Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infectedwith trojan, local disk (c) space decreased using internet bandwidth


  • This topic is locked This topic is locked
10 replies to this topic

#1 tensa

tensa

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 03 September 2017 - 06:30 AM

Hai, Good morning guys. I want to confirm that the trojan is out of my system. The google keeps redirected itself and wasting my internet bandwidth. And, it also decreased Local disk© space. Help me, please. Here is the log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by naresh (administrator) on MADHAVA (03-09-2017 16:43:09)
Running from C:\Users\naresh\Downloads\Programs
Loaded Profiles: naresh (Available Profiles: naresh & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [3396624 2011-01-05] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [15009280 2017-06-30] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5232928 2017-05-19] (IObit)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1165920 2017-07-19] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Run: [NetLimiter] => "C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe" /minimized
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {07383e37-ab94-11e5-a593-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {0d3f743f-c573-11e3-94e8-00177c0f22b2} - J:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {2632f500-fb72-11e3-891d-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {281ba21d-5b47-11e3-87c3-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {55fd480b-c55e-11e2-bd0b-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {573cef48-3efa-11e3-acb9-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6662b2a1-2ade-11e4-a9a7-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {6f9cd4cb-fb71-11e3-9cc5-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {70e79e54-3a33-11e4-82a3-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {73c59382-4c69-11e3-88ae-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {aa13cca1-bfc9-11e2-9a8c-00177c0f22b2} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c485de1a-3fb6-11e3-a980-00177c0f22b2} - H:\Setup.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {c635828f-5b47-11e3-b9f7-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e1cdb0a2-1b2b-11e6-8278-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e4087d13-53cd-11e4-9bf8-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {e9ff6fb6-2add-11e4-be9a-00177c0f22b2} - I:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fcb4530d-4c69-11e3-af17-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\MountPoints2: {fdaa2210-3f03-11e3-8cba-00177c0f22b2} - H:\Setup.exe /Auto
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-26] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\...\Providers\ok91jull: C:\Program Files\Merqosaneherse Renew\local32spl.dll <==== ATTENTION
ShellExecuteHooks: No Name - {A5949E07-8536-4625-A3D0-2DD83F559990} -  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-08-19]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\naresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk [2017-08-18]
ShortcutTarget: Facebook Desktop.lnk -> C:\Program Files\facebook\Facebook.exe (No File)
Startup: C:\Users\naresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2017-08-19]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{E618CDF8-0EF2-4624-99EB-9DA1EE608404}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp&tc=18
HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = 
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {3E0690E2-67D2-A94F-B72C-5B906D47E0DE} URL = 
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {834B0513-4B47-43C9-A086-3B4DD5618B08} URL = 
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {DE4576A0-095A-4488-BCEF-00B5B1FF1AF6} URL = hxxps://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: SmartView VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files\DeviceVM\SmartView\SmartView.dll [2010-07-23] (DeviceVM, Inc.)
BHO: No Name -> {11111111-1111-1111-1111-110311551174} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Extension: (Facemoods) - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com [2014-10-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SpeedBit Video Downloader\SPFireFox => not found
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\naresh\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\naresh\AppData\Roaming\IDM\idmmzcc5 [2017-09-03] [not signed]
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\naresh\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/search?q=1
CHR StartupUrls: Default -> "hxxp://www.trotux.com/?z=008a05627d0661e637cc44fg8zbb7m3t9cfz2w7oao&from=isr&uid=ST500DM002-9YN14C_Z1D2AJ7PXXXXZ1D2AJ7P&type=hp"
CHR NewTab: Default ->  Active:"chrome-extension://icofmieadehdfoccgfbfdkbojkpmclkk/start/index.html"
CHR Profile: C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-13] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-30]
CHR Extension: (Google Docs) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-30]
CHR Extension: (Google Drive) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (YouTube) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (Iron Man 3) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ebkgohjhkmajdealpbnfimnchjepjmii [2017-08-01]
CHR Extension: (Save to Facebook) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-06-25]
CHR Extension: (App for Instagram™) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mmjmmaebgpkepeokbpeljabjhbmepodi [2017-08-04]
CHR Extension: (IDM Integration Module) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]
CHR Profile: C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-07-30] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-17]
CHR Extension: (Google Docs) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-17]
CHR Extension: (Google Drive) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-17]
CHR Extension: (YouTube) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-17]
CHR Extension: (Hermes Tab) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg [2017-02-17]
CHR Extension: (Google Sheets) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-17]
CHR Extension: (Media Watch) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mgpnddphiefjmboiakokjhadaefgpkmp [2017-02-17]
CHR Extension: (IDM Integration Module) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-17]
CHR Extension: (Gmail) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
CHR Profile: C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default [2017-09-03]
CHR Extension: (Google Docs) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-13]
CHR Extension: (Google Drive) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-13]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-09-02]
CHR Extension: (YouTube) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-13]
CHR Extension: (Iron Man 3) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkgohjhkmajdealpbnfimnchjepjmii [2017-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-13]
CHR Extension: (Iron Man Wallpaper HD New Tab Themes) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icofmieadehdfoccgfbfdkbojkpmclkk [2017-09-03]
CHR Extension: (IDM Integration Module) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-13]
CHR Profile: C:\Users\naresh\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-30]
CHR Profile: C:\Users\naresh\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-01]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mgpnddphiefjmboiakokjhadaefgpkmp] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-01-26]
CHR HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (No Name) - C:\Users\naresh\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-07-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2011-01-05] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2017-06-30] (Intel Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 PlexUpdateService; C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe [2091496 2017-08-08] (Plex, Inc.)
R2 WCUService_STC_IE; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 mptpmdxm; C:\Windows\system32\mptpmdxm.dll [X] <==== ATTENTION
S3 OracleOraDb11g_home1TNSListener; F:\app\naresh\product\11.2.0\dbhome_1\BIN\TNSLSNR  [X]
S2 Thijutaindreigh; C:\Program Files\Bulily\cahiphagn.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [17744 2011-01-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [51280 2011-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23632 2011-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [294352 2011-01-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [47440 2011-01-05] (AVAST Software)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-06-30] (REALiX™)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [25120 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFDownProtect.sys [20336 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21392 2017-01-06] (IObit)
R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\IMFForceDelete.sys [14168 2017-03-17] (IObit.com)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2009-06-18] (CACE Technologies)
S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [366136 2017-03-15] (QUALCOMM Incorporated)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32192 2016-12-15] (IObit.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2013-09-19] () [File not signed]
