54 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 01416192 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-15 00:03 - 2017-03-08 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-15 00:03 - 2017-03-08 09:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-15 00:03 - 2017-03-08 09:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-15 00:03 - 2017-03-08 09:28 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-15 00:03 - 2017-03-08 09:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-15 00:03 - 2017-03-08 09:26 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-15 00:03 - 2017-03-08 09:25 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-15 00:03 - 2017-03-08 09:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-15 00:03 - 2017-03-08 09:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-15 00:03 - 2017-03-08 09:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-15 00:03 - 2017-03-08 09:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-15 00:03 - 2017-03-08 09:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-15 00:03 - 2017-03-08 09:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-15 00:03 - 2017-03-08 09:23 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-15 00:03 - 2017-03-08 09:23 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:23 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-15 00:03 - 2017-03-08 09:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-15 00:03 - 2017-03-07 21:47 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-15 00:03 - 2017-03-04 06:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-15 00:03 - 2017-03-04 06:44 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-15 00:03 - 2017-02-14 21:49 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-15 00:03 - 2017-02-11 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-15 00:03 - 2017-02-09 21:44 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-15 00:03 - 2017-02-09 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-15 00:03 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-14 23:34 - 2017-04-14 23:37 - 02286046 _____ C:\Users\Admin\Downloads\11_04_2017_005_3d5966c21194bab7bf6746bd35d95718.pdf
2017-04-09 22:13 - 2017-04-09 22:13 - 00315227 _____ C:\Users\Admin\Downloads\application_MPCOE_teaching_post.pdf
2017-04-09 20:00 - 2017-04-09 20:00 - 00601633 _____ C:\Users\Admin\Downloads\MHT-CET 2017_Notice_06.04.2017.pdf
2017-04-09 11:13 - 2017-04-09 11:13 - 00147784 _____ C:\Users\Admin\Downloads\IEEE_Template_4.pdf
2017-04-07 10:30 - 2017-04-07 10:31 - 02898607 _____ C:\Users\Admin\Downloads\PhDbrochure2017.pdf
2017-04-07 08:27 - 2017-04-07 08:28 - 01952682 _____ C:\Users\Admin\Downloads\MTechbrochure2017.pdf
2017-04-07 08:26 - 2017-04-07 08:26 - 00357013 _____ C:\Users\Admin\Downloads\FCCFD_2017_QIP.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-06 14:29 - 2016-07-07 21:55 - 00000466 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2017-05-06 14:26 - 2016-07-07 21:54 - 00000442 _____ C:\Windows\Tasks\Resume Quickup Download.job
2017-05-06 12:36 - 2017-01-22 15:54 - 00000000 ____D C:\cfrbackup-DGPATQAV
2017-05-06 11:38 - 2016-07-07 21:27 - 00000952 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-05-06 11:38 - 2016-07-07 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-05-06 09:17 - 2006-01-01 00:11 - 00002050 _____ C:\Users\Admin\Desktop\Rkill.txt
2017-05-06 07:57 - 2009-07-14 10:04 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-06 07:57 - 2009-07-14 10:04 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-06 07:48 - 2016-07-07 21:52 - 00000000 ____D C:\Windows\system32\gprodat
2017-05-02 00:23 - 2010-11-21 02:31 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-02 00:23 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2017-04-23 18:19 - 2009-07-14 07:34 - 00004226 _____ C:\Windows\system32\Drivers\etc\HOSTS.old
2017-04-19 00:04 - 2016-08-13 22:27 - 00000000 ____D C:\Users\Admin\Desktop\resume
2017-04-17 00:23 - 2017-03-02 04:44 - 00006225 _____ C:\Users\Admin\file.err
2017-04-15 16:32 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\rescache
2017-04-15 10:15 - 2009-07-14 10:03 - 00408000 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-15 02:23 - 2016-07-21 11:19 - 00000000 ____D C:\Windows\system32\MRT
2017-04-15 02:16 - 2016-07-21 11:19 - 145733648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-15 00:12 - 2016-09-06 16:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-14 23:31 - 2017-02-19 22:05 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-04-07 00:07 - 2016-07-07 21:28 - 00807416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-07 00:07 - 2016-07-07 21:28 - 00145400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-07 00:07 - 2016-07-07 21:28 - 00000000 ____D C:\Windows\system32\Macromed

Some files in TEMP:
====================
2006-01-01 00:20 - 2006-01-01 00:20 - 0739328 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Local\Temp\PidGenX.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-05 20:29

