Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected with virus

Malware virus

  • Please log in to reply

#16
sasikanthb

sasikanthb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Shall I do the Avast boot scan again? 


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

It wouldn't hurt but let's try this first:

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   654bytes   20 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#18
sasikanthb

sasikanthb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Venky (30-06-2017 20:19:02) Run:3
Running from C:\Users\Venky\Desktop
Loaded Profiles: Venky (Available Profiles: Venky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
() C:\Users\Venky\AppData\Local\Temp\_iu14D2N.tmp
C:\Users\Venky\AppData\Local\Temp\_iu14D2N.tmp
R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [70424 2017-06-26] (Driver Lace514)
C:\Windows\System32\drivers\Lace_wpf_x64.sys
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 
*****************
 
[5460] C:\Users\Venky\AppData\Local\Temp\_iu14D2N.tmp => process closed successfully.
C:\Users\Venky\AppData\Local\Temp\_iu14D2N.tmp => moved successfully
Lace514 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Lace514 => key removed successfully
Lace514 => service removed successfully
C:\Windows\System32\drivers\Lace_wpf_x64.sys => moved successfully
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5463900 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 90 B
Edge => 0 B
Chrome => 393322973 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Venky => 20673621 B
 
RecycleBin => 0 B
EmptyTemp: => 412 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:20:02 ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Venky (administrator) on VENKATESH (30-06-2017 20:26:00)
Running from C:\Users\Venky\Desktop
Loaded Profiles: Venky (Available Profiles: Venky)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216576 2014-03-10] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-06-28] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [Wifi HotSpot] => "C:\Program Files (x86)\WifiHotSpot\WifiHotSpot.exe" systray
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\MountPoints2: {c6aacac5-79d9-11e6-827c-2c337a4ad938} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\MountPoints2: {e4eaa5d5-c1f1-11e5-8267-2c337a4ad938} - "D:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-28] (AVAST Software)
Startup: C:\Users\Venky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 123.176.37.35 123.176.37.36
Tcpip\..\Interfaces\{388F351E-6F7C-4E36-B475-113DAD0DE638}: [DhcpNameServer] 123.176.37.35 123.176.37.36
Tcpip\..\Interfaces\{455BF853-754F-4EAB-B24D-884D2D0CFD16}: [DhcpNameServer] 202.53.8.24 202.53.8.23
 
