Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

html expkit.gen2 virus avira and adware.linkury MBAM, accompanied by i

Started by Rohanya1986 , Oct 12 2017 05:03 AM
BSOD error internet problems laptop overheating avira stopped working

  • Please log in to reply

#1
Rohanya1986
Posted 12 October 2017 - 05:03 AM

Rohanya1986

    New Member

  • Member
  • Pip
  • 8 posts

About six months ago while downloading torrents i accidentally downloaded and opened a zip file, it infected my system with loads of viruses, i tried running avast and avg but it didnt solve my problem as i was constantly getting the BSOD screen, as a last resort i did a partial reset on my windows 10 system. after reset i downloaded MBAM and scanned. MBAM showed that it had removed all the malware. The only problem i faced after that was the system restore always failed and so i gave up on that since i didnt have any visible issues. Last week i was again trying to download some files from torrent when i received the message from Windows to check my privacy settings etc for the Windows 10 Creators Fall Update, after i finished that i shutdown my system. The next day i tried connecting to the internet but chrome was showing that there was no internet connection. i opened the resource center and it showed that there was internet connection but it was being used by service host etc. I thought that Windows was downloading updates so i gave it time. But the same thing has been happening for 4 days and i wasnt able to connect to the internet even though 5 gb of data has been used in 4 days. I tried to scan the system with avira but the app didnt open and it showed errors, I then had to download MBAM on my friends computer and then load it into my computer. After installing it scanned and quarantined adware.linkury. After scanning with MBAM i got some of my bandwidth back, using which i downloaded avira and updated MBAM. Scanning with Avira revealed html expkit.gen2 which was quarantined and deleted. I tried to restore my system but it failed, then i started getting BSOD critical structure, and other errors. My laptop has slowed down a lot. Itried to clean it with ccleaner but something is wrong as it is very slow.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by rohan (administrator) on ROHANRANSING (12-10-2017 15:42:55)
Running from C:\Users\rohan\Desktop
Loaded Profiles: rohan (Available Profiles: rohan)
Platform: Windows 10 Home Single Language Version 1607 170731-1934 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [518816 2017-09-25] (Avira Operations Gmbh & Co. KG)
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\MountPoints2: {6f87d05a-b964-11e6-a139-20898418bb66} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{535a4820-a877-44ce-804c-5b83853c3518}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1929955964-473228486-2734651720-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF DefaultProfile: q53vdach.default
FF ProfilePath: C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default [2017-10-12]
FF Extension: (Avira Browser Safety) - C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default\Extensions\[email protected] [2017-07-26]
FF Extension: (Avira Password Manager) - C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default\Extensions\[email protected] [2017-07-26]
FF Extension: (Avira SafeSearch Plus) - C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default\Extensions\[email protected] [2017-07-26]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1409848500&from=amt&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACC08267"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default [2017-10-12]
CHR Extension: (Google Slides) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (Entanglement Web App) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-07-20]
CHR Extension: (Shredder Chess Free) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelpbbhpcpelmnfablcbcianelefnnbg [2016-07-20]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-07-20]
CHR Extension: (Google Docs) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Lucidchart Diagrams) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2017-03-03]
CHR Extension: (Google Drive) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (MindMeister) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2016-07-20]
CHR Extension: (YouTube) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Adblock Plus) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28]
CHR Extension: (Google Tips) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2016-07-20]
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2017-07-26]
CHR Extension: (Legacy MindMup (discontinued)) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2017-01-16]
CHR Extension: (Helicopters) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemghajhhjnakonkoiehmgjlcplkhmdp [2016-07-21]
CHR Extension: (jolecule) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\egibihegmcjaganejdmlbmpboedmnaif [2016-07-20]
