About six months ago while downloading torrents i accidentally downloaded and opened a zip file, it infected my system with loads of viruses, i tried running avast and avg but it didnt solve my problem as i was constantly getting the BSOD screen, as a last resort i did a partial reset on my windows 10 system. after reset i downloaded MBAM and scanned. MBAM showed that it had removed all the malware. The only problem i faced after that was the system restore always failed and so i gave up on that since i didnt have any visible issues. Last week i was again trying to download some files from torrent when i received the message from Windows to check my privacy settings etc for the Windows 10 Creators Fall Update, after i finished that i shutdown my system. The next day i tried connecting to the internet but chrome was showing that there was no internet connection. i opened the resource center and it showed that there was internet connection but it was being used by service host etc. I thought that Windows was downloading updates so i gave it time. But the same thing has been happening for 4 days and i wasnt able to connect to the internet even though 5 gb of data has been used in 4 days. I tried to scan the system with avira but the app didnt open and it showed errors, I then had to download MBAM on my friends computer and then load it into my computer. After installing it scanned and quarantined adware.linkury. After scanning with MBAM i got some of my bandwidth back, using which i downloaded avira and updated MBAM. Scanning with Avira revealed html expkit.gen2 which was quarantined and deleted. I tried to restore my system but it failed, then i started getting BSOD critical structure, and other errors. My laptop has slowed down a lot. Itried to clean it with ccleaner but something is wrong as it is very slow.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by rohan (administrator) on ROHANRANSING (12-10-2017 15:42:55)
Running from C:\Users\rohan\Desktop
Loaded Profiles: rohan (Available Profiles: rohan)
Platform: Windows 10 Home Single Language Version 1607 170731-1934 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [518816 2017-09-25] (Avira Operations Gmbh & Co. KG)
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\MountPoints2: {6f87d05a-b964-11e6-a139-20898418bb66} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{535a4820-a877-44ce-804c-5b83853c3518}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1929955964-473228486-2734651720-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF DefaultProfile: q53vdach.default
FF ProfilePath: C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default [2017-10-12]
FF Extension: (Avira Browser Safety) - C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default\Extensions\
[email protected] [2017-07-26]
FF Extension: (Avira Password Manager) - C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default\Extensions\
[email protected] [2017-07-26]
FF Extension: (Avira SafeSearch Plus) - C:\Users\rohan\AppData\Roaming\Mozilla\Firefox\Profiles\q53vdach.default\Extensions\
[email protected] [2017-07-26]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1409848500&from=amt&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACC08267"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default [2017-10-12]
CHR Extension: (Google Slides) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (Entanglement Web App) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-07-20]
CHR Extension: (Shredder Chess Free) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelpbbhpcpelmnfablcbcianelefnnbg [2016-07-20]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-07-20]
CHR Extension: (Google Docs) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Lucidchart Diagrams) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2017-03-03]
CHR Extension: (Google Drive) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (MindMeister) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2016-07-20]
CHR Extension: (YouTube) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Adblock Plus) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28]
CHR Extension: (Google Tips) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2016-07-20]
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2017-07-26]
CHR Extension: (Legacy MindMup (discontinued)) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2017-01-16]
CHR Extension: (Helicopters) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemghajhhjnakonkoiehmgjlcplkhmdp [2016-07-21]
CHR Extension: (jolecule) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\egibihegmcjaganejdmlbmpboedmnaif [2016-07-20]