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-13] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-13] (Google Inc.)
Toolbar: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://in-vpn.intergraph.com/dana-cached/sc/JuniperSetupClient.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: pwdsokf3.default
FF ProfilePath: C:\Users\Venky\AppData\Roaming\Mozilla\Firefox\Profiles\pwdsokf3.default [2017-06-29]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2099936855-3624917399-2330419357-1001: SkypePlugin -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi.dll [2016-11-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2099936855-3624917399-2330419357-1001: SkypePlugin64 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi-x64.dll [2016-11-03] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default [2017-06-30]
CHR Extension: (Google Slides) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-12]
CHR Extension: (Google Docs) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-12]
CHR Extension: (Google Drive) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-11-27]
CHR Extension: (Skype Calling) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Google Search) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (IRCTC Magic Autofill) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngnpeogocbffohonknibfgpdheagajk [2016-10-13]
CHR Extension: (Gmail) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-12]
CHR Extension: (Chrome Media Router) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-06-28] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-06-28] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-06-28] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-06-28] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-06-28] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-06-28] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [82936 2016-10-13] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-06-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-06-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-06-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-06-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-06-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-06-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-06-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-06-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [360792 2017-06-28] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-27] (Realtek Semiconductor Corporation                           )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-30 20:26 - 2017-06-30 20:26 - 00018862 _____ C:\Users\Venky\Desktop\FRST.txt
2017-06-30 20:19 - 2017-06-30 20:20 - 00002168 _____ C:\Users\Venky\Desktop\Fixlog.txt
2017-06-30 17:02 - 2017-06-30 17:03 - 65033984 _____ (Malwarebytes ) C:\Users\Venky\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-06-30 15:36 - 2017-06-30 15:36 - 00002456 _____ C:\Users\Venky\Desktop\ESATONLINE.txt
2017-06-30 10:36 - 2017-06-30 10:36 - 00000000 ____D C:\Users\Venky\AppData\Local\ESET
2017-06-29 08:09 - 2017-06-29 08:09 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-06-29 07:59 - 2017-06-29 07:59 - 00000000 ____D C:\Users\Venky\Desktop\FRST-OlderVersion
2017-06-29 02:13 - 2017-06-30 20:26 - 00000000 ____D C:\FRST
2017-06-29 02:08 - 2017-06-29 07:59 - 02440704 _____ (Farbar) C:\Users\Venky\Desktop\FRST64.exe
2017-06-29 01:36 - 2017-06-29 01:36 - 00285672 _____ C:\Windows\Minidump\062917-24812-01.dmp
2017-06-29 01:22 - 2017-06-29 01:22 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-29 01:22 - 2017-06-29 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-29 01:21 - 2017-06-29 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-06-29 01:21 - 2017-06-29 01:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-29 01:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-06-29 01:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-29 01:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-29 01:06 - 2017-06-29 01:06 - 02695422 _____ C:\Users\Venky\Downloads\Business-Banking-and-Economy-Current-Affairs-2015-171.pdf
2017-06-29 00:54 - 2017-06-29 00:55 - 00285672 _____ C:\Windows\Minidump\062917-23500-01.dmp
2017-06-28 19:07 - 2017-06-28 19:07 - 00285672 _____ C:\Windows\Minidump\062817-7542265-01.dmp
2017-06-28 15:05 - 2017-06-28 15:05 - 00098774 _____ C:\Users\Venky\Desktop\Syllabus.PDF
2017-06-28 12:32 - 2017-06-28 12:32 - 00018031 _____ C:\Users\Venky\Downloads\State Finances 2017-18.xlsx
2017-06-28 11:00 - 2017-06-28 11:00 - 00000000 ____D C:\ProgramData\devnull
2017-06-28 10:53 - 2017-06-28 10:53 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-28 10:43 - 2017-06-29 08:09 - 00000008 __RSH C:\Users\Venky\ntuser.pol
2017-06-28 10:34 - 2017-06-28 10:34 - 00000000 ___HD C:\$AV_ASW
2017-06-28 10:32 - 2017-06-28 17:17 - 00000000 ____D C:\ProgramData\Logic Cramble
2017-06-28 10:32 - 2017-06-28 10:43 - 00000000 ____D C:\Program Files\XBox
2017-06-28 10:32 - 2017-06-28 10:32 - 07307264 _____ C:\Users\Venky\AppData\Local\agent.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 01896509 _____ C:\Users\Venky\AppData\Local\BetaDonron.tst