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [161640 2013-07-09] () [File not signed] <==== ATTENTION
S3 via_cdc_acm; C:\Windows\System32\DRIVERS\MBlaze_USB_SER.sys [45056 2012-05-12] (VIA Telecom)
S3 VIA_USB_BusEnum; C:\Windows\System32\DRIVERS\MBlaze_USB_BusEnum.sys [36864 2012-05-12] ()
S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\MBlaze_USB_ETS.sys [18560 2012-05-12] (Via Telecom, Inc.)
S3 VIA_USB_WinMux; C:\Windows\System32\DRIVERS\MBlaze_USB_WinMux.sys [30080 2012-05-12] ()
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2017-07-31] () [File not signed]
U3 agg2x1w0; C:\Windows\system32\Drivers\agg2x1w0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-01-01 06:30 - 2113-01-01 06:30 - 000143872 ____N (Intel Corporation) C:\Windows\system32\iacenc.dll
2099-01-01 06:30 - 2113-01-01 06:30 - 000056832 ____N C:\Windows\system32\iyvu9_32.dll
2017-09-03 16:42 - 2017-09-03 16:43 - 000000000 ____D C:\FRST
2017-09-02 14:15 - 2017-09-02 14:15 - 000001794 _____ C:\Users\Public\Desktop\Vuze.lnk
2017-09-02 14:15 - 2017-09-02 14:15 - 000001794 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2017-09-02 14:15 - 2017-09-02 14:15 - 000000000 ____D C:\Users\naresh\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2017-09-02 14:14 - 2017-09-02 14:15 - 000000000 ___DC C:\Program Files\Vuze
2017-09-02 13:01 - 2017-09-02 13:01 - 000000000 ____D C:\Users\naresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-09-02 13:01 - 2017-09-02 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-09-02 11:50 - 2017-09-02 11:50 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-02 11:50 - 2017-09-02 11:50 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-02 11:49 - 2017-09-02 11:50 - 000000000 ___DC C:\Program Files\Google
2017-09-01 21:09 - 2017-09-01 21:09 - 000000000 ____D C:\Users\naresh\AppData\Roaming\Locktime
2017-09-01 21:08 - 2017-09-01 21:08 - 000000000 ____D C:\ProgramData\Locktime
2017-09-01 15:24 - 2017-09-01 15:24 - 000000000 ____D C:\Users\naresh\AppData\Roaming\Locktime Software
2017-09-01 15:12 - 2014-05-14 21:53 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-09-01 15:12 - 2014-05-14 21:53 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-09-01 15:12 - 2014-05-14 21:53 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-09-01 15:12 - 2014-05-14 21:47 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-09-01 15:11 - 2014-05-14 21:53 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-09-01 15:11 - 2014-05-14 21:53 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-09-01 15:11 - 2014-05-14 21:47 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-09-01 15:11 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-09-01 15:11 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-09-01 10:19 - 2017-09-01 10:25 - 000000000 ___HD C:\Users\naresh\AppData\Local\SysHashTable
2017-08-26 13:06 - 2017-08-26 13:14 - 000000000 ____D C:\Users\naresh\AppData\Local\Plex Media Server
2017-08-26 13:06 - 2017-08-26 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-08-26 13:05 - 2017-08-26 13:05 - 000000000 ___DC C:\Program Files\Plex
2017-08-26 13:05 - 2015-07-18 18:38 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-08-26 13:05 - 2015-07-18 18:38 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-08-26 13:04 - 2015-07-18 18:38 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-08-26 13:04 - 2015-07-18 18:38 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-08-26 13:04 - 2015-07-18 18:38 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-08-26 13:04 - 2015-07-18 18:38 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-08-26 13:04 - 2015-07-18 18:38 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-08-26 13:04 - 2015-07-18 18:38 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-08-22 21:51 - 2017-08-24 12:08 - 000000000 ____D C:\Users\naresh\AppData\Local\WhatsApp
2017-08-20 17:50 - 2017-08-20 17:54 - 000000000 ____D C:\Windows\pss
2017-08-20 11:26 - 2017-08-20 11:26 - 000000000 ____D C:\ProgramData\Oracle
2017-08-19 22:03 - 2017-09-02 08:53 - 000000000 ____D C:\Users\naresh\AppData\Local\Ojics
2017-08-19 14:08 - 2017-08-19 14:08 - 000000000 ____D C:\Users\naresh\AppData\Local\Icaros
2017-08-19 14:07 - 2017-08-19 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-08-19 14:07 - 2017-07-30 16:20 - 003850240 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2017-08-19 14:07 - 2015-12-18 14:30 - 000282112 _____ C:\Windows\system32\xvidvfw.dll
2017-08-19 14:07 - 2015-10-24 21:30 - 000112128 _____ C:\Windows\system32\ff_vfw.dll
2017-08-19 14:07 - 2015-02-25 21:57 - 000473088 _____ (hxxp://www.mp3dev.org/) C:\Windows\system32\lameACM.acm
2017-08-19 14:07 - 2012-05-22 03:18 - 000000415 _____ C:\Windows\system32\lame_acm.xml
2017-08-19 14:07 - 2011-12-07 23:02 - 000216064 _____ ( ) C:\Windows\system32\lagarith.dll
2017-08-19 14:07 - 2004-05-18 23:46 - 000039936 _____ (Disappearing Inc.) C:\Windows\system32\huffyuv.dll
2017-08-18 22:41 - 2017-08-18 22:41 - 000002161 _____ C:\Users\naresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook Desktop.lnk
2017-08-18 12:39 - 2017-08-18 12:39 - 000000000 _____ C:\Users\naresh\0
2017-08-18 11:53 - 2017-08-20 19:41 - 000000000 ____D C:\Users\naresh\AppData\Local\cypjMERAky
2017-08-18 11:52 - 2017-08-18 11:52 - 000000000 ____D C:\Users\naresh\AppData\Roaming\vnlgp
2017-08-18 00:01 - 2017-08-18 00:01 - 000000000 ____D C:\Users\naresh\AppData\Roaming\FastStone
2017-08-18 00:00 - 2017-08-23 17:55 - 000001063 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2017-08-18 00:00 - 2017-08-18 00:00 - 000000000 ___DC C:\Program Files\FastStone Image Viewer
2017-08-18 00:00 - 2017-08-18 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2017-08-17 23:57 - 2017-08-17 23:57 - 000000000 ____D C:\Users\naresh\AppData\Roaming\Poppeman
2017-08-17 10:37 - 2017-08-17 10:37 - 000104306 _____ C:\Users\naresh\Downloads\dallas-buyers-club-yify-english.srt
2017-08-14 22:04 - 2017-08-14 22:05 - 017081631 _____ C:\Users\naresh\Downloads\sherlock.themepack
2017-08-04 17:09 - 2017-09-01 14:41 - 000000000 ____D C:\Users\naresh\AppData\Roaming\WhatsApp
2017-08-04 17:09 - 2017-08-24 12:08 - 000002169 _____ C:\Users\naresh\Desktop\WhatsApp.lnk
2017-08-04 17:09 - 2017-08-24 12:08 - 000000000 ____D C:\Users\naresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-08-04 17:09 - 2017-08-24 12:07 - 000000000 ____D C:\Users\naresh\AppData\Local\SquirrelTemp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-03 16:28 - 2009-07-14 10:04 - 000013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-03 16:28 - 2009-07-14 10:04 - 000013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-03 16:11 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\tracing
2017-09-03 15:28 - 2017-06-30 21:21 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-09-03 15:28 - 2013-10-27 02:02 - 000000000 ____D C:\Users\naresh
2017-09-03 12:51 - 2014-04-16 00:29 - 000000000 ____D C:\Users\naresh\AppData\Roaming\DMCache
2017-09-03 12:04 - 2014-10-02 10:33 - 000000000 ____D C:\Users\naresh\Downloads\Video
2017-09-02 20:18 - 2014-10-02 10:33 - 000000000 ____D C:\Users\naresh\Downloads\Compressed
2017-09-02 18:35 - 2013-11-08 19:15 - 000000000 ____D C:\Users\naresh\AppData\Roaming\Azureus
2017-09-02 13:01 - 2013-09-19 22:29 - 000000000 ___DC C:\Program Files\WinRAR
2017-09-02 12:32 - 2017-02-27 20:01 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-02 11:46 - 2017-02-10 11:05 - 000000000 ____D C:\Users\naresh\AppData\Roaming\IDM
2017-09-02 08:53 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\Resources
2017-09-02 07:00 - 2017-06-30 16:54 - 000000000 ____D C:\ProgramData\ProductData
2017-09-01 23:26 - 2017-02-27 20:01 - 000001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-09-01 20:04 - 2017-06-30 20:48 - 000002325 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-09-01 19:55 - 2017-06-30 20:48 - 000000294 _____ C:\Windows\Tasks\Driver Booster Scheduler.job
2017-09-01 19:55 - 2017-06-30 20:48 - 000000250 _____ C:\Windows\Tasks\Driver Booster SkipUAC (naresh).job
2017-09-01 14:40 - 2013-11-13 19:14 - 000000000 ____D C:\ProgramData\DatacardService
2017-09-01 14:40 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2017-09-01 14:28 - 2017-04-17 13:09 - 000002089 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-09-01 10:21 - 2014-11-15 20:19 - 000001156 _____ C:\Users\naresh\Desktop\Format Factory.lnk
2017-09-01 10:20 - 2016-02-27 14:47 - 000002261 _____ C:\Users\Public\Desktop\4Videosoft 3D Converter.lnk
2017-08-29 19:58 - 2017-04-17 13:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 10:26 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\system32\NDF
2017-08-28 22:33 - 2017-06-30 16:52 - 000000000 ___DC C:\Program Files\IObit
2017-08-28 22:30 - 2017-06-30 16:53 - 000000000 ___DC C:\Program Files\Common Files\IObit
2017-08-28 22:30 - 2017-06-30 16:52 - 000000000 ____D C:\ProgramData\IObit
2017-08-26 13:04 - 2014-05-05 17:56 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-23 21:11 - 2013-10-27 02:06 - 000790384 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-22 12:38 - 2013-11-07 15:44 - 000000000 ___DC C:\Program Files\Folder Lock
2017-08-20 20:14 - 2013-05-15 18:47 - 000000000 ____D C:\Users\naresh\AppData\Local\ElevatedDiagnostics
2017-08-19 14:07 - 2017-06-11 21:26 - 000000000 ___DC C:\Program Files\K-Lite Codec Pack
2017-08-10 20:30 - 2017-03-29 20:34 - 000000594 _____ C:\Windows\Tasks\Adobe Acrobat Update Task.job
 