CHR Extension: (Google Sheets) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-10-11]
CHR Extension: (Advanced Memories) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjnpcjofgpgheomppapajdophgpdceb [2016-07-20]
CHR Extension: (AdBlock) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-09]
CHR Extension: (StudyBlue) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh [2017-09-20]
CHR Extension: (Pathuku - Connect the lines) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2016-07-20]
CHR Extension: (Rack ur Brain) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifniicpaikdndebancakkbmjjfhloena [2016-07-20]
CHR Extension: (Twinoo Brain Training - Test your Brain) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp [2016-07-20]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-07-26]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2016-07-20]
CHR Extension: (Cisco WebEx Extension) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-17]
CHR Extension: (Little Alchemy) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-07-20]
CHR Extension: (World Data Atlas) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2016-07-20]
CHR Extension: (Steambirds: Survival) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2016-07-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-21]
CHR Extension: (Poppit!) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-07-20]
CHR Extension: (Google Classroom) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2016-07-20]
CHR Extension: (Memory Booster) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbkgofbabfecmeoncinpjpchlldbhip [2016-07-20]
CHR Extension: (Google Drawings) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-07-20]
CHR Extension: (StudyStack) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboldpjijadohjhnkadkdbonjlgbjadd [2016-07-20]
CHR Extension: (Micro Expression Recognition Application) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkcbihjelakpbponjhpmkkmopghnpip [2016-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (CogniFit Brain Fitness) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckogiikkcdjefncaekfjbdkmlfniagf [2016-07-20]
CHR Extension: (Fusion Tables (experimental)) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2016-07-20]
CHR Extension: (Gmail) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-30]
CHR Extension: (BodBot Personal Trainer) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2016-07-20]
CHR Profile: C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-12]
CHR Profile: C:\Users\rohan\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-12]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1929955964-473228486-2734651720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-09-25] (Avira Operations GmbH & Co. KG)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-02-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-02] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-09-23] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-09-23] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-10-12] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcjx64.sys [17408 2006-10-10] (Nokia)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-07-13] (The OpenVPN Project)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 RimVSerPort; C:\WINDOWS\System32\drivers\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-12 15:42 - 2017-10-12 15:43 - 000019805 _____ C:\Users\rohan\Desktop\FRST.txt
2017-10-12 15:40 - 2017-10-12 15:41 - 002401792 _____ (Farbar) C:\Users\rohan\Desktop\FRST64.exe
2017-10-12 14:02 - 2017-10-12 14:02 - 000001706 _____ C:\Users\rohan\Desktop\aswMBR.txt
2017-10-12 14:02 - 2017-10-12 14:02 - 000000512 _____ C:\Users\rohan\Desktop\MBR.dat
2017-10-12 13:45 - 2017-10-12 13:46 - 005200384 _____ (AVAST Software) C:\Users\rohan\Downloads\aswmbr.exe
2017-10-12 13:25 - 2017-10-12 13:25 - 000046392 _____ C:\Users\rohan\Downloads\Shortcut.txt
2017-10-12 13:24 - 2017-10-12 13:25 - 000025698 _____ C:\Users\rohan\Downloads\Addition.txt
2017-10-12 13:21 - 2017-10-12 13:25 - 000141805 _____ C:\Users\rohan\Downloads\FRST.txt
2017-10-12 13:20 - 2017-10-12 15:42 - 000000000 ____D C:\FRST
2017-10-11 14:26 - 2017-10-11 14:26 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-10-11 14:26 - 2017-09-23 10:36 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-10-10 17:36 - 2017-10-10 17:36 - 000003670 _____ C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater
2017-10-09 13:39 - 2017-10-12 14:28 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-09 13:39 - 2017-10-10 18:01 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-09 13:39 - 2017-10-09 13:39 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-09 13:39 - 2017-10-09 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-09 13:38 - 2017-10-09 13:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-09 13:05 - 2017-10-11 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-09 13:05 - 2017-10-11 14:26 - 000000000 ____D C:\ProgramData\Avira