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-05-2017
Ran by Admin (07-05-2017 22:09:40)
Running from C:\Users\Admin\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2016-07-07 15:34:12)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-394024817-2855374737-3736232293-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-394024817-2855374737-3736232293-500 - Administrator - Disabled)
Guest (S-1-5-21-394024817-2855374737-3736232293-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Quick Heal Total Security (Enabled - Up to date) {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Quick Heal Total Security (Enabled - Up to date) {DB8FBA10-1533-A429-00B0-F3F913340A5B}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {58D5DAD1-7966-AAFF-115F-61BE9660079D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.152 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM\...\AU11_is1) (Version: 12.16.0.72 - Innovative Solutions)
Creo Parametric Version 2.0 Datecode [M130] (HKLM\...\Creo Parametric Version 2.0 Datecode [M130]) (Version: 2.0 - PTC)
Creo Platform 2.37 (HKLM\...\{FC26D313-05E9-47E7-9030-19A5E8FAB797}) (Version: 2.37.0 - PTC)
Creo Simulate Version 2.0 Datecode [M130] (HKLM\...\Creo Simulate Version 2.0 Datecode [M130]) (Version: 2.0 - PTC)
Creo Thumbnail Viewer 2.0 (HKLM\...\{DCE77418-2527-467C-AEFD-C294F064ACF5}) (Version: 30.14.310 - PTC)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
doPDF (Version: 8.6.942 - Softland) Hidden
doPDF 8 (HKLM\...\{413fb852-4e7d-4e52-bcaa-6270ff9a9347}) (Version: 8.6.942 - Softland)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 12.0 - Emsisoft Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{49965069-29AB-4793-8F8F-D5718407C161}) (Version: 8.6.942 - Softland)
PTC Quality Agent (HKLM\...\{FFB94790-D5BC-47EA-ABB7-5FAAEC8FF0D4}) (Version: 2.0.0.0 - PTC)
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 17.00 - Quick Heal Technologies Ltd.)
Quick Heal Total Security (Version: 17.00 - Quick Heal) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EA8DFBA-1B59-49CD-AD6C-2020A2A5748C} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-06-17] ()
Task: {1DEF0CE9-3D69-4077-8976-D11DADDEA824} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2016-02-04] (Quick Heal Technologies Ltd.)
Task: {293C6CA8-7C0F-4605-80F6-62750BFDCFA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-07] (Adobe Systems Incorporated)
Task: {2FB32455-640A-4184-A23B-DF80A770A2B0} - System32\Tasks\AupAvUpdate => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2016-11-15] ()
Task: {7A71BD3E-B33F-4563-8B2A-A018D221AACF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2006-01-01] ()
Task: {81E7B3DD-F2AD-46C4-9250-BB904B7FBDE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {83CE4406-82FB-403B-979E-7B2D463E963F} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2015-12-09] (Quick Heal Technologies Ltd.)
Task: {B3D0840F-E070-4458-8D9E-D71966612B54} - System32\Tasks\Games\UpdateCheck_S-1-5-21-394024817-2855374737-3736232293-1000
Task: {DFCF50C0-C502-430F-85AF-7645654EB3A7} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2016-11-15] (Innovative Solutions GRUP SRL)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AupAvUpdate.job => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE
Task: C:\Windows\Tasks\UninstallMonitor.job => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\ModelCHECK.lnk -> C:\Program Files\PTC\Creo 2.0\Parametric\bin\modelcheck.bat ()
Shortcut: C:\Users\Public\Desktop\Structure.lnk -> C:\Program Files\PTC\Creo 2.0\Common Files\M130\mech\bin\mstruct.bat ()
Shortcut: C:\Users\Public\Desktop\Thermal.lnk -> C:\Program Files\PTC\Creo 2.0\Common Files\M130\mech\bin\mtherm.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-02-19 22:04 - 2017-04-14 23:31 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-07-07 21:26 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2017-05-06 11:30 - 2017-05-06 11:30 - 00589824 _____ () C:\Program Files\Secunia\PSI\psires.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin\Downloads\101_Creo 4_Whats New in Creo Parametric_Neumueller.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\11_04_2017_005_3d5966c21194bab7bf6746bd35d95718.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\141.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\1451565731053-vrccg01012016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\1451565831912-CCGVR01012016 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\1451565831912-CCGVR01012016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\16_08_2016_004_c5438d5b9b4b5c5e36862b810c70c55a.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\17_03_2017_015_fd25b2290187d76a36fd6eb81b45c994.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\2_14v4i1_2 AL 1000 as proposed fin material.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\3188.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\4.32-A-T.Y.B.Sc-Physcis.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\4.40-FYBSc-Physics-CBSGS.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\4.64-First-Year-Engineering1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\454_CareerPDF1_DETAILED ADVERTISEMENT HAL 43.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\496_1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\536.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\9_BEE_AC_List.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\advertisement.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\ae_exam_hall_sy_2016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\ANNA uni eee.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\ANNA uni Mech.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\application_MPCOE_teaching_post.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Application_online RESEARCH IIT BOMBAY.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\B-9 Advertiise(1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\B-9 Advertiise.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\BHEL NEXT 2018.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Bonaire-Multi-Appliance-Manual-Control.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\book_democracy_at_risk_2010.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Brochure-GATE2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\CardPhone.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\challan.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\changes in APH_2017_18.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\CIL233252.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\CIL233252_141071_9063416994.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\citing_references.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\CS dec2015.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\CTXSWallOperationManual.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\db3ch12.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Deepak Satsangi373.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\DETAILED ADVERTISEMENT-ENGLISGH GAIL.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Detailed_Advertisement_04012017(1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Detailed_Advertisement_04012017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Detailed_Advt_for_Recruitment_of_Clrks_CWE_Clerk_VI.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Detailed_Advt_for_Recruitment_of_CWE_RRBs_V.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Faculty of Technology.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\FacultyCadre.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\FCCFD_2017_QIP.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\fctech.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\FE-credit-system-syllabus.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Final-Approval-Process-Handbook-2017_18.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Final_Notification_2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\FLUENT_Document.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\for-vs5e3-vs3e3-vs3p2-part2.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\for-vs5k5-vs5a5-vs5m3-vs3m3.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Franchisee proposal.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\games_131.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Hostel-Fees MGM.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\hscsyllabus.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\IEEE_Template_4.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\III-CBSGS-SH-2016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\install_creo2_student_uni.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\install_creo3_unistudent_standard.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\INTERVIEW FORM-20.3.14.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Invoice OD507047111124962000.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\is.4503.1967.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\IV-CBSGS-FH-2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\IV-CBSGS-SH-2016 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\IV-CBSGS-SH-2016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\JE AE Advt.publish on website.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\jrfgate.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\k05736_Freon22_thermo_prop.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\m2l7.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\mcs_ph_sylbs.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\mdn-hr-advt-cpsr8mt16-16092016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Mech. Auto..pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Mech. Auto01..pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\mel709-tut7.ppt:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\MHT-CET 2017_Notice_06.04.2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\MTechbrochure2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Mumbai CAP2 DSE 2012-13.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\NCL NEXT yea2018 from2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\NCL2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Notice - Research Work.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\notice_JE_30092016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Old and New thinking about employees.pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Original.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\pgintakeIIT BOMBAY.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\PhDbrochure2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\photo_upload_guide.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Process_Heat_Transfer__DQ_Kern.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\ps_mp.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\R200N45AdmitCard.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\R200N45ApplicationForm.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\rectt_31012017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\report.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\report25.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\REQUIREMENT OF CAD2.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\REVISED DEFAULTER LIST (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\REVISED DEFAULTER LIST.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\SBI_PO_Rectruitment_Eng_06022017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\SE Mech (2015 Course)-25-7-16.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\seat_distribution_1308201608132016082557.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Streangth of Material-ME-ME (gate2016.info).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Suchna.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\syll shivaji.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Syllabus_For_Written_Test.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\SyndBk-Cards-Safe-Tips.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\T78213.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Take-Home-Calculator-2015-2016.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\ten-reasons-for-banning-indian-evms.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\TEXT BOOKOF FINITE ELEMENT ANALYSIS BY P. SESHU (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\timetable-jan-2017-TE-MECH-A.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\timetable-jan-2017-TE-MECH-B.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\V-CBSGS-SH-2016 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\V-CBSGS-SH-2016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\VbV-Syndicate_RegistrationSteps-DebitCard.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\VI-CBSGS-FH-2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\VI-CBSGS-SH-2016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\vs5j3-part2.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\Website Advt. GATE 2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\[Peter_Hodges_BSc._F.Inst.Pet.]_Hydraulic_fluids(BookZZ.org).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Admin\Downloads\~WRL0003.tmp:SandBoxSafeFile [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21323500.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-04-23 18:29 - 2017-05-06 12:04 - 00000850 _____ C:\Windows\system32\Drivers\etc\hosts

#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-394024817-2855374737-3736232293-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 185.162.9.197 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A9305FFC-F6DA-46B1-8EA9-C4488BB507BE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4D47A65F-47BF-48A0-AFA6-EAB09D9392FC}] => (Allow) LPort=8501
FirewallRules: [{13641F16-6F64-4D13-B299-74F035B81046}] => (Allow) LPort=8501
FirewallRules: [{B799F51C-AD86-4850-B70C-6BF41DA7D782}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BB309BAB-740A-4160-B07A-49DB8F94BCAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

01-05-2017 23:07:40 Windows Update
05-05-2017 21:07:24 Windows Update

==================== Faulty Device Manager Devices =============

Name: bdsnm
Description: bdsnm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bdsnm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PC Camera
Description: PC Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2006 12:15:26 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (01/01/2006 12:15:22 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (01/01/2006 12:02:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2006 12:01:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2006 12:06:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (01/01/2006 12:06:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (01/01/2006 12:03:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2006 12:02:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2006 01:25:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 04:41:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/07/2017 09:57:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/07/2017 08:50:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/07/2017 08:48:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/01/2006 12:15:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (01/01/2006 12:03:30 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/01/2006 12:01:13 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/01/2006 12:01:13 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2006 12:01:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/01/2006 12:01:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/01/2006 12:00:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 2039.55 MB
Available physical RAM: 1030.82 MB
Total Virtual: 6118.66 MB
Available Virtual: 5139.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.14 GB) (Free:30.24 GB) NTFS
Drive d: () (Fixed) (Total:159.64 GB) (Free:114.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0E48E339)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=159.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 08 May 2017 - 06:05 AM.


BC AdBot (Login to Remove)

 


#2 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 PM

Posted 07 May 2017 - 03:16 PM

Hi deepak123 & Welcome to the forums ^_^,

 


I would be helping you with your computer problems. Right now, I am a trainee at the Bleeping Computer Malware Removal Study Hall.
I am Pranav and now that we are friends, I would like to call you by your first name if that is fine with you      :hug:

All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

While you wait for further instructions, kindly do not run any additional tools as that might complicate the process of fixing your computer and cause delays.

Have a nice day!

Regards,
Pranav 


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#3 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 PM

Posted 09 May 2017 - 11:21 PM

Hi Deepak123!

 

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

Let's begin!

 

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program<--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

 

Let me know how it goes.
 
Have a nice day!
 
Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#4 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 10 May 2017 - 12:40 PM

I uninstalled Emsisoft Anti-Malware & Secunia PSI

 

Adware has become pretty smart these days. It does not come up at sites which are regularly visited by me(user). the adware is not annoying but I started this topic as I wanted to get rid of it.

 

As you can see in the screenshot, it seems that browser is trying to connect to this particular site( yourjavascript,com). perhaps this might be related to the problem. I want to know how I can get rid of such things. occasionally, the browser succeeds in opening some new tab showing something( like ads)

 

other than such browser behavior, other things in my PC seem to be normal. I used that rougekiller which you suggested me, but it seems it won't help me.

 

Thank you pranav for your response

 

Attached File  SCREENSHOT.jpg   58.04KB   1 downloads



#5 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 PM

Posted 12 May 2017 - 02:39 AM

I uninstalled Emsisoft Anti-Malware & Secunia PSI

 

Adware has become pretty smart these days. It does not come up at sites which are regularly visited by me(user). the adware is not annoying but I started this topic as I wanted to get rid of it.

 

As you can see in the screenshot, it seems that browser is trying to connect to this particular site( yourjavascript,com). perhaps this might be related to the problem. I want to know how I can get rid of such things. occasionally, the browser succeeds in opening some new tab showing something( like ads)

 

other than such browser behavior, other things in my PC seem to be normal. I used that rougekiller which you suggested me, but it seems it won't help me.

 

Thank you pranav for your response

 

attachicon.gifSCREENSHOT.jpg

 

Hi!

 

Any reason behind uninstalling Emsisoft Anti-Malware and Secunia PSI?

 

Also, did you run RogueKiller as per the instructions given in my previous post? In order to troubleshoot better, I would need those log files since the screenshot doesn't provide much help in this case.

 

Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#6 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 14 May 2017 - 04:21 AM

I had installed those 2 products after reading the following guide(https://www.bleepingcomputer.com/virus-removal/how-to-remove-adware-on-a-pc). now after installing them & starting computer, my PC tended to hang on starting, perhaps may be due to more than 1 anti-malware applications existing simultaneously.

 

on websites which I rarely visit, new tabs appears directing to onclicks.com & then to some ads. other than that, my computer is working well.

 

Here is the Roguekiller log.Attached File  r.txt   2.98KB   5 downloads

 



#7 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 14 May 2017 - 02:47 PM

there are many tools recommended in this forum in other threads, as well as on the internet for adware. I ran JRT on my PC & I am attaching the log.Attached File  JRT.txt   3.6KB   2 downloads

 

I am also attached a log of zemana anti-malware whose scan I had run even before producing FRST logs which I had posted in the first post. so this log is older than the FRST log( on 1st post).Attached File  2017.05.06-00.52.54-i0-t92-d1.txt   4.15KB   2 downloads

 

Pranav, sorry for my delayed response of my previous post. If you find any solution, then it will be good. otherwise, I will just forget about this problem as it is not a troubling one or perhaps try something else. By the way, this is my 3rd thread seeking help in this forum.

 

 

Regards,

Deepak


Edited by deepak123, 14 May 2017 - 02:56 PM.


#8 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 15 May 2017 - 02:22 PM

the adware does not show up when I disabled java on my Mozilla FF. so it seems to be dependent on java. this reminds me of my first thread on this website.that was my laptop & not this desktop.(https://www.bleepingcomputer.com/forums/t/599994/adware-problem/)

 

the below screenshot represents the popup( in IE)

Attached File  screen adwa.png   223.32KB   0 downloads


Edited by deepak123, 15 May 2017 - 02:23 PM.


#9 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 PM

Posted 16 May 2017 - 08:47 AM

Hi Deepak123 ^_^,
 

on websites which I rarely visit, new tabs appears directing to onclicks.com & then to some ads. other than that, my computer is working well.

 
Could you please tell me which websites are you trying to visit if it is fine with you? Also, have you tried using the "Private Mode" of Firefox and see if you are still seeing the popups or not?
 
Could you install uBlock Origin for Firefox from this **link** and try visiting those websites and see if you are still those popups or not?
 

Pranav, sorry for my delayed response of my previous post. If you find any solution, then it will be good. otherwise, I will just forget about this problem as it is not a troubling one or perhaps try something else. By the way, this is my 3rd thread seeking help in this forum.

 
No problem  :)
Don't worry, I will try my best to help you with the problem.
  
 
And I'd like us to scan your machine with ESET OnlineScan:

  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:

c4VVzVO.png

  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.

yKulboi.jpg

  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

8L8IBHJ.png

  • When the scan completes a list of found threats will open automatically (if any malicious files are found).

imxEgHt.png

  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

 

 

Let me know how it goes ^_^
 
Regards,
Pranav


Edited by blueelvis, 16 May 2017 - 08:48 AM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#10 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 16 May 2017 - 01:56 PM

Pranav, After installing the add on which you suggested, my browser showed no signs of unusual activity or adware until now. thanks.

 

I have attached  the ESET log.

Attached File  ESET LOG.txt   336bytes   4 downloads



#11 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 PM

Posted 19 May 2017 - 04:05 AM

Hi Deepak123 ^_^,
 
Glad to hear that the problem has been resolved. I would like another set of FRST logs to make sure that we did not miss anything. Before proceeding ahead, please delete the older FRST.txt and Addition.txt .
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.

Have a nice day!
 
-Pranav 


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#12 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 20 May 2017 - 02:47 PM

Here are the logs

 

Attached File  FRST.txt   34.76KB   4 downloads

 

Attached File  Addition.txt   35KB   2 downloads

 

 



#13 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 PM

Posted 22 May 2017 - 12:08 PM

Hi Deepak123!

 

Your machine appears clean!

Are you having any additional problems at this point? If so, please let me know. Otherwise feel free to enjoy use of your repaired machine      :thumbup2:

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • AVG (slightly poorer performance as of late)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

 

Have a nice day!

 

 

Regards,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 PM

Posted 25 May 2017 - 08:51 AM

Hi Deepak123,

 

 

Are you still with me? It has been 3 days since my last post.

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#15 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 27 May 2017 - 12:53 AM

I am Here, had some other work.


Edited by deepak123, 27 May 2017 - 12:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users