==================== Files in the root of some directories =======
 
2013-09-15 05:57 - 2017-02-09 12:29 - 000000351 _____ () C:\Users\naresh\AppData\Roaming\WB.CFG
2017-07-30 16:26 - 2017-07-30 16:26 - 000016176 _____ () C:\Users\naresh\AppData\Local\InstallationConfiguration.xml
2017-07-30 16:26 - 2017-07-30 16:26 - 000140800 _____ () C:\Users\naresh\AppData\Local\installer.dat
2017-07-30 16:26 - 2017-07-30 16:26 - 000018432 _____ () C:\Users\naresh\AppData\Local\Main.dat
2013-09-04 17:29 - 2013-09-04 17:29 - 000001464 _____ () C:\Users\naresh\AppData\Local\recently-used.xbel
2014-06-07 12:16 - 2014-06-07 12:16 - 000007606 _____ () C:\Users\naresh\AppData\Local\Resmon.ResmonCfg
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\naresh\AppData\Local\{3A800570-C286-4EFB-9553-C83C9E4013DA}
2013-12-20 19:47 - 2013-12-20 19:47 - 000000000 _____ () C:\Users\naresh\AppData\Local\{8906D520-381E-4CB1-A53A-13B40D9876DE}
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\naresh\AppData\Local\{97CC91D3-50AD-49A1-93AE-A133B710855D}
2013-12-25 15:53 - 2013-12-25 15:53 - 000000000 _____ () C:\Users\naresh\AppData\Local\{C2D2986C-58D3-4103-837E-B6B1F008D2AC}
2014-01-15 19:13 - 2014-01-15 19:15 - 000000000 _____ () C:\Users\naresh\AppData\Local\{C816D3BA-546D-49E3-B246-9627F865D714}
2013-12-20 19:47 - 2013-12-20 19:48 - 000000000 _____ () C:\Users\naresh\AppData\Local\{E16B8D95-C12C-454D-8E8E-966CA1A8BCF6}
2017-06-30 21:25 - 2017-06-30 21:25 - 000000000 _____ () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job
C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job
 