CHR Extension: (Google Sheets) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-10-11]
CHR Extension: (Advanced Memories) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjnpcjofgpgheomppapajdophgpdceb [2016-07-20]
CHR Extension: (AdBlock) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-09]
CHR Extension: (StudyBlue) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh [2017-09-20]
CHR Extension: (Pathuku - Connect the lines) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2016-07-20]
CHR Extension: (Rack ur Brain) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifniicpaikdndebancakkbmjjfhloena [2016-07-20]
CHR Extension: (Twinoo Brain Training - Test your Brain) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp [2016-07-20]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-07-26]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2016-07-20]
CHR Extension: (Cisco WebEx Extension) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-17]
CHR Extension: (Little Alchemy) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-07-20]
CHR Extension: (World Data Atlas) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2016-07-20]
CHR Extension: (Steambirds: Survival) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2016-07-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-21]
CHR Extension: (Poppit!) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-07-20]
CHR Extension: (Google Classroom) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2016-07-20]
CHR Extension: (Memory Booster) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbkgofbabfecmeoncinpjpchlldbhip [2016-07-20]
CHR Extension: (Google Drawings) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-07-20]
CHR Extension: (StudyStack) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboldpjijadohjhnkadkdbonjlgbjadd [2016-07-20]
CHR Extension: (Micro Expression Recognition Application) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkcbihjelakpbponjhpmkkmopghnpip [2016-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (CogniFit Brain Fitness) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckogiikkcdjefncaekfjbdkmlfniagf [2016-07-20]
CHR Extension: (Fusion Tables (experimental)) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2016-07-20]
CHR Extension: (Gmail) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-30]
CHR Extension: (BodBot Personal Trainer) - C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2016-07-20]
CHR Profile: C:\Users\rohan\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-12]
CHR Profile: C:\Users\rohan\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-12]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1929955964-473228486-2734651720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-09-25] (Avira Operations GmbH & Co. KG)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-02-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-02] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-09-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-09-23] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-09-23] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-10-12] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcjx64.sys [17408 2006-10-10] (Nokia)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-07-13] (The OpenVPN Project)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 RimVSerPort; C:\WINDOWS\System32\drivers\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-12 15:42 - 2017-10-12 15:43 - 000019805 _____ C:\Users\rohan\Desktop\FRST.txt
2017-10-12 15:40 - 2017-10-12 15:41 - 002401792 _____ (Farbar) C:\Users\rohan\Desktop\FRST64.exe
2017-10-12 14:02 - 2017-10-12 14:02 - 000001706 _____ C:\Users\rohan\Desktop\aswMBR.txt
2017-10-12 14:02 - 2017-10-12 14:02 - 000000512 _____ C:\Users\rohan\Desktop\MBR.dat
2017-10-12 13:45 - 2017-10-12 13:46 - 005200384 _____ (AVAST Software) C:\Users\rohan\Downloads\aswmbr.exe
2017-10-12 13:25 - 2017-10-12 13:25 - 000046392 _____ C:\Users\rohan\Downloads\Shortcut.txt
2017-10-12 13:24 - 2017-10-12 13:25 - 000025698 _____ C:\Users\rohan\Downloads\Addition.txt
2017-10-12 13:21 - 2017-10-12 13:25 - 000141805 _____ C:\Users\rohan\Downloads\FRST.txt
2017-10-12 13:20 - 2017-10-12 15:42 - 000000000 ____D C:\FRST
2017-10-11 14:26 - 2017-10-11 14:26 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-10-11 14:26 - 2017-09-23 10:36 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-10-11 14:26 - 2017-09-23 10:36 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-10-10 17:36 - 2017-10-10 17:36 - 000003670 _____ C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater
2017-10-09 13:39 - 2017-10-12 14:28 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-09 13:39 - 2017-10-10 18:01 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-09 13:39 - 2017-10-09 13:39 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-09 13:39 - 2017-10-09 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-09 13:38 - 2017-10-09 13:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-09 13:05 - 2017-10-11 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-09 13:05 - 2017-10-11 14:26 - 000000000 ____D C:\ProgramData\Avira
2017-10-09 13:05 - 2017-10-09 13:05 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-10-09 13:05 - 2017-10-09 13:05 - 000001261 _____ C:\Users\Public\Desktop\Avira.lnk
2017-10-09 13:00 - 2017-10-09 13:04 - 005331016 _____ (Avira Operations GmbH & Co. KG) C:\Users\rohan\Downloads\avira_en_fass0_59784c26d757e__ws (1).exe
2017-10-09 11:55 - 2017-10-09 11:56 - 005331016 _____ (Avira Operations GmbH & Co. KG) C:\Users\rohan\Downloads\avira_en_av_3044169665_3kirpbrg85t22g9eo4n3_wd.exe
2017-10-08 10:03 - 2017-10-08 10:03 - 000000000 ____D C:\Users\rohan\AppData\Local\UNP
2017-10-07 22:57 - 2017-10-07 23:07 - 000000000 ____D C:\Program Files\rempl
2017-10-07 22:57 - 2017-10-07 22:58 - 000000000 ____D C:\Program Files\UNP
2017-10-07 22:57 - 2017-10-07 22:57 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-10-06 14:58 - 2017-10-06 14:58 - 000051234 _____ C:\Users\rohan\Downloads\spider-manhomecoming2017720pblurayx264-ytsag-english-115187.zip
2017-10-06 14:53 - 2017-10-06 14:53 - 000000000 ____D C:\Users\rohan\Downloads\Spider-Man Homecoming (2017) [YTS.AG]
2017-10-05 20:17 - 2017-10-05 20:17 - 000028812 _____ C:\Users\rohan\Downloads\atomic.blonde.(2017).eng.1cd.(7109790).zip
2017-10-01 20:53 - 2017-10-05 20:24 - 000000000 ___RD C:\Users\rohan\Downloads\Atomic Blonde 2017 HD-TS x264-CPG
2017-09-30 20:36 - 2017-09-30 20:36 - 000000000 ____D C:\Users\rohan\AppData\Local\Avira Operations Gmbh & Co. KG
2017-09-30 19:29 - 2017-09-30 19:29 - 000000000 ____D C:\Users\rohan\Downloads\John Wick Chapter 2 (2017) 720p BrRip x264 - VPPV
2017-09-30 16:03 - 2017-09-30 16:03 - 000085251 _____ C:\Users\rohan\Downloads\Get.Out.2017.BluRay.720p-1080p.x264-SPARKS.srt
2017-09-30 16:01 - 2017-09-30 19:21 - 995940235 ____R C:\Users\rohan\Downloads\Get.Out.2017.720p.BRRiP.950MB.ShAaNiG.mkv
2017-09-28 13:47 - 2017-09-28 15:06 - 000000000 ____D C:\Users\rohan\Downloads\Logan Lucky 2017 TS x264-CPG
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-12 15:23 - 2017-07-27 15:54 - 000000000 ____D C:\Users\rohan\AppData\Roaming\BitTorrent
2017-10-12 15:23 - 2016-11-10 17:52 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-12 15:23 - 2016-07-16 17:15 - 000000000 ____D C:\WINDOWS\INF
2017-10-12 15:16 - 2016-11-06 21:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-12 15:09 - 2016-07-21 14:19 - 000000000 ____D C:\ProgramData\Foxit Software
2017-10-12 14:31 - 2016-11-06 21:18 - 000000000 ____D C:\Users\rohan
2017-10-12 14:27 - 2016-11-06 21:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-12 14:21 - 2016-06-11 20:19 - 000000000 ____D C:\Users\rohan\AppData\Roaming\vlc
2017-10-12 13:21 - 2016-07-16 17:06 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-11 14:26 - 2017-07-26 13:43 - 000000000 ____D C:\Program Files (x86)\Avira
2017-10-11 12:53 - 2016-11-15 15:35 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-11 12:36 - 2016-07-16 11:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-11 12:36 - 2016-06-11 19:00 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-10-11 12:31 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\registration
2017-10-10 15:59 - 2016-11-29 15:08 - 000007601 _____ C:\Users\rohan\AppData\Local\Resmon.ResmonCfg
2017-10-10 15:54 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-09 13:38 - 2016-10-20 15:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-09 13:05 - 2016-11-06 21:13 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-08 20:50 - 2016-07-16 17:17 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-06 22:25 - 2016-07-16 17:17 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-05 20:18 - 2017-07-25 12:13 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-10-05 20:18 - 2016-11-15 15:37 - 000003964 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1479204442
2017-09-29 11:31 - 2016-07-27 14:44 - 000000000 ____D C:\Users\rohan\Desktop\upsc
2017-09-28 20:07 - 2017-08-20 01:42 - 000000000 ____D C:\Users\rohan\Downloads\Jonathan Altfeld - Knowledge Engineering
2017-09-28 18:03 - 2016-06-14 12:19 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-28 18:03 - 2016-06-14 12:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-28 13:02 - 2017-07-26 16:21 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1929955964-473228486-2734651720-1001