2017-06-28 10:32 - 2017-06-28 10:32 - 00126464 _____ C:\Users\Venky\AppData\Local\noah.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 00070800 _____ C:\Users\Venky\AppData\Local\Config.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 00018432 _____ C:\Users\Venky\AppData\Local\Main.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 00005568 _____ C:\Users\Venky\AppData\Local\md.xml
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files\MSBuild
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-28 10:10 - 2013-08-03 10:18 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:18 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:18 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-06-28 10:10 - 2013-08-03 10:11 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:11 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:11 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-06-28 10:06 - 2017-06-28 10:06 - 00001254 _____ C:\Users\Public\Desktop\Office 2016  KMS Activator Ultimate v1.1.lnk
2017-06-28 10:00 - 2017-06-28 10:00 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2017-06-28 10:00 - 2017-06-28 10:00 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2017-06-28 00:45 - 2017-06-28 00:45 - 00104682 _____ C:\Users\Venky\Desktop\Financial Inclusion.PDF
2017-06-28 00:20 - 2017-06-28 00:20 - 00184751 _____ C:\Users\Venky\Desktop\SCHEMES.pdf
2017-06-27 15:03 - 2017-06-27 15:03 - 00051619 _____ C:\Windows\uninstaller.dat
2017-06-27 14:03 - 2017-06-27 14:03 - 01411584 _____ C:\Users\Venky\Desktop\Reserve Bank of India - Frequently Asked Questions.pdf
2017-06-27 14:02 - 2017-06-27 14:02 - 00156206 _____ C:\Users\Venky\Desktop\SEBI.pdf
2017-06-26 12:17 - 2017-06-26 12:17 - 07342955 _____ C:\Users\Venky\Downloads\ethics-governance-and-sustainability-cs-otes.pdf
2017-06-25 18:03 - 2017-06-25 18:03 - 00438938 _____ C:\Users\Venky\Desktop\Paper12-Solution.pdf
2017-06-25 16:28 - 2017-06-25 16:28 - 00444340 _____ C:\Users\Venky\Desktop\Paper-12.pdf
2017-06-24 17:44 - 2017-06-24 17:44 - 00657920 _____ C:\Users\Venky\Downloads\BVR7ppt.ppt
2017-06-15 18:59 - 2017-06-15 18:59 - 00000000 ____D C:\Users\Venky\Desktop\New folder (8)
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-30 20:21 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-30 20:20 - 2013-08-22 18:55 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-30 17:01 - 2016-09-29 21:19 - 00000000 ____D C:\Users\Venky\AppData\Local\CrashDumps
2017-06-30 16:53 - 2016-07-12 23:17 - 00000000 ____D C:\ProgramData\apk
2017-06-30 14:55 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\rescache
2017-06-30 04:06 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2017-06-29 12:07 - 2017-03-19 11:07 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-29 08:09 - 2015-10-11 02:34 - 00000000 ____D C:\Users\Venky
2017-06-29 08:02 - 2016-02-17 22:39 - 00000000 ____D C:\Users\Venky\AppData\LocalLow\Temp
2017-06-29 08:00 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-06-29 01:47 - 2015-10-11 02:40 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2099936855-3624917399-2330419357-1001
2017-06-29 01:36 - 2015-11-21 10:17 - 568745916 _____ C:\Windows\MEMORY.DMP
2017-06-29 01:36 - 2015-11-21 10:17 - 00000000 ____D C:\Windows\Minidump
2017-06-29 01:35 - 2015-10-11 05:16 - 00000000 ____D C:\Users\Venky\AppData\Roaming\uTorrent
2017-06-28 10:57 - 2017-04-13 17:39 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1469252242
2017-06-28 10:57 - 2016-07-23 11:07 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-28 10:53 - 2015-10-12 08:52 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-28 10:53 - 2015-10-12 08:51 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-28 10:52 - 2017-03-19 11:07 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-06-28 10:52 - 2016-07-16 02:26 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-28 10:52 - 2015-10-12 08:52 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-28 10:49 - 2013-09-30 09:44 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-28 10:14 - 2013-08-22 20:50 - 00000000 ____D C:\Windows\CbsTemp
2017-06-28 10:12 - 2016-02-17 22:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-28 09:58 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\LiveKernelReports
2017-06-28 09:56 - 2015-10-12 08:54 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 09:56 - 2015-10-12 08:54 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 23:03 - 2016-12-22 22:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-17 12:58 - 2013-08-22 21:06 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-17 12:58 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\AppReadiness
2017-06-17 12:57 - 2015-10-11 02:35 - 00000000 ____D C:\Users\Venky\AppData\Local\Packages
2017-06-13 18:51 - 2017-03-17 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-13 18:51 - 2016-11-14 23:54 - 00000000 ____D C:\ProgramData\Skype
2017-06-13 18:11 - 2015-10-11 04:26 - 00000000 ____D C:\Users\Venky\AppData\Roaming\vlc
2017-05-31 23:38 - 2016-09-29 23:01 - 00000000 _____ C:\Windows\SysWOW64\last.dump
 
==================== Files in the root of some directories =======
 
2017-06-28 10:32 - 2017-06-28 10:32 - 7307264 _____ () C:\Users\Venky\AppData\Local\agent.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 1896509 _____ () C:\Users\Venky\AppData\Local\BetaDonron.tst
2015-10-12 13:09 - 2017-06-30 20:22 - 2103924 _____ () C:\Users\Venky\AppData\Local\BTServer.log
2017-06-28 10:32 - 2017-06-28 10:32 - 0070800 _____ () C:\Users\Venky\AppData\Local\Config.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 0018432 _____ () C:\Users\Venky\AppData\Local\Main.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 0005568 _____ () C:\Users\Venky\AppData\Local\md.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 0126464 _____ () C:\Users\Venky\AppData\Local\noah.dat
2017-04-18 15:03 - 2017-04-18 15:17 - 0000600 _____ () C:\Users\Venky\AppData\Local\PUTTY.RND
2017-06-28 10:32 - 2017-06-28 10:32 - 0032038 _____ () C:\Users\Venky\AppData\Local\uninstall_temp.ico
2015-10-11 03:21 - 2015-10-11 03:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 20:31
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Venky (30-06-2017 20:27:19)
Running from C:\Users\Venky\Desktop
Windows 8.1 Pro (Update) (X64) (2015-10-10 21:04:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2099936855-3624917399-2330419357-500 - Administrator - Disabled)
Guest (S-1-5-21-2099936855-3624917399-2330419357-501 - Limited - Disabled)
Venky (S-1-5-21-2099936855-3624917399-2330419357-1001 - Administrator - Enabled) => C:\Users\Venky
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6E2E5B9E-BCCC-066F-BBB5-4DCA7289E2CD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
globalupdate Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
K-Lite Codec Pack 11.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pulse Secure Setup Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Setup_Client) (Version: 8.1.5.60701 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Term_Services) (Version: 8.1.5.38093 - Pulse Secure, LLC)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.032714 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.1 - Lenovo Group Limited)
Skype Web Plugin (HKLM-x32\...\{70257DA6-C358-4634-B15D-C42C3B564149}) (Version: 7.28.0.46 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{8AAE6BAC-FCFC-49E7-940C-B11668616323}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{9206EDB2-DB9E-4AE0-A821-5048667D3A17}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C646B6F-5E68-4618-A195-F3228605F8E9} - System32\Tasks\{E63D35FB-CE69-4A85-A564-CACD46A26F2F} => pcalua.exe -a "G:\Win8.1\10. Touchpad\Setup.exe" -d C:\Users\Venky\Desktop
Task: {59C8E61A-1F88-4A46-B4F4-95783F0CD457} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {65A80C8F-FF18-4655-9E9F-918F79729BBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {921CE015-C9C5-48E3-8772-37AE7ACC8353} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {A4B802C4-4DD1-4186-A6AD-188BC3A91AE7} - System32\Tasks\SafeZone scheduled Autoupdate 1469252242 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {CAB642FC-898C-4B3A-AE0E-EAF8216F6B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {E1B12F19-3F41-4BD8-9C17-F7718BFACA72} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-28] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-11 03:29 - 2014-03-28 03:42 - 00095232 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-06-28 09:56 - 2017-06-23 08:51 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 09:56 - 2017-06-23 08:51 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-28 10:52 - 2017-06-28 10:54 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2015-10-11 03:12 - 2013-09-17 00:50 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-06-28 10:29 - 00001146 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Venky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 123.176.37.35 - 123.176.37.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DE7D73DD-F601-4671-B6A4-3AFDFF66F2E9}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3356126-7E71-4EB0-A654-18ED14945812}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D041DEA-8C66-4FAC-9407-938654F9D845}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{06C47B1C-7B26-4517-9FF2-D426F7663B70}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF61D8DC-CAB9-4EED-B864-EF915F4D9875}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2562EB07-EA1A-4F80-B174-5F0ED9C09434}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01314453-C237-4526-987D-C93AA628334E}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{1314AFFF-F144-40DF-A2C1-838CF23D7BEE}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{F9B7C87C-316F-40D0-B9EE-6E3DD80271F8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1F5EA44F-A01F-4233-9960-C36CDA94B436}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{3E50EEB2-C925-4738-BCF7-3C7579EEE2AE}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [{F522AE21-8D88-4F01-A72C-C7018D4356F2}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [TCP Query User{4528C48C-B108-4AA0-913C-81B732CBF208}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{7CAFE876-75D3-4B7B-8699-17431F57FE96}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{8E5B716D-278D-4F03-8661-275E73F5535C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FA23479E-7747-4AC3-9DA3-F891F9D45313}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3A31D5DE-6086-47C5-A160-043179B66046}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9AAF0A2-5860-4ABA-917B-D9094BCB1A4C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{14724E38-0FAD-49D4-860B-782FB75E3FA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1CB2DE2A-159F-4783-B948-6F5B7BCCF4D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8713A27-9664-45B0-90DC-6D6EDDAF8F43}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{1D944923-E0D7-4C2D-84D0-0320E0712CDE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{6808662F-FB32-46FE-BC3E-38BF74278FCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FAB504EB-123E-4DBF-8C81-FBCC590BAA3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{16FE2081-08EF-4FD6-8339-113CD0D026AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E90410F2-405B-452C-871E-42C31F4AB1C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{404F8D4D-3D23-4D5D-9380-2F09BDB303CA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{C0C2EC1E-9241-4C18-AF40-4A173FF2E8D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{29832877-BE66-4473-9161-26FA269E0EA0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
 
==================== Restore Points =========================
 
13-06-2017 20:18:39 Scheduled Checkpoint
21-06-2017 00:05:48 Scheduled Checkpoint
28-06-2017 10:07:51 Windows Modules Installer
30-06-2017 10:28:41 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (06/30/2017 08:21:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (06/30/2017 08:21:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 37%
Total physical RAM: 3992.36 MB
Available physical RAM: 2503.86 MB
Total Virtual: 8088.36 MB
Available Virtual: 6613.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:195.31 GB) (Free:128.43 GB) NTFS
Drive e: (Entertainment) (Fixed) (Total:491.08 GB) (Free:149.3 GB) NTFS
Drive f: (Data) (Fixed) (Total:244.14 GB) (Free:62.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=491.1 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Almost there.  Just noticed that this is suspicious:

 

CHR HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
 

 

 

 

bknbnapaddjdnbilpmlacdkjdkjmbjhd is not a Google extension.  Instead it belongs to something called VidAdBlock.  That it is hiding its true name is not a good sign.  Let's see if we can remove it with a quick fixlist.  This one shouldn't need to reboot the PC if you close Chrome before you run it.

 

Attached File  fixlist.txt   644bytes   16 downloads

 

 

 

 


  • 1

#20
sasikanthb

sasikanthb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Venky (30-06-2017 21:51:28) Run:4
Running from C:\Users\Venky\Desktop
Loaded Profiles: Venky (Available Profiles: Venky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
 
 
 
*****************
 
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd => key removed successfully
 
==== End of Fixlog 21:51:28 ====

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Looks like it worked.  Reboot then do another FRST scan and let's see if it came back.  

 

Unless it comes back FRST is looking pretty clean.  Would not hurt to run Kaspersky's scan:

 

https://usa.kaspersk...free-virus-scan

 

Click on the Download now button to the right of

 

Kaspersky
Security Scan
 
Follow the instructions.  Let me know if it finds anything that isn't already in FRST's quarantine or Avast's chest.
 
I've got to go to the store so will be away from my PC for a few hours.

  • 1

#22
sasikanthb

sasikanthb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Venky (administrator) on VENKATESH (30-06-2017 22:13:36)
Running from C:\Users\Venky\Desktop
Loaded Profiles: Venky (Available Profiles: Venky)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
==================== Registry (Whitelisted) ====================
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 123.176.37.35 123.176.37.36
Tcpip\..\Interfaces\{388F351E-6F7C-4E36-B475-113DAD0DE638}: [DhcpNameServer] 123.176.37.35 123.176.37.36
Tcpip\..\Interfaces\{455BF853-754F-4EAB-B24D-884D2D0CFD16}: [DhcpNameServer] 202.53.8.24 202.53.8.23
 
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-13] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-13] (Google Inc.)
Toolbar: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://in-vpn.intergraph.com/dana-cached/sc/JuniperSetupClient.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: pwdsokf3.default
FF ProfilePath: C:\Users\Venky\AppData\Roaming\Mozilla\Firefox\Profiles\pwdsokf3.default [2017-06-29]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2099936855-3624917399-2330419357-1001: SkypePlugin -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi.dll [2016-11-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2099936855-3624917399-2330419357-1001: SkypePlugin64 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi-x64.dll [2016-11-03] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default [2017-06-30]
CHR Extension: (Google Slides) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-12]
CHR Extension: (Google Docs) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-12]
CHR Extension: (Google Drive) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (Skype Calling) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Google Search) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Sheets) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (IRCTC Magic Autofill) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngnpeogocbffohonknibfgpdheagajk [2016-10-13]
CHR Extension: (Gmail) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-12]
CHR Extension: (Chrome Media Router) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
 
==================== Services (Whitelisted) ====================
 
===================== Drivers (Whitelisted) ======================
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-30 22:13 - 2017-06-30 22:13 - 00007758 _____ C:\Users\Venky\Desktop\FRST.txt
2017-06-30 22:12 - 2017-06-30 22:12 - 00021408 _____ C:\Users\Venky\Desktop\Addition.txt
2017-06-30 17:02 - 2017-06-30 17:03 - 65033984 _____ (Malwarebytes ) C:\Users\Venky\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-06-30 15:36 - 2017-06-30 15:36 - 00002456 _____ C:\Users\Venky\Desktop\ESATONLINE.txt
2017-06-30 10:36 - 2017-06-30 10:36 - 00000000 ____D C:\Users\Venky\AppData\Local\ESET
2017-06-29 08:09 - 2017-06-29 08:09 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-06-29 07:59 - 2017-06-29 07:59 - 00000000 ____D C:\Users\Venky\Desktop\FRST-OlderVersion
2017-06-29 02:13 - 2017-06-30 22:13 - 00000000 ____D C:\FRST
2017-06-29 02:08 - 2017-06-29 07:59 - 02440704 _____ (Farbar) C:\Users\Venky\Desktop\FRST64.exe
2017-06-29 01:36 - 2017-06-29 01:36 - 00285672 _____ C:\Windows\Minidump\062917-24812-01.dmp
2017-06-29 01:22 - 2017-06-29 01:22 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-29 01:22 - 2017-06-29 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-29 01:21 - 2017-06-29 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-06-29 01:21 - 2017-06-29 01:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-29 01:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-06-29 01:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-29 01:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-29 01:06 - 2017-06-29 01:06 - 02695422 _____ C:\Users\Venky\Downloads\Business-Banking-and-Economy-Current-Affairs-2015-171.pdf
2017-06-29 00:54 - 2017-06-29 00:55 - 00285672 _____ C:\Windows\Minidump\062917-23500-01.dmp
2017-06-28 19:07 - 2017-06-28 19:07 - 00285672 _____ C:\Windows\Minidump\062817-7542265-01.dmp
2017-06-28 15:05 - 2017-06-28 15:05 - 00098774 _____ C:\Users\Venky\Desktop\Syllabus.PDF
2017-06-28 12:32 - 2017-06-28 12:32 - 00018031 _____ C:\Users\Venky\Downloads\State Finances 2017-18.xlsx
2017-06-28 11:00 - 2017-06-28 11:00 - 00000000 ____D C:\ProgramData\devnull
2017-06-28 10:53 - 2017-06-28 10:53 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-28 10:43 - 2017-06-29 08:09 - 00000008 __RSH C:\Users\Venky\ntuser.pol
2017-06-28 10:34 - 2017-06-28 10:34 - 00000000 ___HD C:\$AV_ASW
2017-06-28 10:32 - 2017-06-28 17:17 - 00000000 ____D C:\ProgramData\Logic Cramble
2017-06-28 10:32 - 2017-06-28 10:43 - 00000000 ____D C:\Program Files\XBox
2017-06-28 10:32 - 2017-06-28 10:32 - 07307264 _____ C:\Users\Venky\AppData\Local\agent.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 01896509 _____ C:\Users\Venky\AppData\Local\BetaDonron.tst
2017-06-28 10:32 - 2017-06-28 10:32 - 00126464 _____ C:\Users\Venky\AppData\Local\noah.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 00070800 _____ C:\Users\Venky\AppData\Local\Config.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 00018432 _____ C:\Users\Venky\AppData\Local\Main.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 00005568 _____ C:\Users\Venky\AppData\Local\md.xml
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files\MSBuild
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-28 10:10 - 2013-08-03 10:18 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:18 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:18 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-06-28 10:10 - 2013-08-03 10:11 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:11 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:11 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-06-28 10:06 - 2017-06-28 10:06 - 00001254 _____ C:\Users\Public\Desktop\Office 2016  KMS Activator Ultimate v1.1.lnk
2017-06-28 10:00 - 2017-06-28 10:00 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2017-06-28 10:00 - 2017-06-28 10:00 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2017-06-28 00:45 - 2017-06-28 00:45 - 00104682 _____ C:\Users\Venky\Desktop\Financial Inclusion.PDF
2017-06-28 00:20 - 2017-06-28 00:20 - 00184751 _____ C:\Users\Venky\Desktop\SCHEMES.pdf
2017-06-27 15:03 - 2017-06-27 15:03 - 00051619 _____ C:\Windows\uninstaller.dat
2017-06-27 14:03 - 2017-06-27 14:03 - 01411584 _____ C:\Users\Venky\Desktop\Reserve Bank of India - Frequently Asked Questions.pdf
2017-06-27 14:02 - 2017-06-27 14:02 - 00156206 _____ C:\Users\Venky\Desktop\SEBI.pdf
2017-06-26 12:17 - 2017-06-26 12:17 - 07342955 _____ C:\Users\Venky\Downloads\ethics-governance-and-sustainability-cs-otes.pdf
2017-06-25 18:03 - 2017-06-25 18:03 - 00438938 _____ C:\Users\Venky\Desktop\Paper12-Solution.pdf
2017-06-25 16:28 - 2017-06-25 16:28 - 00444340 _____ C:\Users\Venky\Desktop\Paper-12.pdf
2017-06-24 17:44 - 2017-06-24 17:44 - 00657920 _____ C:\Users\Venky\Downloads\BVR7ppt.ppt
2017-06-15 18:59 - 2017-06-15 18:59 - 00000000 ____D C:\Users\Venky\Desktop\New folder (8)
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-30 22:13 - 2015-10-12 08:52 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-06-30 22:05 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-30 20:20 - 2013-08-22 18:55 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-30 17:01 - 2016-09-29 21:19 - 00000000 ____D C:\Users\Venky\AppData\Local\CrashDumps
2017-06-30 16:53 - 2016-07-12 23:17 - 00000000 ____D C:\ProgramData\apk
2017-06-30 14:55 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\rescache
2017-06-30 04:06 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2017-06-29 12:07 - 2017-03-19 11:07 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-29 08:09 - 2015-10-11 02:34 - 00000000 ____D C:\Users\Venky
2017-06-29 08:02 - 2016-02-17 22:39 - 00000000 ____D C:\Users\Venky\AppData\LocalLow\Temp
2017-06-29 08:00 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-06-29 01:47 - 2015-10-11 02:40 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2099936855-3624917399-2330419357-1001
2017-06-29 01:36 - 2015-11-21 10:17 - 568745916 _____ C:\Windows\MEMORY.DMP
2017-06-29 01:36 - 2015-11-21 10:17 - 00000000 ____D C:\Windows\Minidump
2017-06-29 01:35 - 2015-10-11 05:16 - 00000000 ____D C:\Users\Venky\AppData\Roaming\uTorrent
2017-06-28 10:57 - 2017-04-13 17:39 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1469252242
2017-06-28 10:57 - 2016-07-23 11:07 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-28 10:53 - 2015-10-12 08:52 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149884102053101
2017-06-28 10:53 - 2015-10-12 08:52 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-28 10:53 - 2015-10-12 08:51 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-28 10:52 - 2017-03-19 11:07 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-06-28 10:52 - 2016-07-16 02:26 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-28 10:52 - 2015-10-12 08:52 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-28 10:49 - 2013-09-30 09:44 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-28 10:14 - 2013-08-22 20:50 - 00000000 ____D C:\Windows\CbsTemp
2017-06-28 10:12 - 2016-02-17 22:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-28 09:58 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\LiveKernelReports
2017-06-28 09:56 - 2015-10-12 08:54 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 09:56 - 2015-10-12 08:54 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 23:03 - 2016-12-22 22:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-17 12:58 - 2013-08-22 21:06 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-17 12:58 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\AppReadiness
2017-06-17 12:57 - 2015-10-11 02:35 - 00000000 ____D C:\Users\Venky\AppData\Local\Packages
2017-06-13 18:51 - 2017-03-17 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-13 18:51 - 2016-11-14 23:54 - 00000000 ____D C:\ProgramData\Skype
2017-06-13 18:11 - 2015-10-11 04:26 - 00000000 ____D C:\Users\Venky\AppData\Roaming\vlc
2017-05-31 23:38 - 2016-09-29 23:01 - 00000000 _____ C:\Windows\SysWOW64\last.dump
 
==================== Files in the root of some directories =======
 
2017-06-28 10:32 - 2017-06-28 10:32 - 7307264 _____ () C:\Users\Venky\AppData\Local\agent.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 1896509 _____ () C:\Users\Venky\AppData\Local\BetaDonron.tst
2015-10-12 13:09 - 2017-06-30 22:07 - 2106831 _____ () C:\Users\Venky\AppData\Local\BTServer.log
2017-06-28 10:32 - 2017-06-28 10:32 - 0070800 _____ () C:\Users\Venky\AppData\Local\Config.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 0018432 _____ () C:\Users\Venky\AppData\Local\Main.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 0005568 _____ () C:\Users\Venky\AppData\Local\md.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 0126464 _____ () C:\Users\Venky\AppData\Local\noah.dat
2017-04-18 15:03 - 2017-04-18 15:17 - 0000600 _____ () C:\Users\Venky\AppData\Local\PUTTY.RND
2017-06-28 10:32 - 2017-06-28 10:32 - 0032038 _____ () C:\Users\Venky\AppData\Local\uninstall_temp.ico
2015-10-11 03:21 - 2015-10-11 03:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 20:31
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Venky (30-06-2017 22:14:44)
Running from C:\Users\Venky\Desktop
Windows 8.1 Pro (Update) (X64) (2015-10-10 21:04:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2099936855-3624917399-2330419357-500 - Administrator - Disabled)
Guest (S-1-5-21-2099936855-3624917399-2330419357-501 - Limited - Disabled)
Venky (S-1-5-21-2099936855-3624917399-2330419357-1001 - Administrator - Enabled) => C:\Users\Venky
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6E2E5B9E-BCCC-066F-BBB5-4DCA7289E2CD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
globalupdate Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
K-Lite Codec Pack 11.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pulse Secure Setup Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Setup_Client) (Version: 8.1.5.60701 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Term_Services) (Version: 8.1.5.38093 - Pulse Secure, LLC)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.032714 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.1 - Lenovo Group Limited)
Skype Web Plugin (HKLM-x32\...\{70257DA6-C358-4634-B15D-C42C3B564149}) (Version: 7.28.0.46 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{8AAE6BAC-FCFC-49E7-940C-B11668616323}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{9206EDB2-DB9E-4AE0-A821-5048667D3A17}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C646B6F-5E68-4618-A195-F3228605F8E9} - System32\Tasks\{E63D35FB-CE69-4A85-A564-CACD46A26F2F} => pcalua.exe -a "G:\Win8.1\10. Touchpad\Setup.exe" -d C:\Users\Venky\Desktop
Task: {59C8E61A-1F88-4A46-B4F4-95783F0CD457} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {65A80C8F-FF18-4655-9E9F-918F79729BBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {921CE015-C9C5-48E3-8772-37AE7ACC8353} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {A4B802C4-4DD1-4186-A6AD-188BC3A91AE7} - System32\Tasks\SafeZone scheduled Autoupdate 1469252242 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {CAB642FC-898C-4B3A-AE0E-EAF8216F6B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {E1B12F19-3F41-4BD8-9C17-F7718BFACA72} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-28] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-11 03:29 - 2014-03-28 03:42 - 00095232 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-28 10:52 - 2017-06-28 10:54 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2015-10-11 03:12 - 2013-09-17 00:50 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-06-28 10:29 - 00001146 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Venky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 123.176.37.35 - 123.176.37.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DE7D73DD-F601-4671-B6A4-3AFDFF66F2E9}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3356126-7E71-4EB0-A654-18ED14945812}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D041DEA-8C66-4FAC-9407-938654F9D845}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{06C47B1C-7B26-4517-9FF2-D426F7663B70}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF61D8DC-CAB9-4EED-B864-EF915F4D9875}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2562EB07-EA1A-4F80-B174-5F0ED9C09434}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01314453-C237-4526-987D-C93AA628334E}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{1314AFFF-F144-40DF-A2C1-838CF23D7BEE}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{F9B7C87C-316F-40D0-B9EE-6E3DD80271F8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1F5EA44F-A01F-4233-9960-C36CDA94B436}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{3E50EEB2-C925-4738-BCF7-3C7579EEE2AE}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [{F522AE21-8D88-4F01-A72C-C7018D4356F2}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [TCP Query User{4528C48C-B108-4AA0-913C-81B732CBF208}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{7CAFE876-75D3-4B7B-8699-17431F57FE96}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{8E5B716D-278D-4F03-8661-275E73F5535C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FA23479E-7747-4AC3-9DA3-F891F9D45313}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3A31D5DE-6086-47C5-A160-043179B66046}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9AAF0A2-5860-4ABA-917B-D9094BCB1A4C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{14724E38-0FAD-49D4-860B-782FB75E3FA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1CB2DE2A-159F-4783-B948-6F5B7BCCF4D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8713A27-9664-45B0-90DC-6D6EDDAF8F43}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{1D944923-E0D7-4C2D-84D0-0320E0712CDE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{6808662F-FB32-46FE-BC3E-38BF74278FCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FAB504EB-123E-4DBF-8C81-FBCC590BAA3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{16FE2081-08EF-4FD6-8339-113CD0D026AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E90410F2-405B-452C-871E-42C31F4AB1C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{404F8D4D-3D23-4D5D-9380-2F09BDB303CA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{C0C2EC1E-9241-4C18-AF40-4A173FF2E8D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{29832877-BE66-4473-9161-26FA269E0EA0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
 
==================== Restore Points =========================
 
13-06-2017 20:18:39 Scheduled Checkpoint
21-06-2017 00:05:48 Scheduled Checkpoint
28-06-2017 10:07:51 Windows Modules Installer
30-06-2017 10:28:41 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (06/30/2017 10:05:54 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (06/30/2017 10:05:54 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (06/30/2017 08:21:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (06/30/2017 08:21:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 32%
Total physical RAM: 3992.36 MB
Available physical RAM: 2676.3 MB
Total Virtual: 8088.36 MB
Available Virtual: 6848.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:195.31 GB) (Free:128.22 GB) NTFS
Drive e: (Entertainment) (Fixed) (Total:491.08 GB) (Free:149.3 GB) NTFS
Drive f: (Data) (Fixed) (Total:244.14 GB) (Free:62.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=491.1 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

  • 0

#23
sasikanthb

sasikanthb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Everything seem fine, it didn't detect any virus. I see two files as attention in the FRST one is Setup and the other is globalupdatehelper. 

I can't thank you enough for the help you are doing.


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Yes but the files they install have already been removed or at least they are not active.  You can try and uninstall them if you want.  No guarantee that the uninstaller will work or won't reinstall them.  I would run a new FRST scan after you try and uninstall them to make sure that nothing changed.


  • 1

#25
sasikanthb

sasikanthb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Its ok. I don't know how to remove them. What's next ?


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

If you want to try to uninstall the programs:

 

https://kb.wisc.edu/page.php?id=27423

 

I think your system is fairly clean now.  Nothing obvious in the FRST log and our other scans are coming back clean.  If trying to uninstall the two programs doesn't do anything we can clean up:

 

 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox then get the Ublock Origin  Add-on from https://www.ublock.org/.  For IE go to adblockplus.org  and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
To prevent a relatively new phishing attack:  In Firefox, type:
 
about:config
 
in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in 
 
puny
 
You should only get one option:
network.IDN_show_punycode
We want it to say True but by default it is False so double click on it to toggle from False to True.
Close and restart firefox.
 
To test it you can go to:
 
 
If the value is false you will see https://www.apple.cominstead of the correct value
 
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

  • 1

#27
sasikanthb

sasikanthb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I will save whatever you said on a Word Document. I will do the rest tomorrow. Time to sleep :)

Thank you for the support. This forum is awesome.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP