Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Attack In My System


  • This topic is locked This topic is locked
10 replies to this topic

#1 Fazwud

Fazwud

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 March 2018 - 01:32 AM

Hey,

Myself, I'm Fazil.

Recently I downloaded a program and installed it in my Dell laptop. Since the install, my laptop is damn slow, almost completely not in a not workable position.

Also my browser automatically opens up and goes to website called "laserveradedomaina" which redirects to other websites.

I uninstalled the program and the downloaded files, ran avast antivirus, ran windows defender scan, ran CCleaner, the scan results did shows threats which I clicked for fix issue in corresponding programs.

But still the problems persists, the laptop is damn slow and the "laserveradedomaina" website keeps popping.

When I surfed for a solution in the internet, I came across an article recommending to use "ADW Cleaner".

When I tried to download the installation file, as soon as I click the download button, all windows which were open in my computer closes!

So now I downloaded the ADW Cleaner using my mobile and transferred the file using an USB cable, now here's the weirdest part, as soon as I click either Open or Run as administrator for the installation file, all windows which were open closes automatically and my laptop goes completely blank for like 20 secs.

I also experienced that this kind of crash happens when I tried to give forget password in the website "Idrop".

Can you please help me to get rid of this problem once and for all?

Regards,
Fazil.

BC AdBot (Login to Remove)

 


#2 sasschary

sasschary

  • Malware Study Hall Senior
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:42 PM

Posted 24 March 2018 - 07:07 PM

Hi Fazil,

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. To start out, please read through the thread here. Then, please try to perform step 6 and copy/paste the log into a reply here. If you are not able to get the programs to run, just reply here and we'll go about it another way.

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

Sincerely,
sasschary



#3 Fazwud

Fazwud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 March 2018 - 08:17 PM

Hey Zach,

I tried to download the Frst tool, as soon as I clicked the link to download the tool, my system crashed. Then I downloaded from my mobile, transferred it to my laptop, and tried to run it, guess what happened? My system crashed again.

Now what do I do?

#4 sasschary

sasschary

  • Malware Study Hall Senior
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:42 PM

Posted 24 March 2018 - 09:04 PM

Hi Fazil,

NOTE: Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

 

If you have Windows 7 or earlier, please follow the first set of instructions to reboot into Safe Mode. Then, skip down to the section on running an FRST scan. If you have Windows 8 or Windows 10, please follow the second set of instructions and continue to the end. Also, for future reference in case you are still unable to run FRST, what version of Windows are you running?

Let's reboot your computer into safe mode.

  • Restart your computer from the Start Menu. Once your computer starts to boot again, repeatedly press the F8 key on your keyboard until a menu pops up.
  • On the menu, use your arrow keys to select Safe Mode, then press the Enter key on your keyboard.
  • Your computer should now boot.

Once you get to your desktop, it should display a warning that you are in Safe Mode in each of the four corners of your screen. Do not worry if your desktop looks different from what you are used to; this is normal when you are in Safe Mode.

Let's reboot your computer into Safe Mode.

  • Open your Start menu and click the power button.
  • Hold Shift on your keyboard and click Restart.
  • After a moment, a menu should appear. Click Troubleshoot, then Advanced OptionsStartup Settings, and finally Restart.
  • Your computer should restart into a menu with startup settings. Press 4 on your keyboard to select Enable Safe Mode.
  • Your computer should now boot.

Once you get to your desktop, it will display a warning that you are in Safe Mode in each of the four corners of your screen. Do not worry if your desktop looks different from what you are used to; this is normal when you are in Safe Mode.

Let's run a scan using FRST.

Now we need to use FRST to run a scan.

  • Open a file explorer window and browse to the location where you downloaded FRST. Then, right click FRST and click Run as Administrator
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Scan and wait for the scan to be run.
  • After the scan has been completed, FRST should create and open a file called FRST.txt in Notepad. Please copy and paste that file into your next reply.

Finally, when you said in your last post that your system crashed when you tried to run FRST, what did you mean? Do you mean that as in a full, blue screen of death crash, or a crash as you described in your first post, when all of your programs close?

In your next reply, please include the following:

  • FRST.txt
  • What version of Windows do you have?
  • What kind of crash happens when running FRST?

sasschary



#5 Fazwud

Fazwud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 March 2018 - 09:08 PM

I'll do as you say.

When I said my system crashes it is as per my first post. All opened Windows closes, desktop goes blank for like 10-15 secs

#6 Fazwud

Fazwud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 March 2018 - 09:59 PM

Hey Zach,

 

I ran the scan in safe mode.

 

The reports got generated.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018

Ran by inthi_ar (administrator) on INTHI_AR-PC (25-03-2018 08:03:36)
Running from C:\Users\inthi_ar\Desktop\FRST
Loaded Profiles: inthi_ar (Available Profiles: inthi_ar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2017-08-19] (AVAST Software)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [500696 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\Run: [BingSvc] => C:\Users\inthi_ar\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-07] (Piriform Ltd)
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {1073fc4c-13c2-11e2-85d6-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {16e33cdb-615b-11e3-9e11-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {1be50803-6f32-11e4-a4d9-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {1be50807-6f32-11e4-a4d9-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {2c9b46bc-e743-11e4-b0d8-685d43faa0bd} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {47ea7af4-7bf5-11e3-816c-685d43faa0bd} - G:\MENU.EXE
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {512d1491-58f8-11e4-b199-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {591e0f75-453d-11e2-a5d6-685d43faa0b9} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {591e0f78-453d-11e2-a5d6-685d43faa0b9} - H:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {65ad13fa-948b-11e7-a313-685d43faa0bd} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {74fd52d1-122c-11e2-9271-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {74fd52d5-122c-11e2-9271-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {7883d4ec-3be4-11e5-8861-685d43faa0bd} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {811d3d72-4a23-11e5-a96e-685d43faa0bd} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {853a8fe9-453f-11e2-8cbf-685d43faa0b9} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {86cad49b-dfe2-11e4-8e9d-685d43faa0bd} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {887263d3-6560-11e2-a19b-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {89743658-1292-11e2-860f-685d43faa0b9} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {89743668-1292-11e2-860f-685d43faa0b9} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {8d5b4c6b-48fe-11e2-a5fc-685d43faa0b9} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {8dce62cb-09f9-11e2-83e4-685d43faa0bd} - I:\Setup.exe /Auto
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {92fe426e-0f02-11e5-8849-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {94a55cf8-549d-11e2-8b3f-d4bed946c7c7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Common_Handset_USB_Driver.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {9b1544d9-a68c-11e4-902e-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {9b1544de-a68c-11e4-902e-685d43faa0bd} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {ab6874db-7e02-11e5-98f0-685d43faa0bd} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {b11eb0ad-ed81-11e7-aeb2-685d43faa0bd} - G:\Lenovo_Suite.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {cb6585cc-65be-11e2-aedb-685d43faa0b9} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {cb6585e5-65be-11e2-aedb-d4bed946c7c7} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {f987d54e-485c-11e2-ab80-685d43faa0b9} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {fa0aa39d-5fb4-11e3-bbbf-d4bed946c7c7} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {fa0aa3a2-5fb4-11e3-bbbf-d4bed946c7c7} - G:\AutoRun.exe
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\MountPoints2: {fa0aa3c9-5fb4-11e3-bbbf-d4bed946c7c7} - G:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
AppInit_DLLs: C:\ProgramData\Voyasollam\Phystone.dll => C:\ProgramData\Voyasollam\Phystone.dll [342528 2018-03-19] ()
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Truefax.dll => C:\ProgramData\Voyasollam\Truefax.dll [460800 2018-03-19] ()
ShellExecuteHooks: No Name - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [904704 2018-03-13] ()
Startup: C:\Users\inthi_ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-02-05]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131661697581329640&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxk4KosIJpuVKXvO95wSAqSWoUBcjSG3zAQLes2wEngqFwnFU-m_lq9ziHxAGJan4yuqpYwswI90E8isoJUvFQsJcyZZPCaPMpvsq688Dp06oAtFtdneIdAglqb_aF9eucuCpNuqxTo2rTM06DshRDzlwl22nEGXOkwjBWjc,&q={searchTerms}
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131661697582109642&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {BEC6D337-3162-4F0A-8717-7A6A3A870CB0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxk4KosIJpuVKXvO95wSAqSWoUBcjSG3zAQLes2wEngqFwnFU-m_lq9ziHxAGJan4yuqpYwswI90E8isoJUvFQsJcyZZPCaPMpvsq688Dp06oAtFtdneIdAglqb_aF9eucuCpNuqxTo2rTM06DshRDzlwl22nEGXOkwjBWjc,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://search.appsarefun.info/?l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BEC6D337-3162-4F0A-8717-7A6A3A870CB0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> DefaultScope {716F5D5B-E156-4B67-A0D0-5A14543C1576} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&affID=115131&tt=4112_4&babsrc=SP_iclro&mntrId=10f77179000000000000000000000000
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {716F5D5B-E156-4B67-A0D0-5A14543C1576} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {BEC6D337-3162-4F0A-8717-7A6A3A870CB0} URL = 
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6OzeZ6HtQa&loc=skw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxk4KosIJpuVKXvO95wSAqSWoUBcjSG3zAQLes2wEngqFwnFU-m_lq9ziHxAGJan4yuqpYwswI90E8isoJUvFQsJcyZZPCaPMpvsq688Dp06oAtFtdneIdAglqb_aF9eucuCpNuqxTo2rTM06DshRDzlwl22nEGXOkwjBWjc,&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-26] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-07-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2018-03-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-26] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-07-01] (Google Inc.)
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-helper.dll [2017-11-29] (pdfforge GmbH)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2018-03-19] (Oracle Corporation)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{48586425-6bb7-4f51-8dc6-38c88e3ebb58} -  No File
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-07-01] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM-x32 - No Name - {F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{48586425-6bb7-4f51-8dc6-38c88e3ebb58} -  No File
Toolbar: HKLM-x32 - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-07-01] (Google Inc.)
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-plugin.dll [2017-11-29] (pdfforge GmbH)
 
FireFox:
========
FF ProfilePath: C:\Users\inthi_ar\AppData\Roaming\Mozilla\Firefox\Profiles\pvmu2tsf.default [2018-03-25]
FF Homepage: Mozilla\Firefox\Profiles\pvmu2tsf.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-in
hxxp://mystart.incredibar.com/?a=6OzeZ6HtQa&i=26&did=10963&loc=skw
hxxps://in.search.yahoo.com/?type=523482&fr=spigot-yhp-ff
FF Extension: (No Name) - C:\Users\inthi_ar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2014-10-24] [not signed]
FF SearchPlugin: C:\Users\inthi_ar\AppData\Roaming\Mozilla\Firefox\Profiles\pvmu2tsf.default\searchplugins\my-web-search.xml [2012-10-20]
FF SearchPlugin: C:\Users\inthi_ar\AppData\Roaming\Mozilla\Firefox\Profiles\pvmu2tsf.default\searchplugins\MyStart Search.xml [2018-03-19]
FF SearchPlugin: C:\Users\inthi_ar\AppData\Roaming\Mozilla\Firefox\Profiles\pvmu2tsf.default\searchplugins\Search_Results.xml [2012-10-12]
FF SearchPlugin: C:\Users\inthi_ar\AppData\Roaming\Mozilla\Firefox\Profiles\pvmu2tsf.default\searchplugins\Web Search.xml [2012-10-26]
FF SearchPlugin: C:\Users\inthi_ar\AppData\Roaming\Mozilla\Firefox\Profiles\pvmu2tsf.default\searchplugins\WebSearch.xml [2012-10-19]
FF SearchPlugin: C:\Users\inthi_ar\AppData\Roaming\Mozilla\Firefox\Profiles\pvmu2tsf.default\searchplugins\yahoo_ff.xml [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin: PDF Architect 5 -> C:\Program Files\PDF Architect 5\np-previewer.dll [2017-11-29] (pdfforge GmbH)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2018-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2018-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1391002405-1756918991-1802597933-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\inthi_ar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxk4KosIJpuVKXvO95wSAqSWoUBcjSG3zAQLes2wEngqFwnFU-m_lq9ziHxAGJan4yuqpYwswI90E8isoPjRcEdmuuTkVfoJbRDxRdOale8ccHebsQEdFxFrAv7e1kxjCQFiO8SdFckl6wxJkwl9tkPdzAmxzBkAfbYs7pEg,
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/?a=6OzeZ6HtQa&i=26&did=10963&loc=skw","hxxps://in.search.yahoo.com/?type=523482&fr=yo-yhp-ch","hxxp://www.google.com/"
CHR Profile: C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default [2018-03-25]
CHR Extension: (Slides) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03]
CHR Extension: (YouTube) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-02]
CHR Extension: (Sheets) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Access Offline) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebaldoodbhacdkhomdflmjkhohclfcj [2018-03-19]
CHR Extension: (Google Docs Offline) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03]
CHR Extension: (Avast Online Security) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Gmail) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\inthi_ar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-18]
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\inthi_ar\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-10-13]
CHR HKLM-x32\...\Chrome\Extension: [enhljpgmfjednccepebhodcpbdbdpjch] - C:\Windows\SysWOW64\jmdp\nte.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\inthi_ar\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2013-09-30]
 
Opera: 
=======
OPR Extension: (__MSG_appName__) - C:\Users\inthi_ar\AppData\Roaming\Opera Software\Opera Stable\Extensions\kedpicenkkndemblkfpnngmcihdfhndn [2018-03-19]
OPR Extension: (Quick Searcher) - C:\Users\inthi_ar\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-19]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"arfjphxx" => service was unlocked. <==== ATTENTION
 
S2 1a52a45b386c1c8cbf6006368bda9c6c; C:\Windows\1a52a45b386c1c8cbf6006368bda9c6c.dll [1231360 2018-03-20] () [File not signed]
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-26] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-26] (Avast Software)
S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
S2 e2f9948092952c0f7fe8cd57908dc31e; C:\Program Files\e2f9948092952c0f7fe8cd57908dc31e\9e3134177f17146def4a79660ef4aa60.exe [653824 2018-03-19] () [File not signed] <==== ATTENTION
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [3039536 2015-01-05] ()
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2832560 2017-11-29] (pdfforge GmbH)
S2 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator\common\creator-ws.exe [874680 2017-11-29] (pdfforge GmbH)
S2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop193.exe [511800 2018-02-24] (PandaViewer)
S2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [405504 2012-04-28] () [File not signed]
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S2 VRLService; C:\Program Files\Chaos Group\VRLService\OLS/vrol.exe [6520832 2017-11-19] (Chaos Software Ltd.) [File not signed]
S2 vrswrm-service; C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\register-service.exe [90176 2017-11-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Windows; C:\Windows\Temp\svchost.exe [177152 2018-03-19] () [File not signed]
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare)
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare dr.fone\Library\DriverInstaller\DriverInstall.exe [120096 2018-01-16] (Wondershare)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 arfjphxx; C:\Windows\SysWOW64\arfjphxx\uoqnhdns.exe /d"C:\Users\inthi_ar\gfrnscmz.exe"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 03ff08374d9819346fe068dde6f33323; C:\Windows\system32\drivers\03ff08374d9819346fe068dde6f33323.sys [116320 2018-03-19] ()
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [101552 2017-08-19] (AVAST Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-26] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-26] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-26] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-26] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2017-08-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2017-08-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-26] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-26] (AVAST Software)
S3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 cmshusbser; C:\Windows\System32\DRIVERS\cmshusbser.sys [127232 2011-11-30] (QUALCOMM Incorporated)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-26] (AVAST Software)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2013-02-22] (Feitian Technologies Co., Ltd.)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-26] (Avast Software)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2011-12-25] (ZTEMT Incorporated)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-25 08:03 - 2018-03-25 08:03 - 000000000 ____D C:\FRST
2018-03-25 07:49 - 2018-03-25 08:03 - 000000000 ____D C:\Users\inthi_ar\Desktop\FRST
2018-03-25 07:46 - 2018-03-25 07:56 - 000003160 _____ C:\Windows\System32\Tasks\e2f9948092952c0f7fe8cd57908dc31e
2018-03-25 07:46 - 2018-03-25 07:46 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-03-25 07:41 - 2018-03-25 07:41 - 000283136 _____ C:\Windows\Minidump\032518-60887-01.dmp
2018-03-25 07:40 - 2018-03-25 08:04 - 001136738 _____ C:\Windows\ntbtlog.txt
2018-03-23 20:00 - 2018-03-23 20:00 - 000286568 _____ C:\Windows\Minidump\032318-72322-01.dmp
2018-03-22 17:53 - 2018-03-22 17:53 - 000286568 _____ C:\Windows\Minidump\032218-94115-01.dmp
2018-03-22 14:17 - 2017-08-19 14:22 - 000101552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-22 10:15 - 2018-03-22 10:15 - 000286568 _____ C:\Windows\Minidump\032218-78468-01.dmp
2018-03-21 20:39 - 2018-03-21 20:39 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsignc2e10d88ea709636
2018-03-21 19:11 - 2018-03-24 11:06 - 000002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-21 19:09 - 2018-03-21 19:09 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Deployment
2018-03-21 19:09 - 2018-03-21 19:09 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Apps\2.0
2018-03-21 16:53 - 2018-03-21 16:53 - 000003598 _____ C:\Windows\System32\Tasks\{C3296D75-D219-48C3-8F6F-5A5CBD188987}
2018-03-21 14:19 - 2018-03-21 14:19 - 000286568 _____ C:\Windows\Minidump\032118-80153-01.dmp
2018-03-21 11:06 - 2018-03-25 07:40 - 644923568 ____N C:\Windows\MEMORY.DMP
2018-03-21 11:06 - 2018-03-21 11:07 - 000286568 _____ C:\Windows\Minidump\032118-78499-01.dmp
2018-03-20 17:30 - 2018-03-23 15:32 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-20 17:30 - 2018-03-20 17:30 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-20 17:30 - 2018-03-20 17:30 - 000000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-20 17:30 - 2018-03-20 17:30 - 000000000 ____D C:\Program Files\CCleaner
2018-03-20 16:12 - 2018-03-22 11:17 - 000000000 ____D C:\AdwCleaner
2018-03-20 16:04 - 2018-03-20 16:04 - 000003060 _____ C:\Windows\System32\Tasks\{84F13866-4117-42D2-A94B-365AFFE119A8}
2018-03-20 15:31 - 2018-03-20 15:31 - 000001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-03-20 14:18 - 2018-03-20 14:18 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsignb9e2e40bd628989d
2018-03-20 13:49 - 2018-03-20 13:49 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign31adff778dbcf239
2018-03-20 13:39 - 2018-03-20 13:39 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign4fe9fc225c9ad311
2018-03-20 12:48 - 2018-03-20 12:48 - 000000000 __SHD C:\found.012
2018-03-20 12:33 - 2018-03-20 12:33 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsignfd3701599c3c8196
2018-03-20 11:28 - 2018-03-22 12:20 - 000000000 ____D C:\Program Files\e2f9948092952c0f7fe8cd57908dc31e
2018-03-19 16:40 - 2018-03-19 16:40 - 000116320 _____ C:\Windows\system32\Drivers\03ff08374d9819346fe068dde6f33323.sys
2018-03-19 16:19 - 2018-03-19 16:19 - 000000258 __RSH C:\Users\inthi_ar\ntuser.pol
2018-03-19 12:43 - 2018-03-19 12:43 - 000000000 _____ C:\Windows\SysWOW64\05A.dat
2018-03-19 12:18 - 2018-03-19 12:18 - 000153600 ___SH C:\Users\inthi_ar\Downloads\Thumbs.db
2018-03-19 12:00 - 2018-03-19 12:00 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
2018-03-19 11:59 - 2018-03-19 11:59 - 007594496 _____ C:\Users\inthi_ar\AppData\Local\agent.dat
2018-03-19 11:59 - 2018-03-19 11:59 - 001985878 _____ C:\Users\inthi_ar\AppData\Local\Geofresh.tst
2018-03-19 11:59 - 2018-03-19 11:59 - 001895381 _____ C:\Users\inthi_ar\AppData\Local\Triohold.bin
2018-03-19 11:59 - 2018-03-19 11:59 - 000278507 _____ C:\Users\inthi_ar\AppData\Local\Itcom.bin
2018-03-19 11:59 - 2018-03-19 11:59 - 000126464 _____ C:\Users\inthi_ar\AppData\Local\noah.dat
2018-03-19 11:59 - 2018-03-19 11:59 - 000070896 _____ C:\Users\inthi_ar\AppData\Local\Config.xml
2018-03-19 11:59 - 2018-03-19 11:59 - 000018432 _____ C:\Users\inthi_ar\AppData\Local\Main.dat
2018-03-19 11:59 - 2018-03-19 11:59 - 000005568 _____ C:\Users\inthi_ar\AppData\Local\md.xml
2018-03-19 11:59 - 2018-03-19 11:59 - 000000000 _____ C:\Windows\SysWOW64\__012EB80A__C0000005.dmp
2018-03-19 11:59 - 2018-03-19 11:55 - 001815552 _____ (TODO: <Company name>) C:\Users\inthi_ar\AppData\Local\Geofresh.exe
2018-03-19 11:58 - 2018-03-20 15:14 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-03-19 11:57 - 2018-03-20 11:28 - 001231360 _____ C:\Windows\1a52a45b386c1c8cbf6006368bda9c6c.dll
2018-03-19 11:57 - 2018-03-19 18:51 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\5cb5087afcaf4cae9cdd36022a717126
2018-03-19 11:56 - 2018-03-19 11:56 - 000004544 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KM
2018-03-19 11:56 - 2018-03-19 11:56 - 000004416 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_HU
2018-03-19 11:56 - 2018-03-19 11:56 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\tcf0kfbnpb1
2018-03-19 11:56 - 2018-03-19 11:56 - 000000000 ____D C:\Program Files\My Program
2018-03-19 11:56 - 2018-03-13 06:19 - 000904704 _____ C:\Windows\system32\mcicda64.dll
2018-03-19 11:55 - 2018-03-21 16:54 - 000930816 _____ C:\Users\inthi_ar\AppData\Local\po.db
2018-03-19 11:55 - 2018-03-19 22:16 - 000000000 ____D C:\Program Files (x86)\texttotalk
2018-03-19 11:55 - 2018-03-19 11:58 - 000016080 _____ C:\Users\inthi_ar\AppData\Local\InstallationConfiguration.xml
2018-03-19 11:55 - 2018-03-19 11:55 - 000140800 _____ C:\Users\inthi_ar\AppData\Local\installer.dat
2018-03-19 11:55 - 2018-03-19 11:55 - 000004516 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_JJ
2018-03-19 11:55 - 2018-03-19 11:55 - 000004508 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_LE
2018-03-19 11:55 - 2018-03-19 11:55 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\SystemHealer
2018-03-19 11:55 - 2018-03-19 11:55 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\7432c93e699f49a6999f84affe78eccd
2018-03-19 11:55 - 2018-03-19 11:55 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\83e8bb79d2f04ee8b6934d5b7791273d
2018-03-19 11:54 - 2018-03-19 11:54 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\2c43gsu00g0
2018-03-19 11:53 - 2018-03-19 11:53 - 000003662 _____ C:\Windows\System32\Tasks\{4A7582BF-51F3-4EAE-8FA1-ADFEF50D8A9D}
2018-03-19 11:53 - 2018-03-19 11:53 - 000003458 _____ C:\Windows\System32\Tasks\{CC7920E4-6DD8-4AE7-95F1-175700AAD069}
2018-03-19 11:53 - 2018-03-19 11:53 - 000000003 _____ C:\Users\inthi_ar\AppData\Local\wbem.ini
2018-03-19 11:53 - 2018-03-19 11:53 - 000000000 ____D C:\Windows\SysWOW64\arfjphxx
2018-03-19 11:53 - 2018-03-19 11:53 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\30j0dogo4pm
2018-03-19 11:52 - 2018-03-19 11:52 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\FastDataX
2018-03-19 11:45 - 2018-03-19 21:02 - 000000061 _____ C:\Users\inthi_ar\Documents\TallyODBC_9000.dsn
2018-03-19 11:33 - 2018-03-19 11:33 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\com.engine.client.FxApplication
2018-03-19 11:32 - 2018-03-19 11:32 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\Sun
2018-03-19 11:31 - 2018-03-19 11:31 - 000000000 ____D C:\Users\inthi_ar\AppData\LocalLow\Sun
2018-03-19 11:31 - 2018-03-19 11:31 - 000000000 ____D C:\Users\inthi_ar\.oracle_jre_usage
2018-03-19 11:30 - 2018-03-19 11:29 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-03-19 11:28 - 2018-03-19 11:28 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-19 11:27 - 2018-03-19 11:59 - 000001505 _____ C:\Users\inthi_ar\AppData\Roaming\icr-20-jan
2018-03-19 11:27 - 2018-03-19 11:27 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\system32
2018-03-19 11:27 - 2018-03-19 11:27 - 000000000 ____D C:\Users\inthi_ar\AppData\LocalLow\Oracle
2018-03-19 11:26 - 2016-07-19 10:54 - 000936960 ___SH (AutoIt Team) C:\Users\inthi_ar\AppData\Roaming\VGPcHgSDPJTOTGOQOZNED.cmd
2018-03-19 11:26 - 2016-07-19 10:54 - 000463376 ___SH C:\Users\inthi_ar\AppData\Roaming\eNRDaJTAdMIR
2018-03-19 11:26 - 2016-07-19 10:54 - 000036377 ___SH C:\Users\inthi_ar\AppData\Roaming\ieVHPfYEOGMgTRVPFXc
2018-03-19 11:26 - 2012-01-20 14:16 - 014725120 _____ (Macrovision Corporation) C:\Users\inthi_ar\AppData\Roaming\setup.exe
2018-03-19 11:20 - 2018-03-19 11:20 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\SHAREit Technologies
2018-03-19 11:19 - 2018-03-19 11:23 - 000001172 _____ C:\Users\Public\Desktop\SHAREit.lnk
2018-03-19 11:19 - 2018-03-19 11:19 - 000000000 ____D C:\Program Files (x86)\SHAREit Technologies
2018-03-19 09:21 - 2018-03-19 09:21 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign21d71ea886b96379
2018-03-17 19:18 - 2018-03-17 19:18 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsignf2e12d686432c786
2018-03-16 20:39 - 2018-03-16 20:39 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign91e45c6a559e3dba
2018-03-12 10:37 - 2018-03-12 10:37 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign4acc460ae1ad1a63
2018-03-11 14:01 - 2018-03-11 14:01 - 000003514 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-inthi_ar-PC-inthi_ar
2018-03-11 13:37 - 2018-03-11 13:37 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsignca058f609cb025ab
2018-03-10 16:07 - 2018-03-10 16:07 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsignbc0921b920e522d3
2018-03-10 06:52 - 2018-03-21 19:23 - 000000000 ____D C:\Users\inthi_ar\AppData\LocalLow\BitTorrent
2018-03-07 06:23 - 2018-03-07 06:23 - 000019453 _____ C:\Users\inthi_ar\Documents\INTHI_AR-PC_inthi_ar_2018_ 3_ 7.csv
2018-03-06 11:04 - 2018-03-06 11:04 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign5786397ac5b1b057
2018-02-28 11:23 - 2018-02-28 11:23 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign2e3a220c9350b815
2018-02-26 12:29 - 2018-02-26 12:29 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Tempzxpsign08b54107703b25e9
2018-02-24 16:14 - 2018-02-24 16:14 - 000000000 ____D C:\Users\inthi_ar\.android
2018-02-24 16:10 - 2018-02-24 16:14 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\Wondershare
2018-02-24 16:08 - 2017-09-27 17:29 - 000000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2018-02-24 16:06 - 2018-02-24 16:06 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-02-24 16:06 - 2017-08-08 09:25 - 000206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2018-02-24 16:06 - 2017-08-08 09:25 - 000110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2018-02-24 15:59 - 2018-02-24 16:03 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\GetRightToGo
2018-02-24 11:52 - 2018-02-24 11:52 - 000001175 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-25 07:57 - 2012-09-21 20:37 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-03-25 07:56 - 2012-09-26 21:16 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\SoftThinks
2018-03-25 07:55 - 2012-10-19 19:05 - 000000418 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{E0A4C7D9-8FCC-4F19-8AC5-E73B9C3FED50}.job
2018-03-25 07:55 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-25 07:49 - 2018-01-13 10:19 - 000004178 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-25 07:41 - 2012-10-29 09:29 - 000000000 ____D C:\Windows\Minidump
2018-03-25 07:39 - 2014-06-26 23:35 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf916931df6cae.job
2018-03-25 06:47 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2018-03-25 06:42 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-03-25 06:41 - 2009-07-14 10:15 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-25 06:41 - 2009-07-14 10:15 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-25 06:34 - 2014-08-15 04:33 - 000000000 ____D C:\Users\inthi_ar\AppData\Local\Adobe
2018-03-24 21:31 - 2012-09-28 12:08 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\vlc
2018-03-24 11:18 - 2013-03-02 15:58 - 000000000 ____D C:\pdf995
2018-03-24 11:17 - 2013-12-02 10:50 - 000000000 ____D C:\Program Files\PDFCreator
2018-03-24 10:50 - 2018-01-13 10:20 - 000000000 ___RD C:\Users\inthi_ar\Creative Cloud Files
2018-03-22 13:27 - 2012-09-26 21:18 - 000001080 _____ C:\Users\inthi_ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-22 11:52 - 2017-11-13 08:53 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-22 11:51 - 2013-06-01 10:04 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-21 23:07 - 2017-08-20 01:23 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\BitTorrent
2018-03-21 21:51 - 2012-09-30 05:56 - 000000000 ___HD C:\Users\inthi_ar\Documents\My Received Files
2018-03-21 19:10 - 2012-09-27 12:19 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-21 19:09 - 2015-02-04 19:05 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0407f7b60f9c3
2018-03-21 19:09 - 2012-12-27 11:56 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-20 17:53 - 2015-01-24 16:35 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\TeamViewer
2018-03-20 17:53 - 2015-01-24 16:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-20 17:53 - 2013-09-08 18:03 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\IDM
2018-03-20 17:50 - 2014-06-05 21:31 - 000000000 ___DC C:\Users\inthi_ar\AppData\Local\MigWiz
2018-03-20 17:50 - 2011-02-10 19:32 - 000000000 ____D C:\Windows\panther
2018-03-20 17:50 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\ModemLogs
2018-03-19 18:21 - 2017-09-15 09:23 - 000000000 ____D C:\Users\inthi_ar\AppData\LocalLow\Mozilla
2018-03-19 16:19 - 2012-09-26 21:16 - 000000000 ____D C:\Users\inthi_ar
2018-03-19 12:32 - 2012-09-21 20:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-19 11:58 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\GroupPolicy
2018-03-19 11:54 - 2013-02-14 22:21 - 000000000 ____D C:\Program Files\MBlaze UI
2018-03-17 15:18 - 2013-04-29 09:15 - 005236880 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-17 12:18 - 2014-08-15 04:33 - 000167072 _____ C:\Users\inthi_ar\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-16 12:02 - 2018-01-26 23:35 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\AVS4YOU
2018-03-11 14:01 - 2014-10-24 18:44 - 000000000 ____D C:\Users\inthi_ar\AppData\Roaming\Adobe
2018-03-11 14:00 - 2018-01-08 12:07 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-03-11 13:59 - 2012-09-27 15:33 - 000000000 ____D C:\Program Files\Adobe
2018-03-05 12:46 - 2018-02-10 19:24 - 000000000 ____D C:\Users\inthi_ar\Documents\PDF Architect
2018-02-24 11:52 - 2012-09-21 20:55 - 000000000 ____D C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2012-12-08 13:04 - 2012-12-08 13:04 - 000000132 _____ () C:\Users\inthi_ar\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2014-11-05 11:59 - 2014-11-05 11:59 - 000000132 _____ () C:\Users\inthi_ar\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-09-21 10:32 - 2015-09-21 10:32 - 000000132 _____ () C:\Users\inthi_ar\AppData\Roaming\Adobe OpenEXR Format CS6 Prefs
2013-03-16 16:58 - 2017-12-18 14:07 - 000000132 _____ () C:\Users\inthi_ar\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-03-19 11:26 - 2016-07-19 10:54 - 000463376 ___SH () C:\Users\inthi_ar\AppData\Roaming\eNRDaJTAdMIR
2018-03-19 11:27 - 2018-03-19 11:59 - 000001505 _____ () C:\Users\inthi_ar\AppData\Roaming\icr-20-jan
2018-03-19 11:26 - 2016-07-19 10:54 - 000036377 ___SH () C:\Users\inthi_ar\AppData\Roaming\ieVHPfYEOGMgTRVPFXc
1623-04-04 12:34 - 1623-04-04 12:34 - 000073216 ____N (Microsoft Corporation) C:\Users\inthi_ar\AppData\Roaming\iNOkU.exe
2018-03-19 11:26 - 2012-01-20 14:16 - 014725120 _____ (Macrovision Corporation) C:\Users\inthi_ar\AppData\Roaming\setup.exe
2018-03-19 11:26 - 2016-07-19 10:54 - 000936960 ___SH (AutoIt Team) C:\Users\inthi_ar\AppData\Roaming\VGPcHgSDPJTOTGOQOZNED.cmd
2014-11-05 12:02 - 2018-01-27 11:05 - 000001456 _____ () C:\Users\inthi_ar\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-03-19 11:59 - 2018-03-19 11:59 - 007594496 _____ () C:\Users\inthi_ar\AppData\Local\agent.dat
2017-10-30 03:06 - 2017-10-30 03:06 - 000000000 ____H () C:\Users\inthi_ar\AppData\Local\BITD07F.tmp
2018-03-19 11:59 - 2018-03-19 11:59 - 000070896 _____ () C:\Users\inthi_ar\AppData\Local\Config.xml
2012-10-02 11:19 - 2015-08-03 14:38 - 000010240 _____ () C:\Users\inthi_ar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
1623-04-04 12:34 - 1623-04-04 12:34 - 000186368 ____N (Microsoft Corporation) C:\Users\inthi_ar\AppData\Local\EEEuoYeJ.exe
2018-03-19 11:59 - 2018-03-19 11:55 - 001815552 _____ (TODO: <Company name>) C:\Users\inthi_ar\AppData\Local\Geofresh.exe
2018-03-19 11:59 - 2018-03-19 11:59 - 001985878 _____ () C:\Users\inthi_ar\AppData\Local\Geofresh.tst
2018-03-19 11:55 - 2018-03-19 11:58 - 000016080 _____ () C:\Users\inthi_ar\AppData\Local\InstallationConfiguration.xml
2018-03-19 11:55 - 2018-03-19 11:55 - 000140800 _____ () C:\Users\inthi_ar\AppData\Local\installer.dat
2018-03-19 11:59 - 2018-03-19 11:59 - 000278507 _____ () C:\Users\inthi_ar\AppData\Local\Itcom.bin
2018-03-19 11:59 - 2018-03-19 11:59 - 000018432 _____ () C:\Users\inthi_ar\AppData\Local\Main.dat
2018-03-19 11:59 - 2018-03-19 11:59 - 000005568 _____ () C:\Users\inthi_ar\AppData\Local\md.xml
2018-03-19 11:59 - 2018-03-19 11:59 - 000126464 _____ () C:\Users\inthi_ar\AppData\Local\noah.dat
2018-03-19 11:55 - 2018-03-21 16:54 - 000930816 _____ () C:\Users\inthi_ar\AppData\Local\po.db
2018-03-19 11:59 - 2018-03-19 11:59 - 001895381 _____ () C:\Users\inthi_ar\AppData\Local\Triohold.bin
2018-03-19 12:00 - 2018-03-19 12:00 - 000032038 _____ () C:\Users\inthi_ar\AppData\Local\uninstall_temp.ico
2018-03-19 11:53 - 2018-03-19 11:53 - 000000003 _____ () C:\Users\inthi_ar\AppData\Local\wbem.ini
2017-06-10 06:23 - 2017-06-10 06:23 - 000000000 _____ () C:\Users\inthi_ar\AppData\Local\{524C56BE-2C57-4557-84B4-ADB365F6AA89}
2017-10-30 03:06 - 2017-10-30 03:06 - 000000000 _____ () C:\Users\inthi_ar\AppData\Local\{575C1062-FFBA-43E1-A5FC-F097C33584A6}
2017-11-02 03:21 - 2017-11-02 03:21 - 000000000 _____ () C:\Users\inthi_ar\AppData\Local\{CDDD33EE-04D9-4015-84F2-639C3BB14A9D}
2017-09-28 03:26 - 2017-09-28 03:26 - 000000000 _____ () C:\Users\inthi_ar\AppData\Local\{FAD95603-34C6-4041-8273-74BFB13E960C}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-21 18:42
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by inthi_ar (25-03-2018 08:04:55)
Running from C:\Users\inthi_ar\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-26 15:46:42)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1391002405-1756918991-1802597933-500 - Administrator - Disabled)
Guest (S-1-5-21-1391002405-1756918991-1802597933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1391002405-1756918991-1802597933-1003 - Limited - Enabled)
inthi_ar (S-1-5-21-1391002405-1756918991-1802597933-1000 - Administrator - Enabled) => C:\Users\inthi_ar
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe InDesign CC 2018 (HKLM-x32\...\IDSN_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Adobe Photoshop (HKLM\...\{9B08B2EC-C82E-4D24-A3E0-57646E2CE480}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Catalyst Install Manager (HKLM\...\{D219E54B-AC0F-E3E8-AA62-DF563A20696E}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Android Handset USB Driver 1.0 (HKLM-x32\...\USB Driver_is1) (Version:  - )
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0409-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (HKLM\...\{5783F2D7-E001-0409-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.27.1100 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Design Review 2012 (HKLM-x32\...\{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}) (Version: 12.0.0.93 - Autodesk, Inc.) Hidden
Autodesk Design Review 2012 (HKLM-x32\...\Autodesk Design Review 2012) (Version: 12.0.0.93 - Autodesk, Inc.)
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2223 - AVAST Software)
AVS Video Converter 10.0.4 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 10.0.4.616 - Online Media Technologies Ltd.)
BitTorrent (HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\BitTorrent) (Version: 7.10.3.44359 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.29.0 - Conexant)
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{79899C6B-E315-4A3F-8904-02DEAB8D660D}) (Version: 16.0.707 - Corel Corporation) Hidden
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2326.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Touchpad (HKLM\...\Elantech) (Version: 10.3.2.2 - ELAN Microelectronic Corp.)
Dell VideoStage  (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth (HKLM-x32\...\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}) (Version: 4.3.7204.836 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IB Updater Service (HKLM-x32\...\WNLT) (Version: 5.1.5.4 - ) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LameACM (HKLM-x32\...\LameACM) (Version:  - )
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2013 - தமிழ் (HKLM-x32\...\{95150000-00FF-0449-0000-0000000FF1CE}) (Version: 15.0.4505.1001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
PDF Architect 5 (HKLM-x32\...\PDF Architect 5) (Version: 5.1.28.36004 - pdfforge GmbH)
PDF Architect 5 Asian Fonts Pack (HKLM\...\{80D1BF82-F548-46CD-8C75-69E6B89C7888}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Convert Module (HKLM\...\{E312869A-99FA-4ECD-99CC-C2CE8862BE5A}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Create Module (HKLM\...\{E6BB3749-AC9F-4BDE-84D9-1E22EF689573}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{CC1439A7-3054-4C5F-AF60-7F770DAD7793}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Insert Module (HKLM\...\{E8E26E37-51C0-47DE-82A3-1AA780E20021}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 OCR Module (HKLM\...\{28C77B43-6489-4ACB-9417-2A4185F61F9A}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Review Module (HKLM\...\{9BF6FE81-93F8-4B70-8860-A4E3C503C6A5}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Secure Module (HKLM\...\{8BEF40F1-C393-49F9-A847-AB696B8F4EF8}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{23AFD2CD-3930-451E-A27C-07A9457CE07F}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PowerXpressHybrid (HKLM-x32\...\{51FDC2DE-0917-46B7-EAEC-5377504701DE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (HKLM-x32\...\{D0EDFF5D-95EF-BA19-AE58-661628E6DDB9}) (Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39019 - Realtek Semiconductor Corp.)
Revit Architecture 2012 Language Pack - English (HKLM\...\{7346B4A0-1200-0111-0409-705C0D862004}) (Version: 11.03.09231 - Autodesk) Hidden
Settings Manager (HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\Settings Manager) (Version: 22.3.0.1 - Spigot, Inc.) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
V-Ray for SketchUp (HKLM\...\V-Ray for SketchUp) (Version: 3.60.01 - Chaos Software Ltd)
V-Ray Online License Server (HKLM\...\V-Ray Online License Server) (Version: 4.4.1 - Chaos Software Ltd)
V-Ray Swarm (HKLM\...\V-Ray Swarm) (Version: 1.4.1 - Chaos Software Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip Packages (HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\...\WinZip Packages) (Version:  - ) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1391002405-1756918991-1802597933-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-26] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [{BFD98515-CD74-48A4-98E2-13D209E3EE4F}] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Windows\system32\mcicda64.dll [2018-03-13] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-02-07] (Autodesk)
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll [2011-02-10] (Autodesk, Inc.)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-26] (AVAST Software)
ContextMenuHandlers1-x32: [PDFArchitect5_ManagerExt] -> {00B7B69F-6774-4906-9C7F-7D117A3644A9} => C:\Program Files\PDF Architect 5\context-menu.dll [2017-11-29] (pdfforge GmbH)
ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2017-12-18] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-26] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-03-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-26] (AVAST Software)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {036E093D-1ACB-45DE-805F-96ECA3A69FE5} - System32\Tasks\GoogleUpdateSecurityTaskMachine_KM => C:\Users\inthi_ar\AppData\Local\Temp\76be053550ba42599422cacb05355729\HandlerExecution.exe <==== ATTENTION
Task: {0DE51200-28C1-4095-B6D4-E5078C13A53D} - System32\Tasks\{4A7582BF-51F3-4EAE-8FA1-ADFEF50D8A9D} => C:\Users\inthi_ar\AppData\Roaming\iNOkU.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {11C93C7D-5392-4669-9A25-2F7DF93E6138} - System32\Tasks\{84F13866-4117-42D2-A94B-365AFFE119A8} => C:\Windows\system32\pcalua.exe -a C:\Tally.ERP9\uninstall.exe
Task: {12D44F14-16E3-496C-B14B-78C28E4C1F65} - System32\Tasks\GoogleUpdateSecurityTaskMachine_JJ => C:\Users\inthi_ar\AppData\Roaming\7432c93e699f49a6999f84affe78eccd\HandlerExecution.exe [2018-03-19] () <==== ATTENTION
Task: {20B0EA95-DC86-4250-8795-3B3B58064EEC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1391002405-1756918991-1802597933-1000UA => C:\Users\inthi_ar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-30] (Facebook Inc.)
Task: {29C2F7C9-73D2-4CE4-99DD-A0D4C60209A8} - System32\Tasks\Opera scheduled Autoupdate 1512364196 => C:\Users\inthi_ar\AppData\Local\Programs\Opera\launcher.exe
Task: {2C6EE04F-7862-4FB7-947D-8B3BBEFAB269} - System32\Tasks\{D8DB661D-5308-4003-B599-629FF368361C} => C:\Windows\system32\pcalua.exe -a E:\AutoCAD_2012_English_Win_32bit.exe -d E:\
Task: {35948E07-DA2B-4C5D-91C0-429CB81EF0B8} - System32\Tasks\{67CF2B01-644F-40EF-B8D7-32C9ECCA89B4} => C:\Windows\system32\pcalua.exe -a C:\Downloads\DellWebcamSW.exe -d C:\Downloads
Task: {3E86ECC2-5E03-4D68-B086-90F4466C1F2A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1391002405-1756918991-1802597933-1000Core => C:\Users\inthi_ar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-30] (Facebook Inc.)
Task: {46B2FEDA-BEB5-4A64-9485-078D03BFE8D5} - System32\Tasks\GoogleUpdateTaskMachineUA1cf916931df6cae => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4B837C26-297B-4FD5-BC63-6B2B9A15A7C9} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {4C6135F3-DBDB-4334-A6B7-377208FBC1FD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {4C6135F3-DBDB-4334-A6B7-377208FBC1FD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {53ED89C1-D77F-4D98-A3DC-50698A13FB77} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-07] (Piriform Ltd)
Task: {592E0312-D29F-4A11-A532-F4FF4298A221} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2018-01-13] (AVAST Software)
Task: {6A10D329-7DBC-4F72-933C-90F2940EF447} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {6A10D329-7DBC-4F72-933C-90F2940EF447} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {8680ECBC-8DF7-4B79-8413-5EC412E19B8E} - System32\Tasks\{CC7920E4-6DD8-4AE7-95F1-175700AAD069} => C:\Windows\SysWOW64\aaIiIuRIEEc.exe [1623-04-04] (Microsoft Corporation)
Task: {888EBC2D-2615-487C-A3A8-A594C303DB86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {90C6ED89-9C81-442E-BA74-117E649A4342} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {9A175340-6BE2-4C97-94CF-EFF61DF0814D} - System32\Tasks\AdobeAAMUpdater-1.0-inthi_ar-PC-inthi_ar => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {B9FD0868-C422-4875-9871-9B4808F538F7} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HU => C:\ProgramData\da8a030ad0654ac192628888bf07233f\HandlerExecution.exe [2018-03-19] () <==== ATTENTION
Task: {C609C329-A192-4B40-B7DF-47B91A418009} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-07] (Piriform Ltd)
Task: {D764170B-999F-4999-83D7-A294E98835C4} - System32\Tasks\{FF0D713A-61A9-4C8D-A9CF-FA2D7EAC8490} => C:\Windows\system32\pcalua.exe -a "D:\Autodesk AutoCAD 2015 [64bit] Pre-Release Incl Keygen- X-FORCE- [MUMBAI-TPB]\[Setup]AutoCAD_2015_English_Win_64bit_dlm.sfx.exe" -d "D:\Autodesk AutoCAD 2015 [64bit] Pre-Release Incl Keygen- X-FORCE- [MUMBAI-TPB]"
Task: {E01981E4-5CA2-4F3E-859F-E3A51B25385D} - System32\Tasks\OptimizerPro1UpdaterTask{E0A4C7D9-8FCC-4F19-8AC5-E73B9C3FED50} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
Task: {E27AA8B9-87A1-4AE4-84F9-BCEF41022265} - System32\Tasks\GoogleUpdateSecurityTaskMachine_LE => C:\Users\inthi_ar\AppData\Local\83e8bb79d2f04ee8b6934d5b7791273d\HandlerExecution.exe [2018-03-19] () <==== ATTENTION
Task: {E4E21718-E8A7-437D-ACEB-CD78D40DC08D} - System32\Tasks\{C3296D75-D219-48C3-8F6F-5A5CBD188987} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Trust-Soft\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Trust-Soft\uninstall.dat" -a uninstallme 0F3C0632-91EC-4A32-8F10-39E18E066E2D DeviceId=de0eb536-6ff2-6c02-b2f6-3317cabfea61 BarcodeId=51557004 ChannelId=4 DistributerName=APSFWemonetize
Task: {E76D52DD-C6FE-4238-ABF0-76815229C7C1} - System32\Tasks\AdobeGCInvoker-1.0-inthi_ar-PC-inthi_ar => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {EBC024C5-2478-4F72-A60F-B220AEB9BED8} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION
Task: {F2828BFA-66F7-4AEF-9906-E3D2C881BB86} - System32\Tasks\GoogleUpdateTaskMachineUA1d0407f7b60f9c3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F9021B6A-C60C-404B-82A7-7C0C303A0876} - System32\Tasks\e2f9948092952c0f7fe8cd57908dc31e => sc start e2f9948092952c0f7fe8cd57908dc31e <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf916931df6cae.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{E0A4C7D9-8FCC-4F19-8AC5-E73B9C3FED50}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\inthi_ar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\inthi_ar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\inthi_ar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-02-10 01:12 - 2018-02-10 01:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2018-03-19 11:54 - 000001710 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 asedownloadgate.com
127.0.0.1 ladomainadeserver.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 www.wizzmonetize.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1391002405-1756918991-1802597933-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\inthi_ar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{62F3B341-0C24-4154-A939-E04FEF465B24}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CD9AE095-2EE8-42F7-8F5F-F960B24D2E42}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{EC61E64E-FFB6-43EB-A176-FA6BED5BCABC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6C43D7DD-7591-45C4-B1B4-C2DBEB099F8B}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{8BD08CE6-97FD-4825-BF57-22B667FBC25D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DB8251BB-67EA-4ECB-8B86-3F1D6A768183}] => (Allow) LPort=2869
FirewallRules: [{3BB1DA43-1D7C-45E5-81E9-647B9E0606D6}] => (Allow) LPort=1900
FirewallRules: [{46D8F8AE-3B12-4F47-980D-3AE58388678F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{044DBA9A-DA5B-438E-B343-5C0C5B15A63C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{FF1D7D5E-10CF-4B83-925A-C564F178F271}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Block) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [UDP Query User{F252979F-5131-47F7-B9D1-D3A4CF89E14A}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Block) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [{93676035-2CF0-436A-BFCE-D8D68C572500}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{B28D5ACA-DA0E-4E10-B06B-FE22BE843899}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{5E254B91-788E-4AB6-8D46-AEFE674158B4}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{9B85FE03-537B-4BD7-9E4E-DAA0CE413220}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{9D582F6B-BEE7-494C-A644-3352A8F3C2A7}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{E936164C-7E7B-4005-99AA-4F6ECE841161}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{65118E1D-2068-44F8-A3F4-611003D85876}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{278216DE-8AB3-45DF-BA6A-983BDE65D543}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{2032C1EF-0F0B-48F0-97CB-AF8F33386399}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{3B20E604-6531-4843-AF32-CB6AF014658B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{6A99B5B4-94FF-4F8C-B260-ABC85DC17210}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{B64CA873-4D42-4E4F-8761-D2C5449FA9D3}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{480EE5B2-8C34-488D-AD03-30E973206A84}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{ABAC2729-2B75-4F8C-BA4A-4B533354041E}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{A6E092E4-19E2-41A8-8060-9331B457425E}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{5E310AD7-6780-4559-8104-7408CF4E3289}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{29B45DC6-17B9-4AF4-8D0D-80797BC713AF}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{2858F78F-FB50-41F8-AAD8-0AAD05C93D35}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{CD43A406-0747-4D56-A7C9-AE3EE083E655}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{D4622A90-2C8A-48B4-9D9F-C5ACB2A5596B}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{FB2B154D-3753-46E1-B105-8D76CDBD4884}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{BE199B32-7D81-4454-8F5E-EEAAF0FF985B}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{1AED479D-2FB6-4345-B5F9-A7C954C1ACAA}] => (Allow) LPort=7000
FirewallRules: [{9D72D3EE-A4B8-4ACA-BE5D-567CED89E2BD}] => (Allow) LPort=7000
FirewallRules: [{87D48770-6E13-4CA4-8B40-EA3D3C668865}] => (Allow) C:\Users\inthi_ar\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{895AEEBB-3A5A-494B-8391-5E853348D12F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D905F79F-E244-42DC-93B5-747CD2D4D6C2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{540481B9-C04D-4F9F-A85A-037EEBDD385B}] => (Allow) LPort=50248
FirewallRules: [{A3BFD4DD-686E-41A8-8EEA-8728A826D45D}] => (Allow) C:\Users\inthi_ar\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9CDC62BB-C6CD-405B-B828-172A4335E9C6}] => (Allow) C:\Users\inthi_ar\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{20D6EC21-7BE7-494D-948E-582C482034B8}] => (Allow) C:\Users\inthi_ar\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BEF2493D-F9B7-49BF-9B5B-9629E24E6FC0}] => (Allow) C:\Users\inthi_ar\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{257D7E7C-96B4-4CA7-AB67-D469C3AD51E8}] => (Allow) C:\Users\inthi_ar\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B40D4459-2C6B-4DA8-9445-797B894E0528}] => (Allow) C:\Users\inthi_ar\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A29A0ABF-8400-490C-A583-5C72FBC9B9F1}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [{98CD778C-E40F-40FF-B3BA-0BB535A4561D}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [{22373A3E-0AB1-4053-9859-46E51F2EA30A}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
FirewallRules: [{1BAF8766-3339-4151-82EC-9D43127BE163}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
FirewallRules: [{2F87F3C1-F194-4C14-A7FF-F3CDA44B2137}] => (Allow) LPort=20208
FirewallRules: [{4ADC985B-A61A-4109-981A-0EFD0480F722}] => (Allow) LPort=20208
FirewallRules: [{7B3C588F-E392-4BC2-9371-044CBECFAC32}] => (Allow) C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\swrm.exe
FirewallRules: [{7F4FB366-A8AF-456D-862B-EEA0D253E2B4}] => (Allow) C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\swrm.exe
FirewallRules: [TCP Query User{93D87521-66E3-488A-AEE1-C1311D35A964}C:\program files\sketchup\sketchup 2017\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2017\sketchup.exe
FirewallRules: [UDP Query User{902BF393-B2CB-4B23-960B-4DDD987945F0}C:\program files\sketchup\sketchup 2017\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2017\sketchup.exe
FirewallRules: [TCP Query User{8A904989-0742-477D-821D-85EAEE37855B}C:\program files\sketchup\sketchup 2017\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2017\sketchup.exe
FirewallRules: [UDP Query User{A3A28690-E8FE-47E5-AF4D-E3F8004D372C}C:\program files\sketchup\sketchup 2017\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2017\sketchup.exe
FirewallRules: [TCP Query User{25AB0BF0-240D-4563-B065-3689CF0DE8FA}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Allow) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [UDP Query User{86023703-42D4-47E6-9F83-5E94276C68CB}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Allow) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [{1D966819-49C1-4FA1-9CC7-4E5C89C936A2}] => (Allow) C:\Users\inthi_ar\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe
FirewallRules: [{0F9252EB-DE7A-41EB-B776-E3E73B51E29F}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{7116B75B-E992-4BC9-B3E8-36CE56358089}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{006DFB7E-000D-4755-B1BB-DBB8DCA379C3}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{A6A1454D-50DC-4F82-A190-90482EEAD33D}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{19AB4563-1205-42FD-B972-71BAF6113AD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Users\inthi_ar\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Users\inthi_ar\AppData\Local\Temp\x596d1qPK.exe] => Enabled:Windows Messanger
 
==================== Restore Points =========================
 
22-03-2018 10:34:12 Windows Update
22-03-2018 10:52:21 Windows Defender Checkpoint
24-03-2018 11:16:51 Removed PDFBinder
 
==================== Faulty Device Manager Devices =============
 
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: ELAN
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/25/2018 08:01:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/25/2018 07:58:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Faulting module name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Exception code: 0xc0000005
Fault offset: 0x000024fa
Faulting process id: 0x1ed4
Faulting application start time: 0x01d3c3e103fda412
Faulting application path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Faulting module path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Report Id: 41ac9053-2fd4-11e8-bb43-685d43faa0bd
 
Error: (03/25/2018 07:58:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Faulting module name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Exception code: 0xc0000005
Fault offset: 0x000024fa
Faulting process id: 0x1fb4
Faulting application start time: 0x01d3c3e10226c0fe
Faulting application path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Faulting module path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Report Id: 4050a9ad-2fd4-11e8-bb43-685d43faa0bd
 
Error: (03/25/2018 07:57:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/25/2018 07:55:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Faulting module name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Exception code: 0xc0000005
Fault offset: 0x000024fa
Faulting process id: 0x884
Faulting application start time: 0x01d3c3e08a41bd0e
Faulting application path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Faulting module path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Report Id: d575836f-2fd3-11e8-bb43-685d43faa0bd
 
Error: (03/25/2018 07:51:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Faulting module name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Exception code: 0xc0000005
Fault offset: 0x000024fa
Faulting process id: 0x79c
Faulting application start time: 0x01d3c3dffa227959
Faulting application path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Faulting module path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Report Id: 43553791-2fd3-11e8-8b3c-685d43faa0bd
 
Error: (03/25/2018 07:49:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Faulting module name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Exception code: 0xc0000005
Fault offset: 0x000024fa
Faulting process id: 0x1b0c
Faulting application start time: 0x01d3c3dfa6a3cd81
Faulting application path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Faulting module path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Report Id: e452b9c2-2fd2-11e8-8838-685d43faa0bd
 
Error: (03/25/2018 07:49:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Faulting module name: AdAppMgrSvc.exe, version: 1.0.59.0, time stamp: 0x52b68395
Exception code: 0xc0000005
Fault offset: 0x000024fa
Faulting process id: 0xac0
Faulting application start time: 0x01d3c3dfa64580d7
Faulting application path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Faulting module path: C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
Report Id: e3f5c4d7-2fd2-11e8-8838-685d43faa0bd
 
 
System errors:
=============
Error: (03/25/2018 08:02:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/25/2018 08:02:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/25/2018 08:02:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/25/2018 08:02:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/25/2018 08:02:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/25/2018 08:02:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/25/2018 08:02:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (03/25/2018 08:02:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Windows Defender:
===================================
Date: 2018-03-22 16:41:55.867
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:SoftwareBundler:MSIL/Wizrem
ID:225135
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files\MBlaze UI\U7S9R9I0KH0XH4ZJW6AG2931\PhNPZhNoeT.exe
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe
 
Date: 2018-03-22 10:52:54.856
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{5B189C90-332B-42F7-9239-30AF4DEC7BE2}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-03-22 10:51:23.639
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/Linkhortry!blnk
ID:235116
Severity:High
Category:Browser Modifier
Path Found:containerfile:C:\Users\inthi_ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk;file:C:\Users\inthi_ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk->[CMDEmbedded];startup:C:\Users\inthi_ar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe
 
Date: 2018-03-22 10:51:23.639
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:BrowserModifier:Win32/Linkhortry!blnk
ID:235116
Severity:High
Category:Browser Modifier
Path Found:containerfile:C:\Users\inthi_ar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk;file:C:\Users\inthi_ar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->[CMDEmbedded]
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe
 
Date: 2015-09-22 14:15:14.445
Description: 
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3
 
Date: 2015-09-22 14:13:47.521
Description: 
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3
 
Date: 2015-09-22 14:12:19.771
Description: 
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3
 
CodeIntegrity:
===================================
 
Date: 2018-03-19 12:41:09.547
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-19 12:41:09.425
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-19 12:41:09.347
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-19 12:41:08.226
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-01-09 11:47:30.036
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-01-09 11:47:29.337
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-01-09 11:47:27.607
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-01-09 11:47:27.248
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 19%
Total physical RAM: 3971.13 MB
Available physical RAM: 3209.01 MB
Total Virtual: 7940.46 MB
Available Virtual: 7253.11 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:275.3 GB) (Free:97.5 GB) NTFS
Drive d: () (Fixed) (Total:324.98 GB) (Free:109.83 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:317.38 GB) (Free:101.21 GB) NTFS
 
\\?\Volume{631203c5-0461-11e2-bf0b-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.81 GB) (Free:3.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 17A1B344)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=275.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=642.4 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================


#7 sasschary

sasschary

  • Malware Study Hall Senior
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:42 PM

Posted 25 March 2018 - 09:40 PM

Hi Fazil,

It looks like you have some P2P software installed on your computer.

P2P programs have a high risk of bringing infection. Stay away from them if it all possible, especially if you are downloading illegal software/music/movies/etc. Not only are these areas very large targets for malware authors, they are also what they say in the name: Illegal. Please remove this software before continuing.

It looks like you may have some illegal software installed on your computer.

Installing illegal programs brings a high risk of bringing infection. Before we continue, I will need you to remove any software which you do not legally own a copy of, as well as any files which were used to pirate said software. Please also be aware that some of the tools we use may remove cracked files, which could leave pirated software in an unstable and crash-prone state.

Let's run a scan using CKScanner.

Please run this scan only once unless I tell you to repeat the scan. You will need to run the scan in Safe Mode, and will not be able to download the tool from Safe Mode. You should be able to get the tool by transferring it through your phone, as you have been doing with other things.

  • Please download CKScanner from here and save it to your desktop.
  • On your desktop, right click CKScanner.exe and click Run as Administrator.
  • If a User Account Control dialog box appears, click Yes to allow CKScanner to run.
  • In the CKScanner window, click Search for Files.
  • CKScanner will scan your computer. After the scan is complete, please click Save List to File.
  • CKScanner should show a dialog box saying the file saved correctly.
  • On your desktop, there should be a file called CKFiles.txt. Please double-click the file to open it in Notepad, then copy and paste it into your next reply.

In your next reply, please include the following:

  • CKFiles.txt

sasschary



#8 Fazwud

Fazwud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 25 March 2018 - 10:24 PM

Hey Zach,

 

Ran the ck scanner as you asked me to.

Here's the file:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\chaos group\v-ray\v-ray for sketchup\extension\materials\ground\asphalt_cracked_d01_200cm.vrmat
c:\users\inthi_ar\desktop\desktop files\competition works\competition works\project (3)\google sketchup pro 8.0.4811 incl crack-serials\google sketchup pro 8.0.4811 incl crack-serials-slicer.rar
c:\users\inthi_ar\desktop\desktop files\sand disk\google sketchup pro 8.0.4811 incl crack-serials\googlesketchupprowen 8.0.4811.exe
c:\users\inthi_ar\desktop\desktop files\sand disk\google sketchup pro 8.0.4811 incl crack-serials\readme.nfo
c:\users\inthi_ar\desktop\desktop files\sand disk\google sketchup pro 8.0.4811 incl crack-serials\serials.nfo
c:\users\inthi_ar\desktop\desktop files\sand disk\google sketchup pro 8.0.4811 incl crack-serials\crack\sketchup.exe
c:\users\inthi_ar\desktop\desktop files\winrar 5.11 beta 1\keygen-fff.zip
scanner sequence 3.FA.11.LNCPM0
 ----- EOF ----- 
 
 
Now I've got a small doubt if you could help. The above mentioned softwares by ck scanner are present in my system for a long time like 6 years, whereas my problem arose
only before 5 days.
I'm afraid that the real cause of my problems hasn't been identified by the scan.
 
Am I wrong can you throw some clarity for me if possible?
 
Regards,
Fazil


#9 sasschary

sasschary

  • Malware Study Hall Senior
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:42 PM

Posted 26 March 2018 - 08:04 PM

Hi Fazil,

I believe that we should be capable of removing the infection. CKScanner scans only for potential security risks, and, as the log says, "these are not necessarily bad." I have been able to identify the issue, but needed to use CKScanner just to check for any other things.

It looks like there is still some pirated software on your system.

It seems to me that there is still some pirated software on your computer. I and BleepingComputer do not condone the use of piracy, and so, if we are to continue the malware removal process, this software must first be removed. Please remove the following software, along with any other illegal software you may have on your system, including any files used to crack the software.

  • Google Sketchup
  • WinRAR
  • Any Autodesk software which you do not own a legal copy of

Following the removal of this software, please run another FRST scan, and please click the Addition.txt checkbox under Optional Scan so that both FRST.txt and Addition.txt are generated. Then, copy and paste both logs into your next reply.

In your next reply, please include the following:

  • FRST.txt
  • Addition.txt

sasschary



#10 sasschary

sasschary

  • Malware Study Hall Senior
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:42 PM

Posted 29 March 2018 - 12:20 PM

Hi, Fazil,

 

Are you still with me?



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 01 April 2018 - 08:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users