Solved Please help me to remove my infected pc. Trojan. Multi. GenAutorunBITS.a

Riyasvkmuhammed

Posts: 17   +0
Hi,

I found a trojan In my lap by Kvrt scanning. Trojan.Muli.Genautorunbits.A I cleaned the file. But I think its not removed. And I coudnt install MBAM. Cleaned using mbclean and no way. Please help me. Please find the attached log files gathered by mb support tool
 

Attachments

  • mbst-grab-results.zip
    88.3 KB · Views: 4

MaikuTech

Posts: 1,125   +189
@Riyasvkmuhammed I checked you're malwarebytes search results it said it was gone and quarentine does not have it.
Just to be sure of that download eset antivirus, let it peform one deep scan, if it finds it again let it clear it out.
https://www.eset.com/us/home/free-trial/
The moderator in that malware sub-forum will help you out, I believe that Trojan horse is packing a rootkit.
So it maybe stubborn to get rid of out of the registry at first but it will leave with the right av definitions.
 

Riyasvkmuhammed

Posts: 17   +0
@MaikuTech
hi

I scanned my system using eset node 32 , and found 12 infected files only 2 cleaned after scan. not cleaned other files.
please check the log file of eset scan

log1.txt- scanned folders C,D,E
log2.txt -scanned folders memory,boot secters, etc

please check and reply.......


thanks
riyasvkmuhammed
 

Attachments

  • log1.txt
    8 KB · Views: 0
  • log2.txt
    131.5 KB · Views: 0

Riyasvkmuhammed

Posts: 17   +0
@MaikuTech
Thanks for taking on my case so soon.

please check Scan result of Farbar Recovery Scan Tool

- FRST.txt
addition.txt
 

Attachments

  • FRST.txt
    39.4 KB · Views: 1
  • Addition.txt
    41 KB · Views: 1

Broni

Posts: 55,827   +503
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

Please observe forum rules. All logs have to be pasted not attached.
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
Thanks for taking on my case so soon.

at first I found my laptop taking so long to complete boot.
then I booted in safemode and scanned using kaspersky virus removal tool. then I found this above trojan and removed it .
but the system behaves the same.
I tried installing malwarebytes and its says to reboot for install and not installed after reboot.

what should I do ??
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
please check Scan result of Farbar Recovery Scan Tool