 
Some files in TEMP:
====================
2017-07-30 16:17 - 2017-07-30 16:17 - 002578648 ____N () C:\Users\naresh\AppData\Local\Temp\ho5BJ2wMAiyT.exe
2016-08-16 13:18 - 2016-08-16 13:18 - 000488960 _____ () C:\Users\naresh\AppData\Local\Temp\sqlite3.exe
2017-07-30 16:19 - 2017-07-30 16:19 - 000579505 ____N (                                                            ) C:\Users\naresh\AppData\Local\Temp\uM2nizFdPzzv.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-28 15:30
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by naresh (03-09-2017 16:50:35)
Running from C:\Users\naresh\Downloads\Programs
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-10-26 20:32:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2309560818-624024024-290004726-500 - Administrator - Disabled)
Guest (S-1-5-21-2309560818-624024024-290004726-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2309560818-624024024-290004726-1004 - Limited - Enabled)
naresh (S-1-5-21-2309560818-624024024-290004726-1000 - Administrator - Enabled) => C:\Users\naresh
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4Videosoft 3D Converter 5.1.8 (HKLM\...\{8C9467CB-02EF-4948-B1F3-725EEFA6D571}_is1) (Version:  - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
avast! Free Antivirus (HKLM\...\avast5) (Version: 5.1.874.0 - Alwil Software)
Driver Booster 4.4 (HKLM\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
FastStone Image Viewer 6.3 (HKLM\...\FastStone Image Viewer) (Version: 6.3 - FastStone Soft)
Folder Lock (HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Folder Lock) (Version:  - New Softwares.net Inc.)
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
Guardius (HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\Guardius) (Version: 1.0.0.26 - Perion Ltd.)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Malware Fighter 5 (HKLM\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)
K-Lite Mega Codec Pack 13.4.0 (HKLM\...\KLiteCodecPack_is1) (Version: 13.4.0 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA PhysX (HKLM\...\{64F67489-76BB-4CDD-A236-F954BE774B35}) (Version: 9.09.0025 - NVIDIA Corporation)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plex Media Server (HKLM\...\{24b54b72-161a-4094-93b3-ea284140290c}) (Version: 1.8.1.4139 - Plex, Inc.)
Plex Media Server (HKLM\...\{952070F2-452A-48FF-A5B2-4586407F9536}) (Version: 1.8.4139 - Plex, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Settings Manager (HKLM\...\Settings Manager) (Version: 5.0.0.13892 - Aztec Media Inc) <==== ATTENTION
SmartView for IE (HKLM\...\{E9563CD0-B68D-4554-8C17-7C79F9951EB3}) (Version: 1.0.0.0 - DeviceVM, Inc.)
Stopping Plex (HKLM\...\{EAAC5F93-0A1F-4218-BA03-CAC93C9D3388}) (Version: 1.8.4139 - Plex, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
WhatsApp (HKU\S-1-5-21-2309560818-624024024-290004726-1000\...\WhatsApp) (Version: 0.2.5863 - WhatsApp)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2011-01-05] (AVAST Software)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-12-16] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2011-01-05] (AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08849347-B772-4FF7-A458-C84B68D5CA23} - no filepath
Task: {0BBE5E49-2346-4591-850D-C9C4156ED844} - System32\Tasks\RunAsStdUser Task => C:\Users\naresh\AppData\Local\RavenBleuSA\bin\1.0.17.0\RavenBleuSA.exe
Task: {16DEB970-B7AF-4E35-8658-7B5DA26273C1} - System32\Tasks\{3FEE9B30-F97F-4D7B-90FE-F55F56318489} => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Task: {1777FF32-0D85-4230-9F58-73470E9AA33F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-09] (AVAST Software)
Task: {2C941E1D-5F78-4D65-A2C6-4F8D7293EE59} - System32\Tasks\{19A99814-8650-40FB-94B8-3719F4A4B8FD} => C:\Windows\system32\pcalua.exe -a "E:\games\Need for Speed 6\Need For Speed Hot Pursuit 2.exe" -d "E:\games\Need for Speed 6"
Task: {3A9A6A1F-BCD3-4723-AF0A-C65697EDCDC9} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2017-02-09] (Avast Software s.r.o.)
Task: {3AFB6964-AF6B-452C-BF95-4ED34BC3EA91} - System32\Tasks\{C8F25A5C-2ECF-46BD-8CC9-88DBA519998C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Folder Lock\Uninstall.exe"
Task: {3D01DE63-DD24-4815-9CF0-6BFAAF33579B} - \ZSw9q5FNjw -> No File <==== ATTENTION
Task: {3FACA027-D827-4A4B-B7B8-ADCB6653FD8F} - System32\Tasks\{F100057F-BE62-4CB7-BA2C-676C04921A7B} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\Q T P KEY\QTP 10.0 pach file for vista & win7.EXE" -d "D:\New folder (2)\Q T P KEY"
Task: {42CB8FEC-3DA9-4FB5-B18A-661221E26AA0} - no filepath
Task: {46C1D18E-350B-406A-B6F2-AFB8E52F8FF4} - System32\Tasks\{7DEC0C76-03A8-4E30-BAC0-F114CC7DE5EC} => C:\Windows\system32\pcalua.exe -a "E:\Movies\Breaking bad\AOE 2\Age_Of_Empires_2_v2.02a_Update\update\age2upa.exe" -d "E:\Movies\Breaking bad\AOE 2\Age_Of_Empires_2_v2.02a_Update\update"
Task: {4998DCE9-FD42-47C0-B340-75EFE676466D} - \Prerfly -> No File <==== ATTENTION
Task: {4FF2A021-7B19-48CD-8EC7-AACD98BDE53B} - System32\Tasks\{5CD85DA3-A233-4DA0-8FA2-44E0F4601C83} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Google\Picasa3\Uninstall.exe"
Task: {6B11719C-B7C7-441C-B5D3-099B09EABBB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-02] (Google Inc.)
Task: {6DDA9371-64F3-4A8B-9E8B-5742F804294F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2309560818-624024024-290004726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {7CEAF955-65F4-4C76-82FE-95B24CCEBE15} - System32\Tasks\{8768D412-C628-45B9-955E-0A7CEB074A86} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {8F54D9C8-FD64-47AB-8F7F-4F24AC64E93C} - System32\Tasks\{93FF08A6-280F-4B89-8A1D-597F8F290EBD} => C:\Windows\system32\pcalua.exe -a C:\Users\naresh\Downloads\Programs\AVS_Media_Player.exe -d C:\Users\naresh\Downloads\Programs
Task: {930CAAF0-9873-4C71-AFAA-600D1A933BAD} - System32\Tasks\{4FEA8E22-0264-46F1-A24A-C54EAD850F9F} => C:\Windows\system32\pcalua.exe -a "E:\MS OFFICE 2007\setup.exe" -d "E:\MS OFFICE 2007"
Task: {9F603203-8E98-4D3D-8A37-CE4FBD0DBCF5} - System32\Tasks\{8DF121A9-575A-4515-A40E-EE90F8AC1C77} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\MS OFFICE 2007\setup.exe" -d "D:\New folder (2)\MS OFFICE 2007"
Task: {A8026234-AD1C-49F0-A290-1939F95A8F8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {A803D391-FFA2-4E18-8615-3E719C3B9653} - System32\Tasks\{EE0EE5CB-CF82-4A78-A5FB-7DF6C2980919} => C:\Windows\system32\pcalua.exe -a C:\Users\naresh\AppData\Local\Temp\~nsu.tmp\Au_.exe <==== ATTENTION
Task: {A8176EF4-DFCF-4AA4-8F26-749C631C6182} - no filepath
Task: {A88C83D9-E578-4080-B56E-EBEE166CF91B} - System32\Tasks\{E1CCD415-5E6A-43B7-9ED2-873E2E603E8E} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\office 2003\MSDE2000\MSDE2KS3.EXE" -d "D:\New folder (2)\office 2003\MSDE2000"
Task: {BCFDFBE1-A6FF-44CC-8F0B-BB3A3BE9D431} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2309560818-624024024-290004726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C81563BD-0B5E-48E4-B1D7-AB67F530EA50} - no filepath
Task: {CE16B9E3-AFD9-41D2-9222-175A3DF0552A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-02] (Google Inc.)
Task: {D2831301-8688-419E-A0D1-1CE32A4C9BFF} - System32\Tasks\{D4A931F2-8059-4B95-8D64-2A80E2492AD3} => C:\Windows\system32\pcalua.exe -a C:\Users\naresh\Downloads\Programs\ymsgr1150_0228_us.exe -d C:\Users\naresh\Downloads\Programs
Task: {D3CD119E-1A4A-498D-8E22-F532A5F54E87} - no filepath
Task: {DCC59B4F-A7C6-4C92-A6F2-392249F1701B} - System32\Tasks\{B1C62484-C94D-44D0-8A2D-8D6D64EA4253} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {E3A17FC6-2782-45D7-A45E-EB056DEEB318} - System32\Tasks\{7E1751F8-B046-4041-83B6-CFBA641AA150} => C:\Windows\system32\pcalua.exe -a "D:\New folder (2)\MS OFFICE 2007\setup.exe" -d "D:\New folder (2)\MS OFFICE 2007"
Task: {F57548AB-E713-45AA-86D7-27244A8B1794} - \FTdownloader V4.0-updater -> No File <==== ATTENTION
Task: {F84A6D4B-A83F-4563-8530-6930ED6FD9CC} - System32\Tasks\{3A04F88A-7B9C-46F8-89CC-1CC2E7B74525} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\FTdownloader V4.0\Uninstall.exe" -c /fromcontrolpanel=1
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => c:\users\naresh\downloads\chrome_cleanup_tool.exe
Task: C:\Windows\Tasks\Driver Booster Scheduler.job => C:\Program Files\IObit\Driver Booster\4.4.0\Scheduler.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (naresh).job => C:\Program Files\IObit\Driver Booster\4.4.0\DriverBooster.exe
Task: C:\Windows\Tasks\FTdownloader V4.0-updater.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-updater.exeƻ/runupdater /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=06E16CBF115145609D0E72DE99B82DF4IE /verifier=7ed6da70f801e6893ec42f1589c0893b /installerversion=1_27_153 /installationtime=1377429773 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.datasrvstats.com <==== ATTENTION
Task: C:\Windows\Tasks\Paverle Mapper.job => C:\Program Files\Atwudomstertersh\kuient.exe
Task: C:\Windows\Tasks\RunAsStdUser Task.job => C:\Program Files\IObit\Driver Booster\4.4.0\NoteIcon.exe C:\Program Files\IObit\Driver Booster\4.4.0\DriverBooster.exe
Task: C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
Task: C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job => c:\program files\google\chrome\application\chrome.exeWhxxps:/www.skype.com/go/
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-03 14:13 - 2014-10-03 13:08 - 002870272 _____ () C:\Program Files\Alwil Software\Avast5\defs\14100300\algo.dll
2014-04-21 18:10 - 2011-01-05 22:49 - 000142872 _____ () C:\Program Files\Alwil Software\Avast5\aswDld.dll
2017-08-08 06:55 - 2017-08-08 06:55 - 000083432 ____C () C:\Program Files\Plex\Plex Media Server\zlib.dll
2017-08-08 06:55 - 2017-08-08 06:55 - 000203240 ____C () C:\Program Files\Plex\Plex Media Server\libidn.dll
2014-11-01 15:22 - 2012-10-22 11:21 - 001277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2014-11-01 15:22 - 2012-07-09 17:57 - 002090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2014-11-01 15:22 - 2011-12-06 16:19 - 000133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2014-11-01 15:22 - 2012-03-23 10:07 - 000224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll
2013-10-27 02:05 - 2010-12-16 14:07 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2017-06-30 20:49 - 2016-08-10 17:13 - 000188704 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2017-06-30 20:49 - 2016-08-10 17:13 - 000899872 _____ () C:\Program Files\IObit\IObit Malware Fighter\webres.dll
2017-06-30 20:49 - 2016-08-10 17:13 - 000151840 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2017-06-30 20:49 - 2017-05-09 10:59 - 000631584 _____ () C:\Program Files\IObit\IObit Malware Fighter\ProductStatistics.dll
2017-06-30 20:49 - 2016-12-12 16:52 - 000442144 _____ () C:\Program Files\IObit\IObit Malware Fighter\madExcept_.bpl
2017-06-30 20:49 - 2016-12-12 16:52 - 000210720 _____ () C:\Program Files\IObit\IObit Malware Fighter\madBasic_.bpl
2017-06-30 20:49 - 2016-12-12 16:52 - 000059680 _____ () C:\Program Files\IObit\IObit Malware Fighter\madDisAsm_.bpl
2017-09-02 11:50 - 2017-08-23 13:01 - 002881368 ____C () C:\Program Files\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-09-02 11:50 - 2017-08-23 13:01 - 000086360 ____C () C:\Program Files\Google\Chrome\Application\60.0.3112.113\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2B11E0DF [118]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2017-07-31 15:08 - 000001769 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2309560818-624024024-290004726-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0163C973-E8CD-4D6D-B05C-DE261EA6128D}] => (Allow) LPort=135
FirewallRules: [{AFB9FA14-2459-49D0-9234-6201A4700312}] => (Allow) C:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe
FirewallRules: [{87A71D39-FE18-404E-B5D4-6541F4C0C10F}] => (Allow) C:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe
FirewallRules: [TCP Query User{37600526-31DE-4280-AE3D-3736707DC127}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{9826E9A5-3ABE-4E1A-9D3F-9711993E9577}C:\program files\microsoft office\office12\groove.exe] => (Block) C:\program files\microsoft office\office12\groove.exe
FirewallRules: [{21379E60-D16B-4C94-AA3C-7EB96B9A5720}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{8FAFD9E6-0163-41E7-9BBA-3B7AB37D63F3}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{6F6AEDD3-59BC-4537-B7AE-3424003EAA47}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{7A8B8C85-C176-4E67-B2EB-33DF71D52B1F}] => (Allow) C:\Program Files\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{E461D6EA-3219-46C5-BF89-A35E93FE1CB6}] => (Allow) C:\Program Files\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{F17FE818-3625-43E5-90D8-5296A5C81579}] => (Allow) C:\Program Files\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{DE22EEEF-9993-4E1D-8D60-0ABC1CCCBE0A}] => (Allow) C:\Program Files\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{6500D7DF-BC9A-41D2-ABD8-08171922E839}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{2918CE5A-9512-45BA-A7DE-77CA4F79D451}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{5BA3889F-EFA6-431D-9E2E-AC1496681CE5}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{70B76805-6C56-4BB1-802D-69FD4FF571AF}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{427E02C8-2521-4FC2-A08A-28151AE0B598}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{45450041-F12E-47EE-A4E4-BAEDD5EDAD71}] => (Allow) C:\Program Files\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{C9E2EFCD-4762-4F90-8CBD-E5825FD2ED12}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{E2C272FC-1C80-4F5F-B4C1-BDAAC55D6424}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{22DD7124-6023-48A1-9519-055854D1A667}] => (Block) LPort=445
FirewallRules: [{4C740D0B-64A8-48DB-967D-A53A68340C3A}] => (Block) LPort=445
FirewallRules: [{37F69679-7468-4B3E-978D-47E58DE6A12A}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{373BCD23-8342-4310-88B1-AFCB4388E59F}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{34E2739F-87F9-46B9-936F-E379509BEFD8}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{1C24441B-45EF-4720-9B70-16C12D6E344F}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{4DED7832-87E6-428B-AAB7-990A4725565D}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{008AECFE-1A08-44CD-9F15-D8BA703F7158}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{05EB9122-8DC2-4DB0-A98A-9D1984F92CA7}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{A47B89E5-D364-4107-9C79-70ECAB27C174}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{7A70AFB1-2ECF-4834-B24E-83E560629BB9}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{7D2FDFAC-2DA7-4CC6-A6F0-862A960DABC6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A364079E-A009-4937-9F6D-7AB2AECEA578}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{13C94155-EDEB-4123-A9AF-01D1656FF8FE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0D264B67-288A-4A75-83C1-D73A55FEABEE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0F4C27D5-B579-460C-AD1A-72D7A8B30D5C}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{991FBB27-9DB3-4561-834D-2C694164D2D0}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{07BED21D-09CF-4E97-BF8C-31C01E887926}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{E24A83E6-6764-44D0-9F12-27A361E580A2}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The service name is invalid.
 