2017-10-09 13:05 - 2017-10-09 13:05 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-10-09 13:05 - 2017-10-09 13:05 - 000001261 _____ C:\Users\Public\Desktop\Avira.lnk
2017-10-09 13:00 - 2017-10-09 13:04 - 005331016 _____ (Avira Operations GmbH & Co. KG) C:\Users\rohan\Downloads\avira_en_fass0_59784c26d757e__ws (1).exe
2017-10-09 11:55 - 2017-10-09 11:56 - 005331016 _____ (Avira Operations GmbH & Co. KG) C:\Users\rohan\Downloads\avira_en_av_3044169665_3kirpbrg85t22g9eo4n3_wd.exe
2017-10-08 10:03 - 2017-10-08 10:03 - 000000000 ____D C:\Users\rohan\AppData\Local\UNP
2017-10-07 22:57 - 2017-10-07 23:07 - 000000000 ____D C:\Program Files\rempl
2017-10-07 22:57 - 2017-10-07 22:58 - 000000000 ____D C:\Program Files\UNP
2017-10-07 22:57 - 2017-10-07 22:57 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-10-06 14:58 - 2017-10-06 14:58 - 000051234 _____ C:\Users\rohan\Downloads\spider-manhomecoming2017720pblurayx264-ytsag-english-115187.zip
2017-10-06 14:53 - 2017-10-06 14:53 - 000000000 ____D C:\Users\rohan\Downloads\Spider-Man Homecoming (2017) [YTS.AG]
2017-10-05 20:17 - 2017-10-05 20:17 - 000028812 _____ C:\Users\rohan\Downloads\atomic.blonde.(2017).eng.1cd.(7109790).zip
2017-10-01 20:53 - 2017-10-05 20:24 - 000000000 ___RD C:\Users\rohan\Downloads\Atomic Blonde 2017 HD-TS x264-CPG
2017-09-30 20:36 - 2017-09-30 20:36 - 000000000 ____D C:\Users\rohan\AppData\Local\Avira Operations Gmbh & Co. KG
2017-09-30 19:29 - 2017-09-30 19:29 - 000000000 ____D C:\Users\rohan\Downloads\John Wick Chapter 2 (2017) 720p BrRip x264 - VPPV
2017-09-30 16:03 - 2017-09-30 16:03 - 000085251 _____ C:\Users\rohan\Downloads\Get.Out.2017.BluRay.720p-1080p.x264-SPARKS.srt
2017-09-30 16:01 - 2017-09-30 19:21 - 995940235 ____R C:\Users\rohan\Downloads\Get.Out.2017.720p.BRRiP.950MB.ShAaNiG.mkv
2017-09-28 13:47 - 2017-09-28 15:06 - 000000000 ____D C:\Users\rohan\Downloads\Logan Lucky 2017 TS x264-CPG
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-12 15:23 - 2017-07-27 15:54 - 000000000 ____D C:\Users\rohan\AppData\Roaming\BitTorrent
2017-10-12 15:23 - 2016-11-10 17:52 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-12 15:23 - 2016-07-16 17:15 - 000000000 ____D C:\WINDOWS\INF
2017-10-12 15:16 - 2016-11-06 21:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-12 15:09 - 2016-07-21 14:19 - 000000000 ____D C:\ProgramData\Foxit Software
2017-10-12 14:31 - 2016-11-06 21:18 - 000000000 ____D C:\Users\rohan
2017-10-12 14:27 - 2016-11-06 21:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-12 14:21 - 2016-06-11 20:19 - 000000000 ____D C:\Users\rohan\AppData\Roaming\vlc
2017-10-12 13:21 - 2016-07-16 17:06 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-11 14:26 - 2017-07-26 13:43 - 000000000 ____D C:\Program Files (x86)\Avira
2017-10-11 12:53 - 2016-11-15 15:35 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-11 12:36 - 2016-07-16 11:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-11 12:36 - 2016-06-11 19:00 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-10-11 12:31 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\registration
2017-10-10 15:59 - 2016-11-29 15:08 - 000007601 _____ C:\Users\rohan\AppData\Local\Resmon.ResmonCfg
2017-10-10 15:54 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-09 13:38 - 2016-10-20 15:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-09 13:05 - 2016-11-06 21:13 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-08 20:50 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-06 22:25 - 2016-07-16 17:17 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-05 20:18 - 2017-07-25 12:13 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-10-05 20:18 - 2016-11-15 15:37 - 000003964 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1479204442
2017-09-29 11:31 - 2016-07-27 14:44 - 000000000 ____D C:\Users\rohan\Desktop\upsc
2017-09-28 20:07 - 2017-08-20 01:42 - 000000000 ____D C:\Users\rohan\Downloads\Jonathan Altfeld - Knowledge Engineering
2017-09-28 18:03 - 2016-06-14 12:19 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-28 18:03 - 2016-06-14 12:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-28 13:02 - 2017-07-26 16:21 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1929955964-473228486-2734651720-1001
2017-09-28 13:01 - 2016-06-11 20:13 - 000002363 _____ C:\Users\rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-28 13:01 - 2015-08-11 23:13 - 000000000 ___RD C:\Users\rohan\OneDrive
2017-09-23 22:24 - 2017-08-17 16:17 - 000000000 ____D C:\Users\rohan\AppData\Local\ElevatedDiagnostics
2017-09-22 18:52 - 2016-07-21 13:13 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-09-22 18:52 - 2016-07-21 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2016-10-20 07:30 - 2016-10-20 07:30 - 000140288 _____ () C:\Users\rohan\AppData\Roaming\Installer.dat
2017-05-27 13:25 - 2017-05-27 13:27 - 000000600 _____ () C:\Users\rohan\AppData\Local\PUTTY.RND
2016-11-29 15:08 - 2017-10-10 15:59 - 000007601 _____ () C:\Users\rohan\AppData\Local\Resmon.ResmonCfg
2016-11-06 21:12 - 2016-11-06 21:12 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-06 22:01
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by rohan (12-10-2017 15:44:40)
Running from C:\Users\rohan\Desktop
Windows 10 Home Single Language Version 1607 170731-1934 (X64) (2016-11-06 16:09:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1929955964-473228486-2734651720-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1929955964-473228486-2734651720-503 - Limited - Disabled)
Guest (S-1-5-21-1929955964-473228486-2734651720-501 - Limited - Disabled)
rohan (S-1-5-21-1929955964-473228486-2734651720-1001 - Administrator - Enabled) => C:\Users\rohan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira (HKLM-x32\...\{04C2B04A-7454-47B5-8B56-1B7A92562C9D}) (Version: 1.2.98.14573 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{14668ec0-a736-4c51-a4ef-14118b92bcfa}) (Version: 1.2.98.14573 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.6 - Avira Operations GmbH & Co. KG)
Avira Safe Shopping (HKLM-x32\...\{8E42DF0E-944D-42FD-920E-4D12AC17F7C1}) (Version: 1.0.30.1406 - Avira Operations Gmbh & Co. KG)
BitTorrent (HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Drive (HKLM-x32\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
KB4023057 (HKLM\...\{264FDD69-C4DF-476F-B1B8-7DCEE4AF839B}) (Version: 2.4.0.0 - Microsoft Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Opera Stable 48.0.2685.35 (HKLM-x32\...\Opera 48.0.2685.35) (Version: 48.0.2685.35 - Opera Software)
Ori and the Blind Forest (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0039}) (Version: 6.0 - Black Box)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
UpdateAssistant (HKLM-x32\...\{F9D14939-1792-44AB-8C53-F208534C2548}) (Version: 1.2.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-06-24] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-23] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-23] (Avira Operations GmbH & Co. KG)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {19F2D1D6-10BA-4920-AE9F-36F48755B233} - System32\Tasks\Opera scheduled Autoupdate 1479204442 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-02] (Opera Software)
Task: {5BD57DC9-31CC-4ED3-8C12-6620ECCF8410} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {61AC87FD-F817-428A-9522-CEC4B5CCE0C9} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe [2017-09-25] (Avira Operations Gmbh & Co. KG)
Task: {6E4C7383-F11C-4F43-BF43-851B817B7C87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {7F8E3918-5BA8-48D1-906F-E5B73E78180C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-09-23] (Avira Operations GmbH & Co. KG)
Task: {A0148562-0EA6-4307-AF7C-D1C4CFBF453A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {C785C1EF-87BE-488F-8113-98D3EB8E7786} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {F4C4473E-47C1-44CF-A391-E29206952A19} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Helicopters.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=eemghajhhjnakonkoiehmgjlcplkhmdp
ShortcutWithArgument: C:\Users\rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Lucidchart Diagrams - Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djejicklhojeokkfmdelnempiecmdomj
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-26 16:34 - 2017-06-21 13:18 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-11 18:12 - 2016-09-07 10:26 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 13:10 - 2017-03-04 12:01 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 13:11 - 2017-03-04 11:42 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 13:11 - 2017-03-04 11:35 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 13:11 - 2017-03-04 11:35 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-19 22:11 - 2017-03-04 11:35 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-19 22:11 - 2017-08-01 23:56 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-19 22:11 - 2017-08-02 00:01 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-09-28 18:03 - 2017-09-21 12:59 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-28 18:03 - 2017-09-21 12:59 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-06-12 07:53 - 2016-06-12 07:49 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\StartupApproved\Run: => "GoogleDriveSync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE6E7065-A0FC-4369-ACF2-67EEABF87288}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{553CC29F-8E96-4E9D-96B3-CAC6014BD252}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B820AC3-9F1E-4472-9409-2DDF2D53A511}] => (Allow) C:\Users\rohan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{69ADB94D-DC59-4681-90DD-69C7A566BFCF}] => (Allow) C:\Users\rohan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{94860309-190A-4BD4-BFF7-2E9EF761AFD4}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.55\opera.exe
FirewallRules: [{814B1014-6736-4D72-A8CA-E1E109B9F696}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F68FEB35-A931-465E-B95D-116CE447B04B}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.35\opera.exe
 
==================== Restore Points =========================
 
23-09-2017 22:59:00 Scheduled Checkpoint
06-10-2017 11:14:30 Scheduled Checkpoint
09-10-2017 12:27:28 Removed Avira Software Updater
11-10-2017 11:20:21 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/12/2017 03:41:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 15.0.32.5, time stamp: 0x59c59edd
Faulting module name: avlode.dll, version: 15.0.32.5, time stamp: 0x59c59c58
Exception code: 0xc0000005
Fault offset: 0x0006fbd3
Faulting process id: 0xa7c
Faulting application start time: 0x01d3433831317e72
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Faulting module path: c:\program files (x86)\avira\antivirus\avlode.dll
Report Id: b158de62-701c-4157-a5d8-8bd88f4031b0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/11/2017 03:20:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.1532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: ef0
 
Start Time: 01d3425fe8d92943
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 49c4ef59-ae69-11e7-a161-20898418bb66
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/11/2017 02:40:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/11/2017 12:40:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070091.
 
Error: (10/11/2017 12:26:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
 
Error: (10/11/2017 11:48:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/11/2017 11:48:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/11/2017 11:46:23 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
 
Error: (10/11/2017 11:20:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/10/2017 06:34:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/12/2017 03:41:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/12/2017 03:10:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/12/2017 03:09:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CDPUserSvc_3dec2 service failed to start due to the following error: 
The account name is invalid or does not exist, or the password is invalid for the account name specified.
 
Error: (10/12/2017 02:31:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/12/2017 02:28:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000109 (0xa3a016dd1a5df52a, 0xb3b723636cdf08a4, 0xfffff80142af4070, 0x0000000000000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 11df3220-e9f0-4f72-839a-72631c96f435.
 
Error: (10/12/2017 02:27:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:05:14 PM on ‎10/‎12/‎2017 was unexpected.
 
Error: (10/12/2017 02:26:39 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212254731186912
 
Error: (10/12/2017 12:56:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/12/2017 12:00:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/11/2017 09:35:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 45%
Total physical RAM: 5595.02 MB
Available physical RAM: 3040.44 MB
Total Virtual: 6491.02 MB
Available Virtual: 3663.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:902.29 GB) (Free:126.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 52639F77)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 13 October 2017 - 05:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

 

 

Get the free version of Speccy:

http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


  • 0

#3
Rohanya1986
Posted 13 October 2017 - 06:10 AM

Rohanya1986

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ActionUriServer.exe Suspended 2,260 K 36 K 864 ActionUri OOP Server Microsoft Corporation (Verified) Microsoft Windows
ApplicationFrameHost.exe 7,564 K 20,560 K 7612 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
atieclxx.exe 2,416 K 9,240 K 6604 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe 1,312 K 4,772 K 1380 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
avgnt.exe 5,712 K 1,676 K 8712 Avira system tray application Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
avshadow.exe 1,004 K 4,756 K 7316 AntiVir shadow copy service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
chrome.exe 2,012 K 8,420 K 9140 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,940 K 8,536 K 6260 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 45,172 K 42,276 K 7512 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,472 K 26,644 K 3136 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,068 K 39,028 K 3080 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,29,440 K 1,14,504 K 8556 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 30,044 K 40,744 K 4648 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 1,500 K 4,288 K 628 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe 888 K 3,928 K 4340 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,836 K 8,808 K 5344 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 772 K 2,808 K 8072 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
Fuel.Service.exe 1,996 K 8,752 K 4932 AMD Fuel Service Advanced Micro Devices, Inc. (Verified) Advanced Micro Devices
GoogleCrashHandler.exe 1,644 K 232 K 5124 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,472 K 232 K 924 Google Crash Handler Google Inc. (Verified) Google Inc
LockAppHost.exe 5,108 K 20,044 K 1816 LockAppHost Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5,828 K 13,544 K 868 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
OneDrive.exe 9,612 K 30,176 K 5112 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 3,616 K 10,908 K 2600 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RAVCpl64.exe 3,848 K 592 K 6232 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RemindersServer.exe Suspended 3,412 K 40 K 7248 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
sched.exe 5,164 K 4,228 K 2092 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
SearchUI.exe Suspended 78,520 K 68,924 K 5296 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 41,116 K 48,560 K 6128 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5,872 K 22,816 K 6252 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
smartscreen.exe 15,000 K 28,036 K 5616 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
smss.exe 416 K 1,132 K 400 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,636 K 11,488 K 416 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,304 K 8,480 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,980 K 6,304 K 5900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,200 K 24,160 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,124 K 18,272 K 2448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,440 K 9,012 K 1728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,768 K 12,088 K 1912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 13,364 K 22,548 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnhService.exe 1,012 K 3,920 K 2660 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPHelper.exe 936 K 4,620 K 2924 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SystemSettings.exe Suspended 17,868 K 42,724 K 1280 Settings Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,232 K 5,096 K 764 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 2,180 K 7,976 K 9004 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,288 K 8,640 K 7420 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe < 0.01 17,504 K 34,728 K 2604 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
avguard.exe < 0.01 3,73,052 K 9,716 K 3140 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
svchost.exe < 0.01 7,628 K 28,156 K 2208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 93,008 K 91,904 K 1076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 97,584 K 64,816 K 3156 Google Chrome Google Inc. (Verified) Google Inc
Memory Compression < 0.01 884 K 3,54,524 K 2392
SearchIndexer.exe < 0.01 36,880 K 38,820 K 2468 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
Avira.ServiceHost.exe < 0.01 41,352 K 3,944 K 2520 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
svchost.exe < 0.01 9,140 K 22,952 K 88 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 0.01 6,692 K 17,552 K 6836 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
CCC.exe 0.01 93,512 K 4,468 K 7544 Catalyst Control Center: Host application Advanced Micro Devices Inc. (Verified) Advanced Micro Devices
svchost.exe 0.01 5,104 K 13,388 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 19,764 K 26,084 K 1448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 28,464 K 20,060 K 1460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCleaner64.exe 0.01 9,172 K 16,300 K 6320 CCleaner Piriform Ltd (Verified) Piriform Ltd
services.exe 0.02 3,396 K 7,152 K 840 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 6,100 K 11,592 K 596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MOM.exe 0.02 25,344 K 4,116 K 7648 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (Verified) Advanced Micro Devices
chrome.exe 0.03 1,12,348 K 1,20,764 K 4060 Google Chrome Google Inc. (Verified) Google Inc
SettingSyncHost.exe 0.03 42,716 K 14,184 K 5852 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
FoxitConnectedPDFService.exe 0.03 3,824 K 13,444 K 4404 Foxit Reader ConnectedPDF Windows Service. Foxit Software Inc. (Verified) Foxit Software Incorporated
Avira.Systray.exe 0.04 52,420 K 4,676 K 8932 Avira Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
svchost.exe 0.05 13,996 K 23,672 K 1472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.05 1,53,396 K 1,47,576 K 8020 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.06 3,84,536 K 2,48,340 K 5832 Google Chrome Google Inc. (Verified) Google Inc
RuntimeBroker.exe 0.11 13,132 K 39,444 K 7408 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.13 50,036 K 96,152 K 4856 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.22 6,244 K 7,972 K 6452 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.25 1,07,532 K 75,628 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Taskmgr.exe 0.33 17,284 K 36,372 K 3724 Task Manager Microsoft® Windows® Operating System (Verified) Microsoft Windows
System 0.39 188 K 18,404 K 4
dwm.exe 0.60 39,112 K 36,300 K 9196 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Avira Safe Shopping.exe 0.76 63,360 K 7,304 K 2076 Avira Safe Shopping Avira Operations Gmbh & Co. KG (Verified) Solute GmbH
SynTPEnh.exe 0.84 6,640 K 18,644 K 6624 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
Interrupts 1.30 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 3.78 32,284 K 63,532 K 7596 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 90.86 0 K 4 K 0

  • 0

#4
Rohanya1986
Posted 13 October 2017 - 06:19 AM

Rohanya1986

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ActionUriServer.exe Suspended 2,260 K 36 K 864 ActionUri OOP Server Microsoft Corporation (Verified) Microsoft Windows
ApplicationFrameHost.exe 7,472 K 20,500 K 7612 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
atieclxx.exe 2,352 K 9,220 K 6604 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe 1,312 K 4,772 K 1380 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
avgnt.exe 5,712 K 1,556 K 8712 Avira system tray application Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
avshadow.exe 1,004 K 4,748 K 7316 AntiVir shadow copy service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
CCC.exe 94,120 K 11,100 K 7544 Catalyst Control Center: Host application Advanced Micro Devices Inc. (Verified) Advanced Micro Devices
chrome.exe 1,940 K 8,484 K 6260 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,012 K 8,320 K 9140 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 29,524 K 39,120 K 4648 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,472 K 26,568 K 3136 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 45,172 K 42,196 K 7512 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 36,628 K 49,284 K 3080 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 1,500 K 4,276 K 628 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe 888 K 3,896 K 4340 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,836 K 8,712 K 5344 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 772 K 2,808 K 8072 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
Fuel.Service.exe 1,996 K 8,728 K 4932 AMD Fuel Service Advanced Micro Devices, Inc. (Verified) Advanced Micro Devices
GoogleCrashHandler.exe 1,508 K 324 K 5124 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,472 K 232 K 924 Google Crash Handler Google Inc. (Verified) Google Inc
LockAppHost.exe 5,044 K 20,012 K 1816 LockAppHost Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5,824 K 13,492 K 868 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
Memory Compression 928 K 3,57,692 K 2392
OneDrive.exe 9,464 K 30,100 K 5112 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 3,616 K 10,908 K 2600 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RAVCpl64.exe 3,848 K 592 K 6232 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RemindersServer.exe Suspended 3,412 K 40 K 7248 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 13,068 K 40,112 K 7408 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 37,468 K 39,732 K 2468 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 78,520 K 68,924 K 5296 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 41,440 K 4,160 K 5852 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 41,116 K 48,560 K 6128 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5,776 K 22,660 K 6252 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
smartscreen.exe 14,804 K 27,152 K 5616 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
smss.exe 416 K 1,132 K 400 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,580 K 11,444 K 416 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,980 K 6,284 K 5900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,304 K 8,412 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,360 K 24,276 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,356 K 8,996 K 1728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,120 K 17,880 K 2448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,768 K 12,020 K 1912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 27,508 K 18,524 K 1460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,564 K 28,056 K 2208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnhService.exe 1,012 K 3,908 K 2660 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPHelper.exe 936 K 4,608 K 2924 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SystemSettings.exe Suspended 17,868 K 42,724 K 1280 Settings Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,232 K 5,084 K 764 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 1,948 K 7,928 K 9004 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe < 0.01 17,476 K 34,216 K 2604 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
svchost.exe < 0.01 13,932 K 23,324 K 1472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 1,31,048 K 70,008 K 8556 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 8,968 K 22,724 K 88 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe < 0.01 6,692 K 17,536 K 6836 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 5,108 K 13,336 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sched.exe 0.01 5,164 K 4,112 K 2092 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
CCleaner64.exe 0.01 9,172 K 16,300 K 6320 CCleaner Piriform Ltd (Verified) Piriform Ltd
svchost.exe 0.01 13,060 K 22,164 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MOM.exe 0.02 25,348 K 1,360 K 7648 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (Verified) Advanced Micro Devices
Avira.ServiceHost.exe 0.02 41,424 K 4,048 K 2520 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
svchost.exe 0.02 6,020 K 11,512 K 596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 0.03 3,144 K 7,020 K 840 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.04 1,27,512 K 1,17,556 K 4060 Google Chrome Google Inc. (Verified) Google Inc
Avira.Systray.exe 0.05 52,420 K 4,580 K 8932 Avira Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
FoxitConnectedPDFService.exe 0.05 3,824 K 13,264 K 4404 Foxit Reader ConnectedPDF Windows Service. Foxit Software Inc. (Verified) Foxit Software Incorporated
svchost.exe 0.10 1,14,996 K 74,352 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
avguard.exe 0.12 3,73,044 K 18,200 K 3140 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
svchost.exe 0.14 20,632 K 27,532 K 1448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.16 49,812 K 96,208 K 4856 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Taskmgr.exe 0.25 17,144 K 36,180 K 3724 Task Manager Microsoft® Windows® Operating System (Verified) Microsoft Windows
csrss.exe 0.33 6,244 K 7,500 K 6452 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.38 94,536 K 92,716 K 1076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.39 3,85,188 K 2,43,576 K 5832 Google Chrome Google Inc. (Verified) Google Inc
Avira Safe Shopping.exe 0.79 1,26,824 K 92,444 K 2076 Avira Safe Shopping Avira Operations Gmbh & Co. KG (Verified) Solute GmbH
System 1.12 188 K 18,412 K 4
SynTPEnh.exe 1.83 6,640 K 18,632 K 6624 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
chrome.exe 1.85 87,692 K 65,696 K 3156 Google Chrome Google Inc. (Verified) Google Inc
dwm.exe 1.98 37,584 K 36,096 K 9196 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 2.43 0 K 0 K n/a Hardware Interrupts and DPCs
chrome.exe 2.63 1,49,964 K 1,48,760 K 8020 Google Chrome Google Inc. (Verified) Google Inc
procexp64.exe 3.94 31,536 K 64,040 K 7596 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 81.26 0 K 4 K 0

  • 0

#5
RKinner
Posted 13 October 2017 - 06:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

What did you do different between the two logs?  The first is good the second one does not look so good.  Maybe a bad driver.


  • 0

#6
Rohanya1986
Posted 13 October 2017 - 06:45 AM

Rohanya1986

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

i didnt do anything, i was just trying to download the other softwares using chrome. this only happens when i try to connect to the internet. service host local system starts using all my data. and slows down the laptop and chrome shows internet connection issues


  • 0

#7
Rohanya1986
Posted 13 October 2017 - 06:49 AM

Rohanya1986

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

i have successfully downloaded the other softwares even with the connectivity issues, i will upload the results asap. depending on the mood of windows. and this is not a continuous issue, i was able to watch a movie on amazon in the morning, but then the service host tookover the internet connection


  • 0

#8
Rohanya1986
Posted 13 October 2017 - 07:00 AM

Rohanya1986

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

speccy file

Attached Files


  • 0

#9
Rohanya1986
Posted 13 October 2017 - 07:08 AM

Rohanya1986

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

the blue screen view software doesnt seem to be working, i ran it twice but it doesnt show any results. sorry for the delay in response. thank you for your time


  • 0

#10
Rohanya1986
Posted 22 October 2017 - 05:54 AM

Rohanya1986

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
As I was not able to do system restore, and the update was failing daily I thought of doing system reset, but that too failed, so I tried to update to the latest Windows 10 creator version from their website, it went well till I was told to restart, after that my laptop is not working, it shows trying to recover installation then it shows restoring previous version and then it shuts down. I have some important photo of Europe trip on it and I didn't make a backup, plz tell me what I should do
  • 0

#11
RKinner
Posted 22 October 2017 - 03:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

The easiest and surest way to recover files is to pull the drive, stick it on a USB SATA adapter (Amazon has many.  The
Product Details

StarTech USB 3.0 to 2.5" SATA III Hard Drive Adapter Cable w/ UASP - SATA to USB 3.0 Converter for SSD/HDD is about $12)  and plug the adapter into another PC.

A less sure alternative is to use a bootable disk or usb drive such as Hiren's:

http://www.hirensboo...BootCD.15.2.zip

Download, save and then right click on it and Extract All.  Click on BurnToCD.cmd and follow the instructions to burn the CD.  Then move the CD to the sick PC and boot off the CD. (You may need to change the boot order so the CD drive comes before the hard drive.  See: http://www.hirensboo...-order-in-bios/You may also need to change the boot to let it read MBRs (Sometimes called Legacy) rather than UEFI)
Boot into MiniXP and you should be able to access your files.

 

Somehow I missed your Speccy file but when I went back to look if this was a laptop or a desktop I noticed the temp was over 100C.  This may be the cause of all of your problems if the reading is correct.  Speccy tends to read high so I don't trust it that much but a hot PC will have lots of strange errors.  Assuming you are not trying to run it on a soft surface that blocks the intake vents the usual cause of overheating is dust buildup between the fan and the heatsink.  Over time this gets so bad that it blocks all air flow.  On some PCs this is an easy thing to clean but on others it's brain surgery.  Google your model number and you will usually find a youtube video showing how to take it apart.  You do not want to unscrew the heatsink unless you want to change the thermal paste but usually you can remove the fan (if you can get to it)  and then clean the heatsink.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: BSOD error, internet problems, laptop overheating, avira stopped working

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP