Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus / Malware not allowing antivirus update or installation


  • This topic is locked This topic is locked
41 replies to this topic

#1 alexiskurien

alexiskurien

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 23 July 2017 - 11:58 AM

I had avast free edition but it wasnt getting updated so i uninstalled it but cant install any antivirus now.

 

Malwarebytes is not installing. SuperAntiSpyware is not detecting the virus. neither is Spybot S&D.

 

FRST log is below. Laptop was running in safe mode. Please help.

 

 

 

==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-13] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-14] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-07] (Dell)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2010-11-01] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Run: [Google Update] => C:\Users\Swapna\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-01] (Google Inc.)
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Run: [NetMeter Evo] => C:\Users\Swapna\AppData\Local\Temp\Rar$EX00.027\NetMeterEvo.exe <==== ATTENTION
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {007516b0-c622-11e0-b8c9-14feb59b1f06} - I:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {20f56a2f-9112-11e0-b08e-c0f8dafd7856} - E:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {20f56a33-9112-11e0-b08e-c0f8dafd7856} - E:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {2d653bb1-26a0-11e2-9331-14feb59b1f06} - H:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {5696bac2-256a-11e2-abdb-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {7755ab1f-9a9e-11e0-9150-14feb59b1f06} - E:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {7755ab2c-9a9e-11e0-9150-14feb59b1f06} - E:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {7c394a50-e451-11e0-b8ca-14feb59b1f06} - G:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {7c394a53-e451-11e0-b8ca-14feb59b1f06} - H:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {872c8623-2569-11e2-8f15-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\MountPoints2: {a16d5d30-c0ed-11e0-9f76-14feb59b1f06} - G:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-06-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 172.16.4.129:8080
ProxyEnable: [S-1-5-21-1728166519-1320919096-290645012-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1728166519-1320919096-290645012-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-1728166519-1320919096-290645012-1000] => hxxp://corp.setpac.ge.com/pac/pac
Winsock: -> Catalog5 - Broken internet access due to missing entry. <==== ATTENTION
Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-19] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0D19F685-E778-4BCF-B0D8-6CAEBAC54CDE}: [NameServer] 59.185.0.23,59.185.3.10
Tcpip\..\Interfaces\{16D5A1DE-0475-4327-B60B-CEF2A0DFDD5D}: [NameServer] 59.185.0.23,59.185.0.50
Tcpip\..\Interfaces\{16D5A1DE-0475-4327-B60B-CEF2A0DFDD5D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A1524A41-9E9C-4D5C-B0E4-323D88419121}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8209D56-41F1-4A6F-AF76-6BE4D4520DAA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5FDEDD4-866F-41D5-B992-0B63D762AB65}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BD3117A8-FDEF-4F18-BA46-3ECBE5CCD589}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E82900FB-776A-428F-9D6C-45AA26525A0C}: [DhcpNameServer] 192.168.42.129
ManualProxies: 0hxxp://corp.setpac.ge.com/pac/pac
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/
HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/USCON/9
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1728166519-1320919096-290645012-1000 -> DefaultScope {12D5BCA5-E7C4-4D2B-81B5-E12AE914A074} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1728166519-1320919096-290645012-1000 -> {12D5BCA5-E7C4-4D2B-81B5-E12AE914A074} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1728166519-1320919096-290645012-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [2010-11-01] (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2010-11-01] (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} hxxp://www.manoramaonline.com/portal/manoramafont/tdserver.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP15_GE-15673/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://alpharetta.connectge.com/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF DefaultProfile: 41A66E7E5EE1
FF ProfilePath: C:\Users\Swapna\AppData\Roaming\Mozilla\Firefox\Profiles\wkuxxgh0.default [2017-07-23]
FF ProfilePath: C:\Users\Swapna\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 [2017-07-23]
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: (FastAccess Web Login) - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2011-06-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1728166519-1320919096-290645012-1000: @symantec.com/nptblive-4-x86 -> C:\Users\Swapna\AppData\Local\PKI Client\4\32\nptblive-4-x86.dll [2015-04-05] (Symantec Corporation)
FF Plugin HKU\S-1-5-21-1728166519-1320919096-290645012-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Swapna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1728166519-1320919096-290645012-1000: @talk.google.com/O1DPlugin -> C:\Users\Swapna\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1728166519-1320919096-290645012-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1728166519-1320919096-290645012-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1728166519-1320919096-290645012-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll [2011-08-18] (Vitzo)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Swapna\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Swapna\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\Swapna\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-22]
CHR HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ahgdclgdhfeingghldkedleghekbfhef] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [2012-07-16]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click12.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552 2010-11-01] (Sensible Vision ) [File not signed]
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 Photon Plus. RunOuc; C:\Program Files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [655712 2012-11-03] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 TorchCrashHandler; C:\Users\Swapna\AppData\Local\Torch\Update\TorchCrashHandler.exe [1216520 2014-07-10] (TorchMedia Inc.) <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WMPNetworkAcSvc; C:\Users\Swapna\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-10] () [File not signed] <==== ATTENTION
S2 BugreportW; "C:\Program Files (x86)\hohobnd\pijward.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
S2 nekatynufochconfigurationservice; "C:\Program Files (x86)\Nekatynufoch\nekatynufochconfigurationservice.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2009-12-22] (Devguru Co., Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-03-24] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-03-24] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-03-24] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-03-24] () [File not signed]
R1 NEOFLTR_7111_21451; C:\Windows\system32\Drivers\NEOFLTR_7111_21451.SYS [99192 2012-07-20] (Juniper Networks)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-05-19] (Duplex Secure Ltd.)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-23 19:26 - 2017-07-23 19:27 - 00022856 _____ C:\Users\Swapna\Downloads\FRST.txt
2017-07-23 19:25 - 2017-07-23 19:26 - 00000000 ____D C:\FRST
2017-07-23 19:25 - 2017-07-23 19:25 - 02382336 _____ (Farbar) C:\Users\Swapna\Downloads\FRST64.exe
2017-07-23 19:03 - 2017-07-23 19:03 - 00082654 _____ C:\Windows\ntbtlog.txt
2017-07-23 17:40 - 2017-07-23 18:50 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e151bf91-bffa-42e1-a6b1-22fa1d92925b.job
2017-07-23 17:40 - 2017-07-23 18:50 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0c6e38be-555d-4db3-9408-9cfa87f69b2f.job
2017-07-23 17:40 - 2017-07-23 17:40 - 00003590 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0c6e38be-555d-4db3-9408-9cfa87f69b2f
2017-07-23 17:40 - 2017-07-23 17:40 - 00003516 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e151bf91-bffa-42e1-a6b1-22fa1d92925b
2017-07-23 17:40 - 2017-07-23 17:40 - 00000000 ____D C:\Users\Swapna\AppData\Roaming\SUPERAntiSpyware.com
2017-07-23 17:39 - 2017-07-23 19:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-23 17:39 - 2017-07-23 17:39 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-07-23 17:39 - 2017-07-23 17:39 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-07-23 17:39 - 2017-07-23 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-07-23 17:35 - 2017-07-23 17:37 - 30318040 _____ (SUPERAntiSpyware) C:\Users\Swapna\Downloads\SAS_281815C.EXE
2017-07-23 17:20 - 2017-07-23 17:24 - 65033984 _____ (Malwarebytes ) C:\Users\Swapna\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-23 17:07 - 2017-07-23 17:07 - 01980152 _____ (Panda Security, S.L.) C:\Users\aju\Downloads\PANDAFREEAV.exe
2017-07-23 17:07 - 2017-07-23 17:07 - 00000000 ____D C:\ProgramData\Panda Security
2017-07-23 17:02 - 2017-07-23 17:03 - 06655120 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2017-07-23 17:02 - 2017-07-23 17:03 - 06655120 _____ (AVAST Software) C:\Users\aju\Downloads\avast_free_antivirus_setup_online.exe
2017-07-23 15:22 - 2017-07-23 15:22 - 00793536 _____ (Symantec) C:\Users\Swapna\Downloads\Setup.exe
2017-07-23 15:19 - 2017-07-23 15:19 - 03449448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Swapna\Downloads\Antivirus_Free_1856.exe
2017-07-23 15:17 - 2017-07-23 15:17 - 06948656 _____ (AVAST Software) C:\Users\Swapna\Downloads\avast_free_antivirus_setup_online (1).exe
2017-07-23 15:17 - 2017-07-23 15:17 - 06948656 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online (1).exe
2017-07-23 15:03 - 2017-07-23 15:04 - 06948656 _____ (AVAST Software) C:\Users\Swapna\Downloads\avast_free_antivirus_setup_online.exe
2017-07-23 15:01 - 2017-07-23 15:01 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Swapna\Downloads\Antivirus_Free_1896.exe
2017-07-23 15:01 - 2017-07-23 15:01 - 00000000 ____D C:\Users\Swapna\AppData\Local\AvgSetupLog
2017-07-23 15:01 - 2017-07-23 15:01 - 00000000 ____D C:\Users\Swapna\AppData\Local\Avg
2017-07-23 15:01 - 2017-07-23 15:01 - 00000000 ____D C:\ProgramData\Avg
2017-07-23 14:46 - 2017-07-23 14:46 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-07-23 14:30 - 2017-07-23 14:30 - 00522426 _____ C:\Users\Swapna\Downloads\Suits - season 5.en.zip
2017-07-23 14:20 - 2017-07-23 14:20 - 00000000 ___HD C:\$AV_ASW
2017-07-23 14:18 - 2017-07-23 14:18 - 00000000 ____D C:\Windows\system32\tmp
2017-07-22 21:56 - 2017-07-22 21:56 - 00000000 ____D C:\ProgramData\Windows
2017-07-13 23:19 - 2017-07-13 23:19 - 00002034 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2017-07-13 20:28 - 2017-07-13 20:28 - 01497619 _____ C:\Users\Swapna\Desktop\The-Barclays-Way.pdf
2017-07-11 22:35 - 2017-07-11 22:35 - 02166010 _____ C:\Users\Swapna\Downloads\Financing_UK_Infrastructure-web.pdf
2017-07-04 23:04 - 2017-07-04 23:05 - 00816056 _____ C:\Users\Swapna\Downloads\Suits - season 4.en.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-23 19:06 - 2016-05-26 23:07 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-07-23 19:05 - 2013-09-15 21:48 - 00689664 ___SH C:\Users\Swapna\Desktop\Thumbs.db
2017-07-23 18:58 - 2009-07-14 10:15 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-23 18:58 - 2009-07-14 10:15 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-23 18:51 - 2013-10-13 18:26 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2017-07-23 18:51 - 2011-06-07 20:05 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-07-23 18:51 - 2011-06-07 20:05 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-07-23 18:51 - 2011-06-03 02:23 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-07-23 18:50 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-23 17:56 - 2016-05-01 22:19 - 00000000 ____D C:\Users\Swapna\AppData\Roaming\WMPNetworkAcSvc
2017-07-23 17:07 - 2014-08-10 15:52 - 00000000 ____D C:\Users\aju\AppData\Local\Google
2017-07-23 17:03 - 2009-08-20 00:15 - 00112664 _____ C:\Users\aju\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-23 16:47 - 2011-07-03 01:43 - 00000000 ____D C:\Program Files (x86)\Winrar
2017-07-23 15:17 - 2013-10-16 16:23 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-23 15:11 - 2015-12-12 18:18 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-23 14:56 - 2011-06-03 02:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-23 12:05 - 2012-12-12 21:41 - 00000000 ____D C:\ProgramData\wxDownload
2017-07-23 00:00 - 2011-06-07 23:41 - 00000000 ____D C:\Users\Swapna\AppData\Roaming\uTorrent
2017-07-22 21:56 - 2016-07-14 09:36 - 00000000 ____D C:\Users\Swapna\AppData\Roaming\excdir
2017-07-16 20:41 - 2009-07-14 10:43 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-16 20:41 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2017-07-16 19:40 - 2011-06-09 02:24 - 00000000 ____D C:\ProgramData\PCDr
2017-07-13 23:19 - 2016-04-03 14:06 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-07-13 23:19 - 2013-05-22 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-07-13 23:18 - 2017-04-01 13:30 - 00000000 ____D C:\Program Files\Dell Support Center
2017-07-13 23:12 - 2011-06-09 02:25 - 00000000 ____D C:\Users\Swapna\AppData\Roaming\PCDr
2017-07-05 23:05 - 2011-06-23 00:32 - 00000000 ____D C:\Users\Swapna\AppData\Roaming\vlc
2017-07-03 22:26 - 2011-06-03 02:24 - 00000000 ____D C:\ProgramData\Skype
2017-07-03 22:18 - 2017-01-22 23:03 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-03 22:18 - 2017-01-22 23:03 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2012-07-16 21:54 - 2010-01-26 11:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2013-07-28 19:14 - 2013-07-28 21:03 - 0000308 _____ () C:\Users\Swapna\AppData\Roaming\Rim.Desktop.Exception.log
2013-07-28 19:12 - 2016-03-17 21:07 - 0002021 _____ () C:\Users\Swapna\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-07-28 19:14 - 2013-07-28 21:03 - 0000308 _____ () C:\Users\Swapna\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-07-07 13:45 - 2011-10-24 14:00 - 0006144 _____ () C:\Users\Swapna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-07 22:11 - 2015-05-02 15:47 - 0007603 _____ () C:\Users\Swapna\AppData\Local\resmon.resmoncfg
2012-01-26 22:21 - 2012-01-26 22:21 - 0000000 _____ () C:\Users\Swapna\AppData\Local\rx_image32.Cache
 
Some files in TEMP:
====================
2013-10-08 23:57 - 2013-10-08 23:57 - 0915368 _____ (Oracle Corporation) C:\Users\aju\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-07-17 17:52
 


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 23 July 2017 - 12:06 PM

Hi alexiskurien :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Can you also attach the Addition.txt that FRST generated when you ran a scan?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 23 July 2017 - 12:10 PM

Thanks Aura. Addition log is below Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017 Ran by Swapna (23-07-2017 19:27:56) Running from C:\Users\Swapna\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-06-07 14:32:45) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1728166519-1320919096-290645012-500 - Administrator - Disabled) aju (S-1-5-21-1728166519-1320919096-290645012-1005 - Administrator - Enabled) => C:\Users\aju Guest (S-1-5-21-1728166519-1320919096-290645012-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-1728166519-1320919096-290645012-1002 - Limited - Enabled) Swapna (S-1-5-21-1728166519-1320919096-290645012-1000 - Administrator - Enabled) => C:\Users\Swapna ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AMD Catalyst Install Manager (HKLM\...\{94CBEA74-DE51-FE55-8A0E-CFB5FC970517}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.011.0128.1801 - ) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.4138 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.4138 - BlueStack Systems, Inc.) ccc-core-static (HKLM-x32\...\{C62CED49-47EB-D44A-41B6-A3BFC99F3DAC}) (Version: 2011.0128.1802.32290 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.0 - Abelssoft) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell) Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft) Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.) Hidden Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd) doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) EASEUS Partition Master 8.0.1 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS) Epub reader (HKLM-x32\...\{739126B3-1C80-4F1F-8D59-312A19633E1A}_is1) (Version: - ) Face Recognition (HKLM\...\{2C5BEF49-4219-4751-9106-39604462939D}) (Version: 3.0.85.1 - Sensible Vision) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) Huawei Access Manager (HKLM-x32\...\Huawei Access Manager) (Version: UTPS_HWEC1260DT05 - Huawei Technologies Co.,Ltd) Intel Processor Diagnostic Tool 64Bit (HKLM\...\{6D3B2650-6767-49B6-A63E-CD410C653B05}) (Version: 17.0.0 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation) J2SE Development Kit 5.0 Update 22 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0150220}) (Version: 1.5.0.220 - Sun Microsystems, Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle) Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle) Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Juniper Networks Host Checker (HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Neoteris_Host_Checker) (Version: 6.4.0.14343 - Juniper Networks) Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.11.21451 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) MKV Player 2.0 (HKLM-x32\...\MKV Player_is1) (Version: - vsevensoft.com) Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team) Pazera Free MP4 to AVI Converter 1.8 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.8 - Pazera Jacek) Photon Plus (HKLM-x32\...\Huawei Photon Plus) (Version: 21.005.22.23.628 - Huawei Technologies Co.,Ltd) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.) Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.26.0 - Ralink) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.) Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2410.0 - SAMSUNG Electronics Co., Ltd.) Skins (HKLM-x32\...\{19766F96-83CF-CD16-EB85-97B630E3C529}) (Version: 2011.0128.1802.32290 - ATI) Hidden Skype 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.15.0 - Synaptics Incorporated) Torch (HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\Torch) (Version: 47.0.0.11490 - Torch Media, Inc) <==== ATTENTION Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VDownloader 3.9.1275 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Winrar 3.93 (HKLM-x32\...\Winrar 3.93) (Version: - ) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{CE38C5EA-EA8D-11DE-82CF-001731059680}\InprocServer32 -> C:\Users\Swapna\AppData\Local\PKI Client\4\64\nptblive-4-x86_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1728166519-1320919096-290645012-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Swapna\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] () ContextMenuHandlers01: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll -> No File ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2012-11-13] (Safer-Networking Ltd.) ContextMenuHandlers01: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2012-11-13] (Safer-Networking Ltd.) ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers04: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll -> No File ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-01-28] (Advanced Micro Devices, Inc.) ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers06: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll -> No File ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2012-11-13] (Safer-Networking Ltd.) ContextMenuHandlers06: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2012-11-13] (Safer-Networking Ltd.) ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03F2496E-47FB-4FA6-A37C-45F09717C5E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-16] (Adobe Systems Incorporated) Task: {05A77C54-6E29-4DB8-969E-18199D498E67} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0c6e38be-555d-4db3-9408-9cfa87f69b2f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com) Task: {20EF4FC8-F7F8-45CE-91FB-C6ABB43F6A5A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.) Task: {358EC359-4B3E-44B2-8858-24F124A0F523} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728166519-1320919096-290645012-1000UA => C:\Users\Swapna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.) Task: {3BF686E3-A5B9-4B4C-8BE1-DB97A9899001} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728166519-1320919096-290645012-1000Core => C:\Users\Swapna\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.) Task: {426645A6-4A31-4A0C-984B-0DCC9075856B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.) Task: {65663266-0D43-4E37-8F9C-DCDB57A3A6AD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {6B894DB4-5FEC-4A45-A4AF-C0B9E7DC4C4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.) Task: {6D82950B-EC75-404C-937B-2356AAD55CD1} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.) Task: {738E8809-22D1-4DE3-9519-CEF4DFE498B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-11-13] (Safer-Networking Ltd.) Task: {77F97797-8A89-42DD-9F47-5126DEF37805} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] () Task: {A5DBAE27-FC8C-4B11-A005-A8367E6A5C92} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {A7D43B0D-8797-48D2-8E9F-5EDE512ACFDB} - System32\Tasks\{CF176D6F-653B-4841-A8BB-D70C649030EC} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.22.81.105/en/abandoninstall?source=lightinstaller&page=tsProgressBar Task: {CDBAD925-5242-44D2-ACCC-37EB207E936F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-21] (Piriform Ltd) Task: {D8CD73BD-C166-4E00-B4EE-A5B15A6E31FC} - System32\Tasks\SUPERAntiSpyware Scheduled Task e151bf91-bffa-42e1-a6b1-22fa1d92925b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com) Task: {DCA8BE51-0996-46E9-92C4-1FD87B23F834} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.) Task: {E18C3A1E-6CF6-43FD-8FF6-69456D440FBC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-13] (Safer-Networking Ltd.) Task: {E2FFE0EB-C21B-489A-8409-A3F6DCC82957} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-13] (Safer-Networking Ltd.) Task: {E335D388-D58E-42DE-83ED-BC6DE1561B31} - System32\Tasks\Nekatynufoch Configuration => C:\Program Files (x86)\Nekatynufoch\nekatynufochconfigurationtask.exe <==== ATTENTION Task: {FB3647B8-D7AA-4E1C-9942-673DC033FBA2} - System32\Tasks\{B6ACBAFA-9981-49AC-93E7-2754AC65E2A7} => C:\Program Files (x86)\Super DX-Ball\dxloader.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0c6e38be-555d-4db3-9408-9cfa87f69b2f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e151bf91-bffa-42e1-a6b1-22fa1d92925b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Swapna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ShortcutWithArgument: C:\Users\Swapna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ShortcutWithArgument: C:\Users\Swapna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ShortcutWithArgument: C:\Users\Swapna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ShortcutWithArgument: C:\Users\Swapna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ShortcutWithArgument: C:\Users\Swapna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=cubeplin20&uid=WD-WX11A11H0503_00BEVT-75A23&tm=1468469211 ==================== Loaded Modules (Whitelisted) ============== 2010-11-01 22:40 - 2010-11-01 22:40 - 00092808 _____ () C:\Windows\system32\FAIEExtension.DLL 2017-07-19 08:20 - 2017-07-19 08:20 - 03302400 _____ () C:\ProgramData\Windows\System32\Mswapi64.dll 2017-07-03 22:18 - 2017-06-23 08:51 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll 2017-07-03 22:18 - 2017-06-23 08:51 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" e" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7797 more sites. IE trusted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\dell.com -> dell.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1728166519-1320919096-290645012-1000\...\123simsen.com -> www.123simsen.com There are 7797 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 08:04 - 2017-07-23 18:36 - 00446305 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15318 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Swapna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: VDownloader => C:\Program Files\VDownloader\VDownloader.exe /silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0CBDEE4E-08BD-4E9E-A1FB-599C76E78CDF}] => (Allow) C:\Users\Swapna\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{59D0E689-6111-465D-AAE9-CFD29617104B}] => (Allow) C:\Users\Swapna\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{8A258F33-7929-4821-B8BC-E501F9546ADF}] => (Allow) C:\Users\Swapna\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{D34B222A-AC85-46FF-A3A9-07C861B4C3CD}] => (Allow) C:\Users\Swapna\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{3349CB9A-7892-4AD9-B89E-6B980253EEC2}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe FirewallRules: [{466BE138-0E3B-4959-8FC4-0BA6E44A1A50}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe FirewallRules: [{6540E09B-3013-4539-8B21-3509F1FC7BE5}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe FirewallRules: [{C524DD00-8B46-4A37-BE30-22294D4A9205}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe FirewallRules: [{DF679A14-AABF-4CB5-944E-5C67D704E632}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{25C58C0D-9B5D-4140-9CD4-E29CAAEA8509}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{643EB34B-61CC-4C2E-A331-AD42E23110B5}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{D164B2F9-1383-460A-A536-31E02BB7F484}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{F7B5E01D-4445-4FF5-A944-DB8AB4CEFB6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{140B8B42-B216-4761-8E59-BB5DBB895A29}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E861FA10-49D3-4D8D-BCFC-E825135A3BB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{48561A2C-051C-4A90-A842-7F49B713C2C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E2D1039E-7DA4-4B56-8382-A810B13A21CB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{78E90F7F-46A9-42CF-B369-3EBF747F4AFA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{FD09A824-269A-4E47-A17F-753BFCFA881A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{0C6D8DE1-00F4-4706-B257-E1078E77E7A6}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [TCP Query User{AC35DF57-E852-4D3A-8556-F3E6220EEEB4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{451A604C-5070-45A0-A6F2-CFCF83E5E108}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{4541CDF0-7510-4542-8DBC-140D7EEFDABB}C:\program files (x86)\free download manager\fdmwi.exe] => (Block) C:\program files (x86)\free download manager\fdmwi.exe FirewallRules: [UDP Query User{A14C5A82-F0F5-4949-8EBA-126254F883CD}C:\program files (x86)\free download manager\fdmwi.exe] => (Block) C:\program files (x86)\free download manager\fdmwi.exe FirewallRules: [TCP Query User{D94186EE-A724-4D47-ACCD-A58AA326C287}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [UDP Query User{275C7061-063B-43ED-B401-00F15A7F0437}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [{2651CB28-0293-4212-ADF9-B13EF72EE459}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{E4C8B2DC-005D-413D-B568-8E31D95444CE}] => (Allow) C:\Users\Swapna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5571CB54-8135-44AA-9346-79CE38321565}] => (Allow) C:\Users\Swapna\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{1F940644-8ACE-4C78-8A7B-1B43F252FFB3}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{7803CD9C-8BD1-4D88-B817-B7703812A900}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{5513F46F-05C3-434E-89D5-6BFB123DF268}] => (Allow) C:\Users\Swapna\AppData\Local\Torch\Application\torch.exe FirewallRules: [{0ABD7551-808B-4360-A4AA-FC047ED16664}] => (Allow) C:\Users\Swapna\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe FirewallRules: [{27DCB594-4E3B-4B89-A857-DC25DC527BA3}] => (Allow) C:\Users\Swapna\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe FirewallRules: [TCP Query User{01D54633-A4EE-4DA9-AE51-C96F703DCAE8}C:\users\aju\appdata\local\torch\user data\default\extensions\pdehmppfilefbolgganhfihpbmjlgebh\hola_plugin_x64.exe] => (Allow) C:\users\aju\appdata\local\torch\user data\default\extensions\pdehmppfilefbolgganhfihpbmjlgebh\hola_plugin_x64.exe FirewallRules: [UDP Query User{A6878939-C02A-4136-A6D2-95E08624AFAC}C:\users\aju\appdata\local\torch\user data\default\extensions\pdehmppfilefbolgganhfihpbmjlgebh\hola_plugin_x64.exe] => (Allow) C:\users\aju\appdata\local\torch\user data\default\extensions\pdehmppfilefbolgganhfihpbmjlgebh\hola_plugin_x64.exe FirewallRules: [TCP Query User{368E24EC-227E-4937-9176-2415601B77C9}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Block) C:\program files (x86)\1clickdownload\1clickdownloader.exe FirewallRules: [UDP Query User{ABC860CD-EF56-4E50-A0A6-BF1123DD5F12}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Block) C:\program files (x86)\1clickdownload\1clickdownloader.exe FirewallRules: [{CC479624-FF52-4BD9-9A47-FBC27D8261F7}] => (Allow) C:\Users\aju\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{33B48A1E-1FCB-4827-9777-05B8542E2C9E}] => (Allow) C:\Users\aju\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8CFC2C9A-CEF8-46A4-AE21-CE91DDFA62F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{188634D5-C820-4406-842E-514D05A61CB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1066FC41-1FBC-4D2C-8C6D-0DDEF1974D27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{1FDD73B9-7043-45D1-8819-E69739AA0226}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{95F5197A-3B37-4F55-981C-0C77D201FAC9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{A0D8D72C-0EB4-40AD-B35E-52311A80EF9F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{ED2FE170-FE14-4220-BD3C-89BD3BD18DEB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{63ADE0BE-77DF-49AB-87C3-C1B33964E5A0}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{55372298-E2DC-4AA0-B931-4698BC1B6009}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{8EBC4B44-C937-4A5B-9831-47BD85DE89B0}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{A8008836-4E42-464B-A3B8-03B60C1E7258}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [TCP Query User{D7604345-61A6-4858-831C-2CBD8BE234BE}C:\users\swapna\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\swapna\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{0DC3F852-3D94-4BA9-B77C-22D8B86B5F2D}C:\users\swapna\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\swapna\appdata\local\google\chrome\application\chrome.exe FirewallRules: [{489B56D6-2FBD-4B7E-AA44-D07E877F5DD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{708FFABD-880F-40CF-9051-EF1BFC1F5204}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe FirewallRules: [UDP Query User{ABF37359-7B81-42E4-8B0A-6A2E0B468CA2}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter #4 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: sptd Description: sptd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: sptd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: facap, FastAccess Video Capture Description: facap, FastAccess Video Capture Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Sensible Vision Service: FACAP Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2017 06:51:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (07/23/2017 06:51:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDFSSvc.exe, version: 2.0.12.205, time stamp: 0x50a24603 Faulting module name: vcl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca13a1 Exception code: 0xc0000005 Fault offset: 0x00145d96 Faulting process id: 0xb38 Faulting application start time: 0x01d303b6896bd488 Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\vcl150.bpl Report Id: d1e024e8-6fa9-11e7-bb02-14feb59b1f06 Error: (07/23/2017 06:02:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDFSSvc.exe, version: 2.0.12.205, time stamp: 0x50a24603 Faulting module name: vcl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca13a1 Exception code: 0xc0000005 Fault offset: 0x00145d96 Faulting process id: 0xc54 Faulting application start time: 0x01d303afb6523f68 Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\vcl150.bpl Report Id: f6131bbc-6fa2-11e7-a58c-14feb59b1f06 Error: (07/23/2017 06:01:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDFSSvc.exe, version: 2.0.12.205, time stamp: 0x50a24603 Faulting module name: vcl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca13a1 Exception code: 0xc0000005 Fault offset: 0x00145d96 Faulting process id: 0x1744 Faulting application start time: 0x01d303a8df62a6ae Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\vcl150.bpl Report Id: cbfc69e7-6fa2-11e7-a58c-14feb59b1f06 Error: (07/23/2017 06:00:48 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed NVIDIA PhysX; Error = 0x80070070). Error: (07/23/2017 06:00:18 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed NVIDIA PhysX; Error = 0x80070070). Error: (07/23/2017 05:27:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp, version: 51.1052.0.0, time stamp: 0x5698ac5a Faulting module name: suhlpr.dll_unloaded, version: 0.0.0.0, time stamp: 0x58ffb792 Exception code: 0xc0000005 Fault offset: 0x618492d9 Faulting process id: 0xc3c Faulting application start time: 0x01d303aad77beed4 Faulting application path: C:\Users\Swapna\AppData\Local\Temp\is-NFPHF.tmp\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp Faulting module path: suhlpr.dll Report Id: 1781eb7c-6f9e-11e7-a58c-14feb59b1f06 Error: (07/23/2017 05:26:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp, version: 51.1052.0.0, time stamp: 0x5698ac5a Faulting module name: suhlpr.dll_unloaded, version: 0.0.0.0, time stamp: 0x58ffb792 Exception code: 0xc0000005 Fault offset: 0x618492d9 Faulting process id: 0xcdc Faulting application start time: 0x01d303aabd6849e5 Faulting application path: C:\Users\Swapna\AppData\Local\Temp\is-2MS0R.tmp\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp Faulting module path: suhlpr.dll Report Id: 0414a4ba-6f9e-11e7-a58c-14feb59b1f06 Error: (07/23/2017 05:26:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp, version: 51.1052.0.0, time stamp: 0x5698ac5a Faulting module name: suhlpr.dll_unloaded, version: 0.0.0.0, time stamp: 0x58ffb792 Exception code: 0xc0000005 Fault offset: 0x618492d9 Faulting process id: 0x16b8 Faulting application start time: 0x01d303aaaa5b740c Faulting application path: C:\Users\Swapna\AppData\Local\Temp\is-PPARB.tmp\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.tmp Faulting module path: suhlpr.dll Report Id: eb8f94e0-6f9d-11e7-a58c-14feb59b1f06 Error: (07/23/2017 05:12:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDFSSvc.exe, version: 2.0.12.205, time stamp: 0x50a24603 Faulting module name: vcl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca13a1 Exception code: 0xc0000005 Fault offset: 0x00145d96 Faulting process id: 0x8bc Faulting application start time: 0x01d303a8abaa2849 Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\vcl150.bpl Report Id: f8779207-6f9b-11e7-a58c-14feb59b1f06 System errors: ============= Error: (07/23/2017 07:06:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (07/23/2017 07:05:22 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} ==================== Memory info =========================== Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 55% Total physical RAM: 2996.52 MB Available physical RAM: 1346.22 MB Total Virtual: 5991.23 MB Available Virtual: 4394.09 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:96.74 GB) (Free:17.13 GB) NTFS Drive e: (Data) (Fixed) (Total:93.75 GB) (Free:1.42 GB) NTFS Drive f: (Movies) (Fixed) (Total:93.75 GB) (Free:3.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: C8143CF6) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=96.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=187.5 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 23 July 2017 - 12:21 PM

Looks like the line wrapping is all messed up. Can you attach that log instead? Simply click on the "More Reply Options" button in the bottom-right corner of the reply box to get that option.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2017 - 12:09 PM

Attached

Attached Files



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 24 July 2017 - 12:35 PM

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2017 - 12:54 PM

======== End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 115237972 B
Java, Flash, Steam htmlcache => 5701 B
Windows/system/drivers => 225874610 B
Edge => 0 B
Chrome => 145989328 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 134598 B
systemprofile32 => 72678 B
LocalService => 128 B
NetworkService => 57338 B
Swapna => 24275523 B
aju => 16495142 B
Guest => 158500 B
 
RecycleBin => 844421 B
EmptyTemp: => 512.6 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-07-2017 23:16:17)
 
C:\programdata\microsoft\network\dsq => Is moved successfully
 
==== End of Fixlog 23:16:


#8 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2017 - 12:56 PM

fix log posted above. After the fix, the LAN settings got changed; i had to change to "automatically detect" to access internet.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 24 July 2017 - 12:59 PM

Can you attach the fixlog.txt instead? The content you copy/pasted looks like only half of it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2017 - 01:12 PM

Attached



#11 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2017 - 01:17 PM

Attached

Attached Files



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 24 July 2017 - 01:36 PM

Alright. Now, are you able to install and run a scan with Malwarebytes?

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2017 - 02:18 PM

Log is given below:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/25/17
Scan Time: 12:24 AM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2427
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Swapna-PC\Swapna
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 443798
Threats Detected: 90
Threats Quarantined: 90
Time Elapsed: 12 min, 38 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 33
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, Quarantined, [11424], [169917],1.0.2427
Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, Quarantined, [11424], [169917],1.0.2427
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, Quarantined, [11424], [169917],1.0.2427
PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [376], [316936],1.0.2427
PUP.Optional.Elex.SHHKRST, HKU\S-1-5-18\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [376], [316936],1.0.2427
PUP.Optional.Incredibar, HKLM\SOFTWARE\CLASSES\APPID\{608D3067-77E8-463D-9084-908966806826}, Quarantined, [7389], [169779],1.0.2427
PUP.Optional.Incredibar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{608D3067-77E8-463D-9084-908966806826}, Quarantined, [7389], [169779],1.0.2427
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{608D3067-77E8-463D-9084-908966806826}, Quarantined, [7389], [169779],1.0.2427
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [15915], [-1],0.0.0
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1728166519-1320919096-290645012-1005\SOFTWARE\AskPartnerNetwork, Quarantined, [9870], [186876],1.0.2427
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1728166519-1320919096-290645012-501\SOFTWARE\AskPartnerNetwork, Quarantined, [9870], [186876],1.0.2427
PUP.Optional.1ClickDownload, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\1ClickDownload, Quarantined, [6195], [235164],1.0.2427
PUP.Optional.BabylonToolBar, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\BabylonToolbar, Quarantined, [7284], [235657],1.0.2427
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\DataMngr, Quarantined, [9865], [253612],1.0.2427
PUP.Optional.SpringFiles, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\SrpnFiles, Quarantined, [3233], [182842],1.0.2427
PUP.Optional.SProtector, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\APPDATALOW\SProtector, Quarantined, [6417], [243450],1.0.2427
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\APPID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}, Quarantined, [3759], [392823],1.0.2427
PUP.Optional.FaceMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}, Quarantined, [3759], [392823],1.0.2427
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}, Quarantined, [3759], [392823],1.0.2427
PUP.Optional.VDownloader, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eoccbpoodnckjdnackiffhjfkogfhnhh, Quarantined, [7140], [183570],1.0.2427
PUP.Optional.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jplinpmadfkdgipabgcdchbdikologlh, Quarantined, [6195], [257811],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [585], [305781],1.0.2427
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, Quarantined, [184], [382206],1.0.2427
Adware.QIPApp, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\TORCH, Quarantined, [9497], [390815],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [585], [305780],1.0.2427
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\rlvknlg_RASAPI32, Quarantined, [1247], [184776],1.0.2427
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\rlvknlg_RASMANCS, Quarantined, [1247], [184776],1.0.2427
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\YontooDesktop_RASAPI32, Quarantined, [53], [184788],1.0.2427
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\YontooDesktop_RASMANCS, Quarantined, [53], [184788],1.0.2427
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Quarantined, [212], [182747],1.0.2427
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [3891], [244615],1.0.2427
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, Quarantined, [53], [253745],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [585], [305780],1.0.2427
 
Registry Value: 23
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\S-1-5-21-1728166519-1320919096-290645012-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\S-1-5-21-1728166519-1320919096-290645012-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\S-1-5-21-1728166519-1320919096-290645012-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [15915], [-1],0.0.0
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [15915], [-1],0.0.0
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [9865], [-1],0.0.0
PUP.Optional.HohoSearch.YSSRHS1, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|HP, Quarantined, [585], [305781],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|TAB, Quarantined, [585], [305781],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SP, Quarantined, [585], [305781],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SURL, Quarantined, [585], [305781],1.0.2427
Adware.QIPApp, HKU\S-1-5-21-1728166519-1320919096-290645012-1000\SOFTWARE\TORCH|HOME, Quarantined, [9497], [390815],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|HP, Quarantined, [585], [305780],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|TAB, Quarantined, [585], [305780],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SP, Quarantined, [585], [305780],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SURL, Quarantined, [585], [305780],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|HP, Quarantined, [585], [305780],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|TAB, Quarantined, [585], [305780],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SP, Quarantined, [585], [305780],1.0.2427
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SURL, Quarantined, [585], [305780],1.0.2427
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 13
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache, Quarantined, [53], [181476],1.0.2427
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}, Quarantined, [53], [181476],1.0.2427
PUP.Optional.Yontoo, C:\PROGRAMDATA\Tarma Installer, Quarantined, [53], [181476],1.0.2427
PUP.Optional.SpringFiles, C:\USERS\SWAPNA\APPDATA\ROAMING\SpringFiles, Quarantined, [3233], [181048],1.0.2427
PUP.Optional.TornTV, C:\USERS\SWAPNA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TORNTV.COM, Quarantined, [1220], [180100],1.0.2427
PUP.Optional.YesSearches, C:\USERS\SWAPNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\41A66E7E5EE1\YourGSearchFinder_br, Quarantined, [100], [181945],1.0.2427
PUP.Optional.MCorp, C:\Users\Swapna\AppData\Roaming\MCorp\1147, Quarantined, [15980], [261674],1.0.2427
PUP.Optional.MCorp, C:\USERS\SWAPNA\APPDATA\ROAMING\MCORP, Quarantined, [15980], [261674],1.0.2427
PUP.Optional.SkypeUpdateEx.PrxySvrRST, C:\PROGRAM FILES (X86)\SKYPEUPDATEEX, Quarantined, [15915], [259160],1.0.2427
PUP.Optional.MultiPlug, C:\Users\Swapna\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\USERS\SWAPNA\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\pbaccfbhcehocddghbmdnpifbabkelio, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\aju\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\USERS\AJU\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\pbaccfbhcehocddghbmdnpifbabkelio, Quarantined, [280], [240948],1.0.2427
 
File: 21
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat, Quarantined, [53], [181476],1.0.2427
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe, Quarantined, [53], [181476],1.0.2427
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico, Quarantined, [53], [181476],1.0.2427
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll, Quarantined, [53], [181476],1.0.2427
PUP.Optional.Yontoo, C:\USERS\AJU\NTUSER.POL, Quarantined, [53], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\SWAPNA\NTUSER.POL, Quarantined, [53], [-1],0.0.0
PUP.Optional.TornTV, C:\Users\Swapna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Torntv Downloader.lnk, Quarantined, [1220], [180100],1.0.2427
PUP.Optional.TornTV, C:\Users\Swapna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\Uninstall.lnk, Quarantined, [1220], [180100],1.0.2427
PUP.Optional.MCorp, C:\USERS\SWAPNA\APPDATA\ROAMING\MCORP\1147\UDPX, Quarantined, [15980], [261674],1.0.2427
PUP.Optional.MindSpark, C:\USERS\SWAPNA\DESKTOP\VIDEODOWNLOADCONVERTERSETUP.EXE, Quarantined, [284], [301125],1.0.2427
PUP.Optional.SkypeUpdateEx.PrxySvrRST, C:\PROGRAM FILES (X86)\SKYPEUPDATEEX\SKYPEUPDATEEX.EXE.CONFIG, Quarantined, [15915], [259160],1.0.2427
PUP.Optional.MultiPlug, C:\USERS\SWAPNA\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\pbaccfbhcehocddghbmdnpifbabkelio\4_0\lsdb.js, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\Swapna\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\background.html, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\Swapna\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\content.js, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\Swapna\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\manifest.json, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\Swapna\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\sqlite.js, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\USERS\AJU\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\pbaccfbhcehocddghbmdnpifbabkelio\4_0\lsdb.js, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\aju\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\background.html, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\aju\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\content.js, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\aju\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\manifest.json, Quarantined, [280], [240948],1.0.2427
PUP.Optional.MultiPlug, C:\Users\aju\AppData\Local\Chromium\User Data\Default\Extensions\pbaccfbhcehocddghbmdnpifbabkelio\4_0\sqlite.js, Quarantined, [280], [240948],1.0.2427
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 24 July 2017 - 02:21 PM

Good :) Now let's do a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 alexiskurien

alexiskurien
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2017 - 09:13 PM

 AdwCleaner log

 

# AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 20:28:19 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:/Users\All Users\Documents\\dmp
Deleted: C:/Users\Public\Documents\\dmp
Deleted: C:\Program Files (x86)\GreenTree Applications
Deleted: C:\Program Files (x86)\Smartdl
Deleted: C:\Users\aju\AppData\Local\torch
Deleted: C:\Users\Swapna\AppData\Local\torch
Deleted: C:\Users\Swapna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Deleted: C:\ProgramData\torchcrashhandler
Deleted: C:\ProgramData\Application Data\torchcrashhandler
Deleted: C:\Users\All Users\torchcrashhandler
Deleted: C:\Users\Swapna\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\Swapna\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Deleted: C:\ProgramData\wxDownload
Deleted: C:\ProgramData\Application Data\wxDownload
Deleted: C:\Users\All Users\wxDownload
Deleted: C:\ProgramData\Ask
Deleted: C:\ProgramData\Application Data\Ask
Deleted: C:\Users\All Users\Ask
 
 
***** [ Files ] *****
 
Deleted: C:\END
Deleted: C:\Users\Swapna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
Deleted: C:\Users\Swapna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
Deleted: C:\Users\Swapna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
Deleted: C:\Users\Swapna\Desktop\Torch.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0ABD7551-808B-4360-A4AA-FC047ED16664}
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Video Player
Deleted: [Key] - HKCU\Software\Video Player
Deleted: [Key] - HKLM\SOFTWARE\AVG Secure Search
Deleted: [Key] - HKLM\SOFTWARE\Babylon
Deleted: [Key] - HKLM\SOFTWARE\dt soft\daemon tools toolbar
Deleted: [Key] - HKU\.DEFAULT\Software\IGearSettings
Deleted: [Key] - HKU\S-1-5-18\Software\IGearSettings
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\ilivid
Deleted: [Key] - HKCU\Software\ilivid
Deleted: [Key] - HKLM\SOFTWARE\SP Global
Deleted: [Key] - HKLM\SOFTWARE\SProtector
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\StartSearch
Deleted: [Key] - HKCU\Software\StartSearch
Deleted: [Key] - HKLM\SOFTWARE\torch
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1005\Software\torch
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Hola
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1005\Software\Hola
Deleted: [Key] - HKCU\Software\Hola
Deleted: [Key] - HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Deleted: [Key] - HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Deleted: [Key] - HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
Deleted: [Key] - HKLM\SOFTWARE\SkypeUpdateEx
Deleted: [Key] - HKLM\SOFTWARE\WMPNetworkAcSvc
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8C875948-9C60-4381-9248-0DF180542D53}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C900B400-CDFE-11D3-976A-00E02913A9E0}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9765480-72D1-11D4-A75A-004F49045A87}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B0E7716-898E-48CC-9690-4E338E8DE1D3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\Torch.exe
Deleted: [Key] - HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\Iminent
Deleted: [Key] - HKLM\SOFTWARE\SrpnFiles
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5513F46F-05C3-434E-89D5-6BFB123DF268}
Deleted: [Key] - HKLM\SOFTWARE\hohosearchSoftware
Deleted: [Key] - HKLM\SOFTWARE\DataMngr
Deleted: [Key] - HKLM\SOFTWARE\Datamngr
Deleted: [Key] - HKU\.DEFAULT\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-21-1728166519-1320919096-290645012-1000\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-18\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics
Deleted: [Key] - HKLM\SOFTWARE\TornTv Downloader
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [8909 B] - [2017/7/24 20:21:32]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users