2017-09-28 13:01 - 2016-06-11 20:13 - 000002363 _____ C:\Users\rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-28 13:01 - 2015-08-11 23:13 - 000000000 ___RD C:\Users\rohan\OneDrive
2017-09-23 22:24 - 2017-08-17 16:17 - 000000000 ____D C:\Users\rohan\AppData\Local\ElevatedDiagnostics
2017-09-22 18:52 - 2016-07-21 13:13 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-09-22 18:52 - 2016-07-21 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Files in the root of some directories =======
2016-10-20 07:30 - 2016-10-20 07:30 - 000140288 _____ () C:\Users\rohan\AppData\Roaming\Installer.dat
2017-05-27 13:25 - 2017-05-27 13:27 - 000000600 _____ () C:\Users\rohan\AppData\Local\PUTTY.RND
2016-11-29 15:08 - 2017-10-10 15:59 - 000007601 _____ () C:\Users\rohan\AppData\Local\Resmon.ResmonCfg
2016-11-06 21:12 - 2016-11-06 21:12 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-06 22:01
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by rohan (12-10-2017 15:44:40)
Running from C:\Users\rohan\Desktop
Windows 10 Home Single Language Version 1607 170731-1934 (X64) (2016-11-06 16:09:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1929955964-473228486-2734651720-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1929955964-473228486-2734651720-503 - Limited - Disabled)
Guest (S-1-5-21-1929955964-473228486-2734651720-501 - Limited - Disabled)
rohan (S-1-5-21-1929955964-473228486-2734651720-1001 - Administrator - Enabled) => C:\Users\rohan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira (HKLM-x32\...\{04C2B04A-7454-47B5-8B56-1B7A92562C9D}) (Version: 1.2.98.14573 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{14668ec0-a736-4c51-a4ef-14118b92bcfa}) (Version: 1.2.98.14573 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.6 - Avira Operations GmbH & Co. KG)
Avira Safe Shopping (HKLM-x32\...\{8E42DF0E-944D-42FD-920E-4D12AC17F7C1}) (Version: 1.0.30.1406 - Avira Operations Gmbh & Co. KG)
BitTorrent (HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Drive (HKLM-x32\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
KB4023057 (HKLM\...\{264FDD69-C4DF-476F-B1B8-7DCEE4AF839B}) (Version: 2.4.0.0 - Microsoft Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Opera Stable 48.0.2685.35 (HKLM-x32\...\Opera 48.0.2685.35) (Version: 48.0.2685.35 - Opera Software)
Ori and the Blind Forest (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0039}) (Version: 6.0 - Black Box)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
UpdateAssistant (HKLM-x32\...\{F9D14939-1792-44AB-8C53-F208534C2548}) (Version: 1.2.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-06-24] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-23] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-23] (Avira Operations GmbH & Co. KG)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {19F2D1D6-10BA-4920-AE9F-36F48755B233} - System32\Tasks\Opera scheduled Autoupdate 1479204442 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-02] (Opera Software)
Task: {5BD57DC9-31CC-4ED3-8C12-6620ECCF8410} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {61AC87FD-F817-428A-9522-CEC4B5CCE0C9} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe [2017-09-25] (Avira Operations Gmbh & Co. KG)
Task: {6E4C7383-F11C-4F43-BF43-851B817B7C87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {7F8E3918-5BA8-48D1-906F-E5B73E78180C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-09-23] (Avira Operations GmbH & Co. KG)
Task: {A0148562-0EA6-4307-AF7C-D1C4CFBF453A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {C785C1EF-87BE-488F-8113-98D3EB8E7786} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {F4C4473E-47C1-44CF-A391-E29206952A19} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Helicopters.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=eemghajhhjnakonkoiehmgjlcplkhmdp
ShortcutWithArgument: C:\Users\rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Lucidchart Diagrams - Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=djejicklhojeokkfmdelnempiecmdomj
==================== Loaded Modules (Whitelisted) ==============
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-26 16:34 - 2017-06-21 13:18 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-11 18:12 - 2016-09-07 10:26 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 13:10 - 2017-03-04 12:01 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 13:11 - 2017-03-04 11:42 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 13:11 - 2017-03-04 11:35 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 13:11 - 2017-03-04 11:35 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-19 22:11 - 2017-03-04 11:35 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-19 22:11 - 2017-08-01 23:56 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-19 22:11 - 2017-08-02 00:01 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-09-28 18:03 - 2017-09-21 12:59 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-28 18:03 - 2017-09-21 12:59 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-06-12 07:53 - 2016-06-12 07:49 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-1929955964-473228486-2734651720-1001\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EE6E7065-A0FC-4369-ACF2-67EEABF87288}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{553CC29F-8E96-4E9D-96B3-CAC6014BD252}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B820AC3-9F1E-4472-9409-2DDF2D53A511}] => (Allow) C:\Users\rohan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{69ADB94D-DC59-4681-90DD-69C7A566BFCF}] => (Allow) C:\Users\rohan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{94860309-190A-4BD4-BFF7-2E9EF761AFD4}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.55\opera.exe
FirewallRules: [{814B1014-6736-4D72-A8CA-E1E109B9F696}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F68FEB35-A931-465E-B95D-116CE447B04B}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.35\opera.exe
==================== Restore Points =========================
23-09-2017 22:59:00 Scheduled Checkpoint
06-10-2017 11:14:30 Scheduled Checkpoint
09-10-2017 12:27:28 Removed Avira Software Updater
11-10-2017 11:20:21 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/12/2017 03:41:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 15.0.32.5, time stamp: 0x59c59edd
Faulting module name: avlode.dll, version: 15.0.32.5, time stamp: 0x59c59c58
Exception code: 0xc0000005
Fault offset: 0x0006fbd3
Faulting process id: 0xa7c
Faulting application start time: 0x01d3433831317e72
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Faulting module path: c:\program files (x86)\avira\antivirus\avlode.dll
Report Id: b158de62-701c-4157-a5d8-8bd88f4031b0
Faulting package full name:
Faulting package-relative application ID:
Error: (10/11/2017 03:20:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.1532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: ef0
Start Time: 01d3425fe8d92943
Termination Time: 0
Application Path: C:\Windows\explorer.exe
Report Id: 49c4ef59-ae69-11e7-a161-20898418bb66
Faulting package full name:
Faulting package-relative application ID:
Error: (10/11/2017 02:40:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/11/2017 12:40:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070091.
Error: (10/11/2017 12:26:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
Error: (10/11/2017 11:48:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/11/2017 11:48:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/11/2017 11:46:23 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
Error: (10/11/2017 11:20:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (10/10/2017 06:34:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROHANRANSING)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (10/12/2017 03:41:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (10/12/2017 03:10:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/12/2017 03:09:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CDPUserSvc_3dec2 service failed to start due to the following error:
The account name is invalid or does not exist, or the password is invalid for the account name specified.
Error: (10/12/2017 02:31:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/12/2017 02:28:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a016dd1a5df52a, 0xb3b723636cdf08a4, 0xfffff80142af4070, 0x0000000000000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 11df3220-e9f0-4f72-839a-72631c96f435.
Error: (10/12/2017 02:27:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:05:14 PM on 10/12/2017 was unexpected.
Error: (10/12/2017 02:26:39 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212254731186912
Error: (10/12/2017 12:56:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/12/2017 12:00:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/11/2017 09:35:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: AMD A8-4500M APU with Radeon HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 5595.02 MB
Available physical RAM: 3040.44 MB
Total Virtual: 6491.02 MB
Available Virtual: 3663.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:902.29 GB) (Free:126.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 52639F77)
Partition: GPT.
==================== End of Addition.txt ============================