More help is available by typing NET HELPMSG 2185.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 70%
Total physical RAM: 2922.64 MB
Available physical RAM: 875 MB
Total Virtual: 5843.58 MB
Available Virtual: 3465.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.19 GB) (Free:1.97 GB) NTFS
Drive d: () (Fixed) (Total:145.49 GB) (Free:33.83 GB) NTFS
Drive e: () (Fixed) (Total:145.49 GB) (Free:37.21 GB) NTFS
Drive f: () (Fixed) (Total:145.49 GB) (Free:79.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 08620861)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=436.5 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 03 September 2017 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Settings Manager (HKLM\...\Settings Manager) (Version: 5.0.0.13892 - Aztec Media Inc) <==== ATTENTION
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Providers\ok91jull: C:\Program Files\Merqosaneherse Renew\local32spl.dll <==== ATTENTION
ShellExecuteHooks: No Name - {A5949E07-8536-4625-A3D0-2DD83F559990} -  -> No File
Startup: C:\Users\naresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk [2017-08-18]
ShortcutTarget: Facebook Desktop.lnk -> C:\Program Files\facebook\Facebook.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2309560818-624024024-290004726-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: No Name -> {11111111-1111-1111-1111-110311551174} -> No File
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File
FF Extension: (Facemoods) - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com [2014-10-19] [not signed]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR StartupUrls: Default -> "hxxp://www.trotux.com/?z=008a05627d0661e637cc44fg8zbb7m3t9cfz2w7oao&from=isr&uid=ST500DM002-9YN14C_Z1D2AJ7PXXXXZ1D2AJ7P&type=hp"
CHR Profile: C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-08-13] <==== ATTENTION
CHR Profile: C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-07-30] <==== ATTENTION
CHR Extension: (Media Watch) - C:\Users\naresh\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mgpnddphiefjmboiakokjhadaefgpkmp [2017-02-17]
CHR HKLM\...\Chrome\Extension: [mgpnddphiefjmboiakokjhadaefgpkmp] - <no Path/update_url>
S2 mptpmdxm; C:\Windows\system32\mptpmdxm.dll [X] <==== ATTENTION
S3 OracleOraDb11g_home1TNSListener; F:\app\naresh\product\11.2.0\dbhome_1\BIN\TNSLSNR  [X]
S2 Thijutaindreigh; C:\Program Files\Bulily\cahiphagn.dll [X]
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [161640 2013-07-09] () [File not signed] <==== ATTENTION
U3 agg2x1w0; C:\Windows\system32\Drivers\agg2x1w0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} =>  -> No File
Task: {08849347-B772-4FF7-A458-C84B68D5CA23} - no filepath
Task: {3D01DE63-DD24-4815-9CF0-6BFAAF33579B} - \ZSw9q5FNjw -> No File <==== ATTENTION
Task: {42CB8FEC-3DA9-4FB5-B18A-661221E26AA0} - no filepath
Task: {4998DCE9-FD42-47C0-B340-75EFE676466D} - \Prerfly -> No File <==== ATTENTION
Task: {A803D391-FFA2-4E18-8615-3E719C3B9653} - System32\Tasks\{EE0EE5CB-CF82-4A78-A5FB-7DF6C2980919} => C:\Windows\system32\pcalua.exe -a C:\Users\naresh\AppData\Local\Temp\~nsu.tmp\Au_.exe <==== ATTENTION
Task: {A8176EF4-DFCF-4AA4-8F26-749C631C6182} - no filepath
Task: {C81563BD-0B5E-48E4-B1D7-AB67F530EA50} - no filepath
Task: {D3CD119E-1A4A-498D-8E22-F532A5F54E87} - no filepath
Task: {F57548AB-E713-45AA-86D7-27244A8B1794} - \FTdownloader V4.0-updater -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2B11E0DF [118]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
C:\Windows\System32\Tasks\{EE0EE5CB-CF82-4A78-A5FB-7DF6C2980919}
C:\Users\naresh\AppData\Local\Temp\~nsu.tmp
C:\Users\naresh\AppData\Local\Temp\uM2nizFdPzzv.exe
C:\Users\naresh\AppData\Local\Temp\ho5BJ2wMAiyT.exe
C:\Program Files\Merqosaneherse Renew
C:\Users\naresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk
C:\Windows\system32\drivers\UefGdstor.sys
C:\Windows\system32\Drivers\agg2x1w0.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 141 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180141}) (Version: 8.0.1410.15 - Oracle Corporation)

Please post the logs and let me know what problem persists.

#3 tensa

tensa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 04 September 2017 - 02:40 AM

Hai, Here is the log.
 
# AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 04 04:51:47 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 7 Professional (X86)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: PanService
 
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Program Files\IObit\Advanced SystemCare
Deleted: C:\Program Files\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Default User\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\naresh\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\naresh\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Program Files\PANDORA.TV
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Users\naresh\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Program Files\DAEMON Tools Toolbar
Deleted: C:\ProgramData\DeviceVM
Deleted: C:\ProgramData\Application Data\DeviceVM
Deleted: C:\Program Files\DeviceVM
Deleted: C:\Users\All Users\DeviceVM
Deleted: C:\Users\naresh\AppData\Roaming\DeviceVM
Deleted: C:\Users\naresh\AppData\Local\iLivid
Deleted: C:\Users\naresh\AppData\LocalLow\Toolbar4
Deleted: C:\Users\naresh\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent
Deleted: C:\Users\naresh\AppData\Roaming\VDI
Deleted: C:\Users\naresh\AppData\Roaming\VDI\Shared\Product Updater
Deleted: C:\Program Files\PublicHotspot
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Program Files\WindowsTM
Deleted: C:\Users\All Users\Documents\XMUpdate
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\ProgramData\Logic Cramble
Deleted: C:\ProgramData\Application Data\Logic Cramble
Deleted: C:\Users\All Users\Logic Cramble
Deleted: C:\Users\naresh\AppData\Roaming\vnlgp
Deleted: C:\ProgramData\Mail.Ru
Deleted: C:\ProgramData\Application Data\Mail.Ru
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\Users\All Users\Mail.Ru
Deleted: C:\Users\naresh\AppData\Local\Mail.Ru
Deleted: C:\Users\naresh\AppData\LocalLow\iac
 
 
***** [ Files ] *****
 
Deleted: C:\Users\naresh\AppData\Local\Main.dat
Deleted: C:\Users\naresh\daemonprocess.txt
Deleted: C:\END
Deleted: C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted: C:\Users\naresh\appdata\local\installationconfiguration.xml
Deleted: C:\Windows\System32\drivers\UefGdstor.sys
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
Cleaned: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[%SNP%]
Cleaned: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk[%SNP%]
 
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7A8B8C85-C176-4E67-B2EB-33DF71D52B1F}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E461D6EA-3219-46C5-BF89-A35E93FE1CB6}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F17FE818-3625-43E5-90D8-5296A5C81579}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DE22EEEF-9993-4E1D-8D60-0ABC1CCCBE0A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Video Player
Deleted: [Key] - HKCU\Software\Video Player
Deleted: [Key] - HKLM\SOFTWARE\SpeedBit
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\SpeedBit
Deleted: [Key] - HKCU\Software\SpeedBit
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKLM\SOFTWARE\dt soft\daemon tools toolbar
Deleted: [Key] - HKLM\SOFTWARE\FTdownloader V4.0
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\AppDataLow\Software\FTdownloader V4.0
Deleted: [Key] - HKCU\Software\AppDataLow\Software\FTdownloader V4.0
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\ilivid
Deleted: [Key] - HKCU\Software\ilivid
Deleted: [Key] - HKLM\SOFTWARE\iLividSRTB
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\InstalledBrowserExtensions
Deleted: [Key] - HKCU\Software\InstalledBrowserExtensions
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\PIP
Deleted: [Key] - HKCU\Software\PIP
Deleted: [Key] - HKLM\SOFTWARE\torch
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\torch
Deleted: [Key] - HKCU\Software\torch
Deleted: [Key] - HKLM\SOFTWARE\Wpm
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Mozilla\Extends
Deleted: [Key] - HKCU\Software\Mozilla\Extends
Deleted: [Key] - HKLM\SOFTWARE\PC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Link64
Deleted: [Key] - HKCU\Software\Link64
Deleted: [Key] - HKLM\SOFTWARE\Event Monitor
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Event Monitor
Deleted: [Key] - HKCU\Software\Event Monitor
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\VDI
Deleted: [Key] - HKCU\Software\VDI
Deleted: [Key] - HKLM\SOFTWARE\asc-pr
Deleted: [Key] - HKLM\SOFTWARE\WMPNetworkAcSvc
Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance
Deleted: [Key] - HKLM\SOFTWARE\msServer
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Speedownloader0099
Deleted: [Key] - HKCU\Software\Speedownloader0099
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\Torch.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Deleted: [Key] - HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|ArcherGroupEx
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Subair.exe
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\msaver
Deleted: [Key] - HKCU\Software\msaver
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKLM\SOFTWARE\SoEasySvc
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Hotspot
Deleted: [Key] - HKCU\Software\Hotspot
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Xpom
Deleted: [Key] - HKCU\Software\Xpom
Deleted: [Key] - HKLM\SOFTWARE\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Deleted: [Key] - HKLM\SOFTWARE\ScreenShot
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Amigo
Deleted: [Key] - HKCU\Software\Amigo
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WINSNARE
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\PrAmNP
Deleted: [Key] - HKCU\Software\Microsoft\PrAmNP
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrIncub
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup-r139-n-bf.exe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [18340 B] - [2017/9/4 4:49:32]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
# AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 04 04:49:32 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-01-2017.2
# Running on Windows 7 Professional (X86)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Optional.Legacy, PanService
 
 
***** [ Folders ] *****
 
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Default User\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\naresh\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\naresh\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\Windows\System32\SSL
PUP.Optional.Legacy, C:\Program Files\PANDORA.TV
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Users\naresh\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy, C:\Program Files\DAEMON Tools Toolbar
PUP.Optional.Legacy, C:\ProgramData\DeviceVM
PUP.Optional.Legacy, C:\ProgramData\Application Data\DeviceVM
PUP.Optional.Legacy, C:\Program Files\DeviceVM
PUP.Optional.Legacy, C:\Users\All Users\DeviceVM
PUP.Optional.Legacy, C:\Users\naresh\AppData\Roaming\DeviceVM
PUP.Optional.Legacy, C:\Users\naresh\AppData\Local\iLivid
PUP.Optional.Legacy, C:\Users\naresh\AppData\LocalLow\Toolbar4
PUP.Optional.Legacy, C:\Users\naresh\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent
PUP.Optional.Legacy, C:\Users\naresh\AppData\Roaming\VDI
PUP.Optional.Legacy, C:\Users\naresh\AppData\Roaming\VDI\Shared\Product Updater
PUP.Optional.Legacy, C:\Program Files\PublicHotspot
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Program Files\WindowsTM
PUP.Optional.Legacy, C:\Users\All Users\Documents\XMUpdate
PUP.Optional.Legacy, C:\Users\Public\Documents\XMUpdate
PUP.Optional.SafeFinder, C:\ProgramData\Logic Cramble
PUP.Optional.SafeFinder, C:\ProgramData\Application Data\Logic Cramble
PUP.Optional.SafeFinder, C:\Users\All Users\Logic Cramble
PUP.Optional.BitCoinMiner, C:\Users\naresh\AppData\Roaming\vnlgp
PUP.Optional.Mail.Ru, C:\ProgramData\Mail.Ru
PUP.Optional.Mail.Ru, C:\ProgramData\Application Data\Mail.Ru
PUP.Optional.Mail.Ru, C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
PUP.Optional.Mail.Ru, C:\Users\All Users\Mail.Ru
PUP.Optional.Mail.Ru, C:\Users\naresh\AppData\Local\Mail.Ru
Trojan.Agent, C:\Users\naresh\AppData\LocalLow\iac
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Users\naresh\AppData\Local\Main.dat
PUP.Optional.Legacy, C:\Users\naresh\daemonprocess.txt
PUP.Optional.Legacy, C:\END
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
PUP.Optional.Legacy, C:\Users\naresh\appdata\local\installationconfiguration.xml
PUP.Optional.JiSuZip, C:\Windows\System32\drivers\UefGdstor.sys
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
PUP.Optional.SafeFinder, C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - %SNP%
PUP.Optional.SafeFinder, C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - %SNP%
 
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7A8B8C85-C176-4E67-B2EB-33DF71D52B1F}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E461D6EA-3219-46C5-BF89-A35E93FE1CB6}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F17FE818-3625-43E5-90D8-5296A5C81579}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DE22EEEF-9993-4E1D-8D60-0ABC1CCCBE0A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Video Player
PUP.Optional.Legacy, [Key] - HKCU\Software\Video Player
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SpeedBit
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\SpeedBit
PUP.Optional.Legacy, [Key] - HKCU\Software\SpeedBit
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKCU\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\dt soft\daemon tools toolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\FTdownloader V4.0
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\AppDataLow\Software\FTdownloader V4.0
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\FTdownloader V4.0
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\ilivid
PUP.Optional.Legacy, [Key] - HKCU\Software\ilivid
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\iLividSRTB
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\InstalledBrowserExtensions
PUP.Optional.Legacy, [Key] - HKCU\Software\InstalledBrowserExtensions
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\PIP
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\PIP
PUP.Optional.Legacy, [Key] - HKCU\Software\PIP
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\torch
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\torch
PUP.Optional.Legacy, [Key] - HKCU\Software\torch
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Wpm
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKCU\Software\Mozilla\Extends
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\PC
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Link64
PUP.Optional.Legacy, [Key] - HKCU\Software\Link64
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Event Monitor
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Event Monitor
PUP.Optional.Legacy, [Key] - HKCU\Software\Event Monitor
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\VDI
PUP.Optional.Legacy, [Key] - HKCU\Software\VDI
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\asc-pr
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WMPNetworkAcSvc
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\InterSect Alliance
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\msServer
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Speedownloader0099
PUP.Optional.Legacy, [Key] - HKCU\Software\Speedownloader0099
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Applications\Torch.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | ArcherGroupEx
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WinSAPSvc
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Subair.exe
PUP.Optional.Reimage, [Key] - HKLM\SOFTWARE\Reimage
Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves
PUP.Optional.MoneyFriend, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\msaver
PUP.Optional.MoneyFriend, [Key] - HKCU\Software\msaver
PUP.Optional.DiskPower, [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
PUP.Optional.DiskPower, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
PUP.Optional.DiskPower, [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
PUP.Optional.SoEasySvc, [Key] - HKLM\SOFTWARE\SoEasySvc
PUP.Optional.WizzWifiHotspot, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Hotspot
PUP.Optional.WizzWifiHotspot, [Key] - HKCU\Software\Hotspot
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Xpom
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\Xpom
PUP.Optional.Mail.Ru, [Key] - HKLM\SOFTWARE\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\AppDataLow\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\Mail.Ru
PUP.Optional.Mail.Ru, [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
PUP.Optional.SupTab, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
PUP.Optional.ScreenShot, [Key] - HKLM\SOFTWARE\ScreenShot
PUP.Optional.SofTonicAssistant, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Softonic
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Softonic
PUP.Optional.Yontoo, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Amigo
PUP.Optional.Yontoo, [Key] - HKCU\Software\Amigo
PUP.Optional.WinSnare, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WINSNARE
PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP
PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\PrAmNP
PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\PrAmNP
PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrIncub
PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-2309560818-624024024-290004726-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup-r139-n-bf.exe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 04 September 2017 - 08:03 AM

Hi,

Did you run my suggested fix with the Farbar program?

Any remaining issues?

#5 tensa

tensa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 04 September 2017 - 11:03 AM

Yes, I ran it. no problem. Thank you for help. You mentioned to update java. Can you please, tell me genuine site for updating it. I think I may find malware again. And Is it necessary to disable java in my browsers.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 04 September 2017 - 12:23 PM



First remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 141 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180141}) (Version: 8.0.1410.15 - Oracle Corporation)

Restart the computer normally.

With Internet Exploreryou can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Install Java.

You should get Java 8 Update 144 or higher.

Let me know if you have any issues with this computer.

#7 tensa

tensa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 04 September 2017 - 11:37 PM

Sorry, I am not able to find Java 8 Update 141 (HKLM-x#@\................) in programs and Features. Please, specify it.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 05 September 2017 - 10:29 AM

Was the version Java 8 Update 144 installed?

#9 tensa

tensa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 05 September 2017 - 10:53 AM

nope, not installed. First of all I need to remove java 8 update 141 right ?.  I am not able to find Java 8 Update 141 (HKLM-x#@\................) in control panel -- programs. Tell me where I can find it and remove it.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 05 September 2017 - 12:21 PM

Hi,

Sorry I must have had a Senior moment. You do not have any Java program installed.

You can forget about installing the latest version.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#11 tensa

tensa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 06 September 2017 - 12:00 PM

Than you for your help, Sir.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users