Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC is using network data by virus i feel


  • This topic is locked This topic is locked
22 replies to this topic

#1 harsh1

harsh1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 17 May 2017 - 01:43 AM

I run it, pls help..

 

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Enterprise x86 
Ran by HARSH (Administrator) on 17-May-17 at 12:05:41.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 31 
 
Successfully deleted: C:\ProgramData\1374469129.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1374735884.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1374736346.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1374739300.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1374739650.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1374817504.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1375286818.3204.bin (File) 
Successfully deleted: C:\ProgramData\1375286818.4468.bin (File) 
Successfully deleted: C:\ProgramData\1375286818.4540.bin (File) 
Successfully deleted: C:\ProgramData\1375286818.4632.bin (File) 
Successfully deleted: C:\ProgramData\1375286818.4688.bin (File) 
Successfully deleted: C:\ProgramData\1375287065.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1375288088.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1375288694.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1375288761.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1375288868.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1375288870.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\Users\HARSH\AppData\Local\cre (Folder) 
Successfully deleted: C:\Users\HARSH\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\HARSH\AppData\Roaming\Mozilla\Firefox\Profiles\mData\extensions\staged (Folder) 
Successfully deleted: C:\Users\HARSH\AppData\Roaming\Mozilla\Firefox\Profiles\mData\extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} (Folder) 
Successfully deleted: C:\Users\HARSH\AppData\Roaming\Mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-1254134931-3873777940-4651334-1000\FireFox\user.js (File) 
Successfully deleted: C:\Users\HARSH\AppData\Roaming\Mozilla\Firefox\Profiles\mData\user.js (File) 
Successfully deleted: C:\Users\HARSH\Documents\add-in express (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\WINDOWS\System32\Tasks\Wise Care 365 (Task)
Successfully deleted: C:\WINDOWS\System32\Tasks\Wise Care 365.job (Task)
Successfully deleted: C:\WINDOWS\System32\Tasks\Wise Turbo Checker.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0AB48682-6756-0DA1-7AE9-EE54BF851B66} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17-May-17 at 12:08:06.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 18 May 2017 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#3 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 May 2017 - 05:15 AM

I noticed this svchost.exe eating data bandwidth only

Attached Files



#4 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 May 2017 - 05:37 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2017
Ran by HARSH (administrator) on HARSH-PC (19-05-2017 15:53:37)
Running from C:\Users\HARSH\Desktop\New folder
Loaded Profiles: HARSH (Available Profiles: HARSH & DefaultAppPool)
Platform: Microsoft Windows 10 Enterprise Version 1703 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
() C:\ProgramData\ChgService.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\MMX352G 3G USB Manager\USB Modem.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [OEM02Mon.exe] => C:\WINDOWS\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2013-07-23] (Dell Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-1254134931-3873777940-4651334-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1254134931-3873777940-4651334-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1254134931-3873777940-4651334-1000\...\MountPoints2: {3611fd81-f20f-11e2-9823-001fe2df8d2e} - "I:\.\ShowModem.exe" 
HKLM\...\Providers\bathm15q: C:\Program Files\Thuqogh Reports\local32spl.dll
ShellExecuteHooks: No Name - {56013B22-DE4B-11E6-A73A-64006A5CFC23} - C:\Users\HARSH\AppData\Roaming\Appyphinek\Ghgaty.dll -> No File
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{050afb55-ca9a-46e0-946a-772057fc2d1b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{050afb55-ca9a-46e0-946a-772057fc2d1b}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{60117b2e-1d96-4739-a9ea-54d1a7ce6a67}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{68f439ec-ae4c-417a-adf5-ca219e01f327}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9971100f-8305-43d7-a381-79c6759a9ddb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a07c3cf2-5001-4c1b-b91e-9fef3da2bae6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{aff2b364-12a2-44e6-870c-2c6552a184cd}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{BD43B402-057D-4431-830B-29CD2905729D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{D4B10DA0-829E-48DA-BC56-F7CA13D136B1}: [NameServer] 8.8.8.8 101.210.255.141
Tcpip\..\Interfaces\{df547699-83c6-11e6-9824-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e522b6ef-aa22-44f4-b998-6a37bbdc239c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e522b6ef-aa22-44f4-b998-6a37bbdc239c}: [DhcpNameServer] 8.8.8.8 101.210.255.141
Tcpip\..\Interfaces\{efa78ee2-68ef-4440-98e0-5a5b34acd47a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f64ddd8a-d4c2-435f-b4dd-3550b7ca851e}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1254134931-3873777940-4651334-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-1254134931-3873777940-4651334-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131307535761029954&GUID=CE6FEDDD-90E0-45B5-BFB4-808E13AF36D9
SearchScopes: HKU\S-1-5-21-1254134931-3873777940-4651334-1000 -> {E9147A93-56EB-43DA-8F4D-6B05B55912FD} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1254134931-3873777940-4651334-1000 -> hxxp://www.google.co.in/
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.12.0.0_neutral__c1wakc4j0nefm [2017-05-06]
 
FireFox:
========
FF HKU\S-1-5-21-1254134931-3873777940-4651334-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1254134931-3873777940-4651334-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\HARSH\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\HARSH\AppData\Roaming\IDM\idmmzcc5 [2017-05-19] [not signed]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Profile 4
CHR HomePage: Profile 4 -> hxxp://www.google.co.in
CHR StartupUrls: Profile 4 -> "hxxp://www.google.co.in/"
CHR Profile: C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-06] <==== ATTENTION
CHR Profile: C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-05]
CHR Profile: C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-05-19]
CHR Extension: (Google Drive) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Gmail Offline) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Online Coupons Promotions Codes) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kdpkgeiaocbjhiecnefcimcdonomlfkb [2016-01-09]
CHR Extension: (IDM Integration Module) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Gmail) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR Profile: C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\System Profile [2017-05-07]
CHR Extension: (Docs) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-20]
CHR Extension: (Google Drive) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-20]
CHR Extension: (YouTube) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-20]
CHR Extension: (Google Search) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-20]
CHR Extension: (Gmail) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-05-02]
CHR HKU\S-1-5-21-1254134931-3873777940-4651334-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [135168 2011-07-12] () [File not signed] <==== ATTENTION
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2069424 2017-03-09] (ESET)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-12-30] (Flexera Software LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-03-18] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2013-07-23] (Dell Inc.) [File not signed]
S2 DaygladSU; "C:\WINDOWS\TEMP\hp66B.tmp\GoogleUpdate.exe" -r [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63l.sys [4715008 2017-03-18] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [132216 2015-10-08] (BlueStack Systems)
R3 cmnsusbser; C:\WINDOWS\system32\DRIVERS\cmnsusbser.sys [105984 2010-02-25] (QUALCOMM Incorporated)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [113032 2017-03-09] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [90656 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14368 2017-03-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [139384 2017-03-09] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43920 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [69304 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [86504 2017-03-09] (ESET)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [91320 2017-05-19] (ESET)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2014-02-04] (VSO Software) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25984 2011-04-25] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
S3 WINIO; C:\Windows\system32\winio.sys [41324 2001-11-13] () [File not signed]
S3 WiseHDInfo; C:\Windows\WiseHDInfo32.dll [13264 2015-06-06] (wisecleaner.com) [File not signed]
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2017-03-18] (Marvell)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-19 15:52 - 2017-05-19 15:53 - 00000000 ____D C:\Users\HARSH\Desktop\New folder
2017-05-19 15:52 - 2017-05-19 15:53 - 00000000 ____D C:\FRST
2017-05-18 21:29 - 2017-05-18 21:31 - 00000000 ____D C:\Users\HARSH\Desktop\FC
2017-05-17 12:03 - 2017-05-17 12:03 - 01663672 _____ (Malwarebytes) C:\Users\HARSH\Desktop\JRT.exe
2017-05-11 03:39 - 2017-04-28 07:08 - 01432304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-11 03:39 - 2017-04-28 06:49 - 05863328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-11 03:39 - 2017-04-28 06:49 - 01854832 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-11 03:39 - 2017-04-28 06:49 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-11 03:39 - 2017-04-28 06:48 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-11 03:39 - 2017-04-28 06:47 - 00698376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-11 03:39 - 2017-04-28 06:47 - 00624368 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-11 03:39 - 2017-04-28 06:44 - 00573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-11 03:39 - 2017-04-28 06:41 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-11 03:39 - 2017-04-28 06:41 - 02022816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-11 03:39 - 2017-04-28 06:41 - 00170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-11 03:39 - 2017-04-28 06:41 - 00025504 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-11 03:39 - 2017-04-28 06:40 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-11 03:39 - 2017-04-28 06:40 - 00286624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-11 03:39 - 2017-04-28 06:39 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-11 03:39 - 2017-04-28 06:38 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-11 03:39 - 2017-04-28 06:37 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-11 03:39 - 2017-04-28 06:37 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-11 03:39 - 2017-04-28 06:22 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-11 03:39 - 2017-04-28 06:22 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-11 03:39 - 2017-04-28 06:22 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-11 03:39 - 2017-04-28 06:21 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-11 03:39 - 2017-04-28 06:19 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-11 03:39 - 2017-04-28 06:19 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-11 03:39 - 2017-04-28 06:19 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-11 03:39 - 2017-04-28 06:16 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-11 03:39 - 2017-04-28 06:16 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-11 03:39 - 2017-04-28 06:16 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-11 03:39 - 2017-04-28 06:16 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-11 03:39 - 2017-04-28 06:15 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-11 03:39 - 2017-04-28 06:15 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-11 03:39 - 2017-04-28 06:14 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-11 03:39 - 2017-04-28 06:14 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-11 03:39 - 2017-04-28 06:13 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-11 03:39 - 2017-04-28 06:12 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-11 03:39 - 2017-04-28 06:12 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-11 03:39 - 2017-04-28 06:12 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-11 03:39 - 2017-04-28 06:12 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-11 03:39 - 2017-04-28 06:12 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-11 03:39 - 2017-04-28 06:11 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-11 03:39 - 2017-04-28 06:11 - 00871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-11 03:39 - 2017-04-28 06:10 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-11 03:39 - 2017-04-28 06:10 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-11 03:39 - 2017-04-28 06:10 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-11 03:39 - 2017-04-28 06:10 - 01513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-11 03:39 - 2017-04-28 06:10 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-11 03:39 - 2017-04-28 06:10 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-11 03:39 - 2017-04-28 06:10 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-11 03:39 - 2017-04-28 06:09 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-05-11 03:39 - 2017-04-28 06:09 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-11 03:39 - 2017-04-28 06:09 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-11 03:39 - 2017-04-28 06:09 - 02366464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-11 03:39 - 2017-04-28 06:08 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-11 03:39 - 2017-04-28 06:08 - 01585664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-11 03:39 - 2017-04-28 06:08 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-11 03:39 - 2017-04-28 06:07 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-11 03:39 - 2017-04-28 06:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-11 03:39 - 2017-04-28 06:05 - 00625664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-11 03:39 - 2017-04-28 06:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-11 03:39 - 2017-04-28 06:04 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-11 03:39 - 2017-04-28 06:03 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-05-08 01:16 - 2017-05-19 07:53 - 00091320 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2017-05-06 17:07 - 2017-05-06 17:07 - 00002274 _____ C:\Users\HARSH\Desktop\Google Chrome.lnk
2017-05-06 12:27 - 2017-05-19 09:53 - 00000000 ____D C:\AdwCleaner
2017-05-06 04:44 - 2017-05-06 04:44 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-05-06 03:55 - 2017-05-06 03:55 - 00000000 ____D C:\Users\HARSH\AppData\Roaming\ESET
2017-05-06 03:44 - 2017-05-06 03:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-06 03:44 - 2017-05-06 03:44 - 00000000 ____D C:\ProgramData\ESET
2017-05-06 03:44 - 2017-05-06 03:44 - 00000000 ____D C:\Program Files\ESET
2017-05-05 22:00 - 2017-05-11 09:16 - 00000000 ____D C:\WINDOWS\system32\%LocalAppData%
2017-05-05 21:30 - 2017-05-06 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-05 21:29 - 2017-05-05 21:29 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-03 13:09 - 2017-05-06 03:55 - 00000000 ____D C:\WINDOWS\psgo
2017-05-02 22:33 - 2016-10-17 21:05 - 00147120 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2017-04-28 03:15 - 2017-04-19 11:32 - 00582560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-04-28 03:15 - 2017-04-19 11:32 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-28 03:15 - 2017-04-19 11:29 - 00113056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-04-28 03:15 - 2017-04-19 11:10 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-28 03:15 - 2017-04-19 11:09 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-04-28 03:15 - 2017-04-19 11:07 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-04-28 03:15 - 2017-04-19 11:07 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-04-28 03:15 - 2017-04-19 11:06 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-04-28 03:15 - 2017-04-19 11:05 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-04-28 03:15 - 2017-04-19 11:05 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-28 03:15 - 2017-04-19 11:05 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-28 03:15 - 2017-04-19 11:04 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-04-28 03:15 - 2017-04-19 11:04 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-28 03:15 - 2017-04-19 11:04 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-28 03:15 - 2017-04-19 11:04 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-04-28 03:15 - 2017-04-19 11:03 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-04-28 03:15 - 2017-04-19 11:03 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-04-28 03:15 - 2017-04-19 11:02 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-28 03:15 - 2017-04-19 11:02 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-04-28 03:15 - 2017-04-19 11:02 - 00532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-28 03:15 - 2017-04-19 11:00 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-28 03:15 - 2017-04-19 11:00 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-28 03:15 - 2017-04-19 10:59 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-04-28 03:15 - 2017-04-19 10:59 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-04-28 03:15 - 2017-04-19 10:57 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-28 03:15 - 2017-04-19 10:56 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-28 03:15 - 2017-04-19 10:53 - 01924608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-04-28 03:15 - 2017-04-19 10:52 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-28 03:15 - 2017-04-14 05:13 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-04-28 03:15 - 2017-04-14 05:13 - 00642064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-04-28 03:15 - 2017-04-14 05:13 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-04-28 03:15 - 2017-04-14 05:12 - 00517024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-04-28 03:15 - 2017-04-14 05:11 - 01520032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-28 03:15 - 2017-04-14 05:11 - 01093024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-04-28 03:15 - 2017-04-14 05:10 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-04-28 03:15 - 2017-04-14 05:08 - 20374432 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-28 03:15 - 2017-04-14 05:06 - 01294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-04-28 03:15 - 2017-04-14 05:06 - 00954784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-04-28 03:15 - 2017-04-14 04:51 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-28 03:15 - 2017-04-14 04:49 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-04-28 03:15 - 2017-04-14 04:48 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-04-28 03:15 - 2017-04-14 04:48 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-04-28 03:15 - 2017-04-14 04:48 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-04-28 03:15 - 2017-04-14 04:47 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-04-28 03:15 - 2017-04-14 04:46 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-04-28 03:15 - 2017-04-14 04:46 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-04-28 03:15 - 2017-04-14 04:46 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-04-28 03:15 - 2017-04-14 04:46 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-04-28 03:15 - 2017-04-14 04:45 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-04-28 03:15 - 2017-04-14 04:45 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2017-04-28 03:15 - 2017-04-14 04:45 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-04-28 03:15 - 2017-04-14 04:45 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-28 03:15 - 2017-04-14 04:44 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-04-28 03:15 - 2017-04-14 04:43 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-04-28 03:15 - 2017-04-14 04:43 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-28 03:15 - 2017-04-14 04:42 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-28 03:15 - 2017-04-14 04:42 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-28 03:15 - 2017-04-14 04:42 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-04-28 03:15 - 2017-04-14 04:40 - 01165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-04-28 03:15 - 2017-04-14 04:40 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-28 03:15 - 2017-04-14 04:40 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-04-28 03:15 - 2017-04-14 04:39 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-28 03:15 - 2017-04-14 04:39 - 01830400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-04-28 03:15 - 2017-04-14 04:39 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-28 03:15 - 2017-04-14 04:38 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-28 03:15 - 2017-04-14 04:36 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-28 03:15 - 2017-04-14 04:35 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-04-28 03:15 - 2017-04-14 04:34 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-28 03:15 - 2017-04-14 04:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-04-27 20:29 - 2017-05-05 02:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-26 04:33 - 2017-04-26 04:33 - 00000000 ____D C:\Users\HARSH\AppData\Roaming\Google
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-19 15:37 - 2013-07-20 08:32 - 00000000 ____D C:\Users\HARSH\AppData\Roaming\DMCache
2017-05-19 13:23 - 2016-08-17 22:44 - 00000000 ____D C:\Users\HARSH\Desktop\ISRO
2017-05-19 10:04 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-19 09:57 - 2017-04-15 04:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-19 09:56 - 2017-03-18 11:32 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-19 07:32 - 2013-08-19 16:57 - 133456224 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-19 06:57 - 2017-04-15 04:19 - 01531458 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-19 06:11 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-19 06:07 - 2017-03-18 23:53 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-19 01:48 - 2017-04-15 04:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-18 22:00 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-18 22:00 - 2013-07-20 10:30 - 00000000 ____D C:\Users\HARSH\AppData\Local\ElevatedDiagnostics
2017-05-18 12:30 - 2013-07-20 12:05 - 00000000 ____D C:\Users\HARSH\AppData\Roaming\vlc
2017-05-18 08:53 - 2017-04-15 04:20 - 00000000 ____D C:\Users\HARSH
2017-05-17 15:13 - 2016-07-12 18:09 - 00002940 _____ C:\Users\HARSH\Desktop\New Text Document.txt
2017-05-12 08:55 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\rescache
2017-05-11 09:17 - 2017-03-18 23:51 - 00000000 ____D C:\WINDOWS\INF
2017-05-11 05:01 - 2017-04-15 04:16 - 00387448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-11 04:58 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-11 04:58 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-11 04:58 - 2017-03-18 23:53 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-11 03:55 - 2017-03-18 23:44 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-11 03:54 - 2013-10-24 10:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-10 21:39 - 2014-03-18 12:01 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-10 09:32 - 2015-11-24 15:41 - 00000000 ____D C:\Users\HARSH\AppData\Local\Packages
2017-05-08 23:20 - 2014-03-23 00:30 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-05-07 14:52 - 2014-03-23 00:31 - 00000000 ____D C:\Users\HARSH\AppData\Roaming\IDM
2017-05-06 23:17 - 2013-07-20 08:32 - 00000000 ____D C:\Users\HARSH\Downloads\Compressed
2017-05-06 04:44 - 2017-04-15 04:20 - 00000000 ____D C:\Users\DefaultAppPool
2017-05-06 04:23 - 2016-09-27 21:14 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-05-06 03:48 - 2017-02-09 08:56 - 00000000 ____D C:\Users\HARSH\AppData\Local\ESET
2017-05-06 03:45 - 2017-03-18 23:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-05-06 00:15 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\registration
2017-05-03 22:52 - 2017-02-06 17:44 - 00029160 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-05-02 20:12 - 2017-03-18 23:53 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-29 06:35 - 2017-03-18 23:55 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-04-29 06:35 - 2017-03-18 23:55 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-04-28 04:26 - 2015-11-24 15:41 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-28 04:22 - 2017-03-18 23:53 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-28 04:22 - 2017-03-18 23:53 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-28 04:22 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-28 04:22 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-28 04:22 - 2017-03-18 23:53 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-28 04:22 - 2017-03-18 11:32 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-20 19:18 - 2013-11-13 20:04 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-04-19 11:42 - 2013-07-19 23:38 - 00395226 __RSH C:\bootmgr
 
==================== Files in the root of some directories =======
 
2014-02-04 23:09 - 2014-02-04 23:09 - 0081920 _____ () C:\Users\HARSH\AppData\Roaming\ezpinst.exe
2015-12-06 22:18 - 2015-12-06 22:32 - 0000115 _____ () C:\Users\HARSH\AppData\Roaming\LogFile.txt
2014-01-10 17:00 - 2014-01-10 17:03 - 0000392 _____ () C:\Users\HARSH\AppData\Roaming\mycfg.xml
2014-02-04 23:09 - 2014-02-04 23:09 - 0007176 _____ () C:\Users\HARSH\AppData\Roaming\pcouffin.cat
2014-02-04 23:09 - 2014-02-04 23:09 - 0001144 _____ () C:\Users\HARSH\AppData\Roaming\pcouffin.inf
2014-02-04 23:09 - 2014-02-04 23:10 - 0000034 _____ () C:\Users\HARSH\AppData\Roaming\pcouffin.log
2014-02-04 23:09 - 2014-02-04 23:09 - 0047360 _____ (VSO Software) C:\Users\HARSH\AppData\Roaming\pcouffin.sys
2014-08-30 21:59 - 2014-08-30 21:59 - 0007923 _____ () C:\Users\HARSH\AppData\Roaming\UserTile.png
2014-01-24 01:30 - 2014-01-24 01:30 - 0000036 _____ () C:\Users\HARSH\AppData\Local\housecall.guid.cache
2014-07-20 07:53 - 2014-07-20 07:53 - 0000001 _____ () C:\Users\HARSH\AppData\Local\llftool.4.25.agreement
2014-03-28 17:03 - 2014-04-17 21:29 - 0000173 _____ () C:\Users\HARSH\AppData\Local\msmathematics.qat.HARSH
2013-08-15 01:03 - 2015-12-18 17:02 - 0007609 _____ () C:\Users\HARSH\AppData\Local\resmon.resmoncfg
2016-07-02 08:58 - 2011-07-12 15:50 - 0135168 _____ () C:\ProgramData\ChgService.exe
2013-12-30 14:41 - 2013-12-30 14:41 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Files to move or delete:
====================
C:\ProgramData\ChgService.exe
 
 
Some files in TEMP:
====================
2017-05-06 16:44 - 2011-08-02 09:04 - 1942933 ____R (Mobile                                                      ) C:\Users\HARSH\AppData\Local\Temp\Modem_installation.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-12 08:52
 
==================== End of FRST.txt ============================

Attached Files



#5 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 May 2017 - 05:39 AM

adwcleaner****************************************

*********************************

 

# AdwCleaner v6.046 - Logfile created 19/05/2017 at 09:51:35
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 10 Enterprise  (X86)
# Username : HARSH - HARSH-PC
# Running from : F:\SOFTWARE\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: usb-repair.en.softonic.com
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: isearch.avg.com
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: websearch.ask.com
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: websearch
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: babylon.com
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: industriya
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: oursurfing
[-] [C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: trovi.search
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1710 Bytes] - [19/05/2017 09:51:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [1136 Bytes] - [19/05/2017 06:45:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [2053 Bytes] - [19/05/2017 09:50:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1929 Bytes] ##########


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 19 May 2017 - 07:46 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellExecuteHooks: No Name - {56013B22-DE4B-11E6-A73A-64006A5CFC23} - C:\Users\HARSH\AppData\Roaming\Appyphinek\Ghgaty.dll -> No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
CHR Profile: C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-06] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\HARSH\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - <no Path/update_url>
S2 DaygladSU; "C:\WINDOWS\TEMP\hp66B.tmp\GoogleUpdate.exe" -r [X]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
U3 idsvc; no ImagePath
Task: {0A85DC68-0CC6-4EC7-B7FB-F60785CFD67E} - System32\Tasks\{D1F28498-6659-3333-7502-9CFCDC598A8E} => C:\ProgramData\{636BBBBB-D4C0-0C10-3DE2-45D74CDE0A51}\27052201-90AE-95AA-CED7-B6DEB0E26B99.exe  <==== ATTENTION
Task: {103676C9-C366-4B5A-8848-B2FCFDCDB08A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {283CE347-01FC-4078-85CC-538DC252588A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3B8E1075-DFD8-4CB1-9B4A-CE19A7E87DD2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4DBCF880-9543-4B3A-AA39-7D99F14947E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {77775FF5-0F3F-4BC2-B24E-43FDF22E7A13} - \SPMupdate1 -> No File <==== ATTENTION
Task: {873508A6-7ECC-459B-93A5-67B04B45A432} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8EA08103-736C-4D62-912B-DD743D5F63F5} - \Microsoft\Windows\Maintenance\SPMupdate2 -> No File <==== ATTENTION
Task: {92D37755-EE06-4E4D-B4AA-6AC09D1721AC} - \Microsoft\Windows\Multimedia\SPMupdate3 -> No File <==== ATTENTION
Task: {B9F6E8D2-D9ED-4E52-910C-546DF246F874} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C1505A2A-A31A-492D-A927-9351443C5B1B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C2676535-4E1C-4263-B05B-CEEC0D4713D5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C5E3E768-3F75-42A5-8166-DDB818FA54AD} - \{44A1467E-745C-4A1A-B9BE-82FDE4B703C6} -> No File <==== ATTENTION
Task: {C6897D69-00DE-45CB-A33D-3CA9115BB2FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA8256CF-969D-44BA-9947-873E9F4AB902} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DCC4D78A-8B75-4328-A90A-2B70411CA6F7} - System32\Tasks\{706A65A4-1EAC-D5F6-D16C-0B9337E08534} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\7cbab426\1ad57685.dll" <==== ATTENTION
Task: {EF0C4DB8-9773-45CB-9210-59717BC88E11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-1254134931-3873777940-4651334-1000\Software\Classes\.scr: scrfile =>  <===== ATTENTION
C:\ProgramData\{636BBBBB-D4C0-0C10-3DE2-45D74CDE0A51}
c:\windows\System32\Tasks\{D1F28498-6659-3333-7502-9CFCDC598A8E}
c:\windows\System32\Tasks\{706A65A4-1EAC-D5F6-D16C-0B9337E08534}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

Edited by nasdaq, 21 May 2017 - 07:44 AM.


#7 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 May 2017 - 07:58 AM

What is these things? looks risky. I should at least know, what it will do before performing it. Browser reset part i can understand.



#8 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 May 2017 - 09:46 AM

You have listed some pdf and downloads which can't be virus issue at all and chrome extensions are well known like adblock plus and idm



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 20 May 2017 - 07:31 AM

I'm removing the AlternateDataStreams that are referencing the .pdf.

These AlternateDataStreams are normally deleted after a restart of the computer.
I'm only making sure they are removed. If required in the future they will be created by the program.

#10 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 20 May 2017 - 08:55 AM

After performing that operation, my all files and data will be remain there or may be deleted?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 20 May 2017 - 09:03 AM

Yes an AlternateDataStream is a link only to your files.


Read about it.
https://www.bleepingcomputer.com/tutorials/windows-alternate-data-streams/

#12 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 May 2017 - 12:39 AM

Then sorry, i can't execute that. You are not solving the issues but you are creating more issue for me. Who the hell going to lose important files more this small issue? In next step u may say just format ur PC lol. If train accident happening then u may suggest "stop running trains on track" lol everyone know by doing this accident will be no more, no train no accident.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 21 May 2017 - 07:46 AM

I edited my fix.

I remove the AlternateDataStream items.

You can execute the fix as edited.

If not I will close this topic.

#14 harsh1

harsh1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 22 May 2017 - 07:35 AM

hey this one "S2 DaygladSU; "C:\WINDOWS\TEMP\hp66B.tmp\GoogleUpdate.exe" -r [X]" was virus, i performed and it removed from services i checked, not facing any issue as of now



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 22 May 2017 - 07:51 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users