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by #root (administrator) on ROOT (22-06-2018 15:56:36)
Running from C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: #root (Available Profiles: #root & Administrator & Guest)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion\FRST-OlderVersion\FRSTEnglish.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion\FRST-OlderVersion\FRSTEnglish.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [178496 2018-04-19] (ESET)
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {01f74df5-7d8b-11e7-85bd-645a04bf7d48} - H:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {01f74e02-7d8b-11e7-85bd-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {02d7fbc2-28e9-11e8-a325-645a04bf7d48} - G:\Windows\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {02d7fbce-28e9-11e8-a325-645a04bf7d48} - G:\Windows\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {1aa30557-4317-11e8-9c6b-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {1aa30562-4317-11e8-9c6b-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {21dd083d-9ad3-11e7-b1ea-645a04bf7d48} - I:\Setup.exe /s
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {34a4ae6a-1543-11e8-b89c-b82a72cbe732} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {3dbc1f60-07d4-11e8-b377-645a04bf7d48} - G:\.\3G-Connect.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {42d70992-865b-11e7-b7c6-645a04bf7d48} - G:\.\Airtel_4G.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {5df88ca2-e54a-11e7-b29d-645a04bf7d48} - G:\Setup.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {5df88d2f-e54a-11e7-b29d-645a04bf7d48} - G:\Setup.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {8bf175d5-ec9c-11e7-9c03-645a04bf7d48} - I:\HiSuiteDownLoader.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {9296536d-7db4-11e7-864a-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {9d2a2790-7f31-11e7-9cba-645a04bf7d48} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {b7f4b303-133d-11e8-9350-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {d94178e9-7dc7-11e7-b485-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {e14b1898-479e-11e8-bc42-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {e14b18a3-479e-11e8-bc42-645a04bf7d48} - G:\AutoRun.exe
HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\MountPoints2: {f596b884-d03c-11e7-8c5c-645a04bf7d48} - G:\.\Airtel_4G.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177952 2016-07-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-07-11] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{03C537D5-A4D5-4555-9394-7EC1604B8EBB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0DDD04AC-7857-45E9-B8F7-4D85631F0411}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{238FEAC3-AEB6-4D96-B1FE-E91050F7DAC4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{238FEAC3-AEB6-4D96-B1FE-E91050F7DAC4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{245C93DB-554F-4F27-8273-577C237EDEE7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{245C93DB-554F-4F27-8273-577C237EDEE7}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{3C18D9E3-1C04-418E-9263-6EACA557253C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3C18D9E3-1C04-418E-9263-6EACA557253C}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{68FE99FC-C7EE-4B6F-8E7B-1DCCB7593CD4}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-570170127-3439773959-704584474-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-570170127-3439773959-704584474-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-570170127-3439773959-704584474-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-570170127-3439773959-704584474-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-570170127-3439773959-704584474-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-570170127-3439773959-704584474-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-15] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-15] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 23ofghs6.default
FF ProfilePath: C:\Users\RIYAS\AppData\Roaming\Mozilla\Firefox\Profiles\23ofghs6.default [2018-06-21]
FF Homepage: Mozilla\Firefox\Profiles\23ofghs6.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180604__yaff
FF NewTab: Mozilla\Firefox\Profiles\23ofghs6.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180604__yaff
FF SearchPlugin: C:\Users\RIYAS\AppData\Roaming\Mozilla\Firefox\Profiles\23ofghs6.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-06-05]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker => not found
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-15] (Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-01] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default [2018-06-22]
CHR Extension: (Slides) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-17]
CHR Extension: (Touch VPN) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2018-06-19]
CHR Extension: (YouTube) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-17]
CHR Extension: (Sheets) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-17]
CHR Extension: (160by2) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieodemnbjjlohmojcimkdpmdfjcihehg [2018-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Speedtest by Ookla) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2018-06-03]
CHR Extension: (Gmail) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-570170127-3439773959-704584474-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Download with Download Accelerator Plus (DAP)) - C:\Users\RIYAS\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekeecmblpnobdaijmfkcfcnofopooipg [2018-03-15]
StartMenuInternet: (HKLM) OperaStable - C:\Users\RIYAS\AppData\Local\Programs\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1810120 2018-02-15] ()
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [239184 2018-05-14] (CyberGhost S.A.)
S3 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2015-10-09] () [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-05] (Intel Corporation)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-11-24] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 Diag_driver_dev; C:\Windows\System32\DRIVERS\ztetsplog.sys [152848 2017-05-03] ( )
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [18560 2015-01-07] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380800 2015-01-07] (Huawei Technologies Co., Ltd.) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 MEMSWEEP2; C:\Windows\system32\7F1F.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 Modem_driver_d; C:\Windows\System32\DRIVERS\Modem_driver_d.sys [387416 2016-12-06] ( )
S3 Nmea_driver_dev; C:\Windows\System32\DRIVERS\ztetspnmea.sys [396176 2017-05-03] ( )
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
S1 SAVRKBootTasks; C:\Windows\SysWOW64\SAVRKBootTasks.sys [18816 2011-08-25] (Sophos Group) [File not signed]
S3 Updt_driver_dev; C:\Windows\System32\DRIVERS\Updt_driver_dev.sys [396176 2017-05-03] ( )
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 zteusbfilter1021; C:\Windows\System32\DRIVERS\zteusbfilter1021.sys [57048 2017-03-06] (ZTE Incorporated)
S3 zteusbnetqn4025; C:\Windows\System32\DRIVERS\zteusbnetqn4025.sys [397528 2017-03-06] (ZTE Incorporated)
S3 cmnuusbser14; system32\DRIVERS\cmnuusbser14.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 mmx_cmnxnet; system32\DRIVERS\mmx_cmnxnet.sys [X]
S3 mmx_cmnxusbser; system32\DRIVERS\mmx_cmnxusbser.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WCDMA_Datacard_Usb_Ser; system32\DRIVERS\WCDMA_Datacard_Usb_Ser.sys [X]
S3 WinRing0_1_2_0; \??\Z:\bin\tools\openhardwaremonitor\OpenHardwareMonitor.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-22 15:54 - 2018-06-22 15:55 - 000041999 _____ C:\Users\RIYAS\Downloads\Addition (1).txt
2018-06-22 15:54 - 2018-06-22 15:54 - 000040387 _____ C:\Users\RIYAS\Downloads\FRST.txt
2018-06-21 22:28 - 2018-06-21 22:28 - 000000043 _____ C:\Users\RIYAS\Downloads\fixlist.txt
2018-06-21 20:55 - 2018-06-21 20:55 - 000000000 ____D C:\Users\RIYAS\AppData\Local\CrashDumps
2018-06-21 20:36 - 2018-06-21 20:37 - 000003164 _____ C:\Users\RIYAS\Desktop\Rkill.txt
2018-06-21 20:31 - 2018-06-21 20:31 - 000441280 _____ C:\Users\RIYAS\Desktop\SysInspector-ROOT-180621-202538.zip
2018-06-21 20:29 - 2018-06-21 20:29 - 002109580 _____ C:\Users\RIYAS\Desktop\SysInspector-ROOT-180621-202538.txt
2018-06-21 20:08 - 2018-06-21 20:10 - 000125399 _____ C:\Users\RIYAS\Downloads\hosts.zip
2018-06-21 18:14 - 2018-06-21 20:33 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-06-21 17:16 - 2018-06-21 17:16 - 000000000 ____D C:\Users\RIYAS\AppData\Local\ESET
2018-06-21 15:51 - 2018-06-21 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-06-21 15:51 - 2018-06-21 15:51 - 000000000 ____D C:\ProgramData\ESET
2018-06-21 15:51 - 2018-06-21 15:51 - 000000000 ____D C:\Program Files\ESET
2018-06-21 15:03 - 2018-06-21 15:09 - 004279416 _____ (ESET) C:\Users\RIYAS\Downloads\eset_nod32_antivirus_live_installer.exe
2018-06-21 14:52 - 2018-06-21 14:52 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2018-06-21 12:45 - 2018-06-21 12:45 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5769B3F3.sys
2018-06-21 01:31 - 2018-06-21 01:31 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-06-21 01:29 - 2018-06-21 01:29 - 000000000 ____D C:\ProgramData\RogueKiller
2018-06-21 01:29 - 2018-06-21 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-06-21 01:29 - 2018-06-21 01:29 - 000000000 ____D C:\Program Files\RogueKiller
2018-06-21 01:24 - 2018-06-21 01:24 - 000000000 ____D C:\Windows\Trend Micro
2018-06-21 01:24 - 2018-06-21 01:24 - 000000000 ____D C:\ProgramData\Trend Micro
2018-06-21 01:16 - 2018-06-21 20:22 - 000000000 ____D C:\ProgramData\AVG
2018-06-21 01:10 - 2018-06-21 01:10 - 000522825 _____ C:\Users\RIYAS\AppData\Local\census.cache
2018-06-21 01:09 - 2018-06-21 01:09 - 000340588 _____ C:\Users\RIYAS\AppData\Local\ars.cache
2018-06-21 00:19 - 2018-06-21 00:19 - 000000036 _____ C:\Users\RIYAS\AppData\Local\housecall.guid.cache
2018-06-20 23:35 - 2018-06-20 23:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-20 20:46 - 2011-08-25 09:37 - 000018816 ____N (Sophos Group) C:\Windows\SysWOW64\SAVRKBootTasks.sys
2018-06-20 20:18 - 2011-08-25 09:33 - 000006144 ____N (Sophos Plc) C:\Windows\system32\7F1F.tmp
2018-06-20 20:17 - 2011-08-25 09:33 - 000006144 ____N (Sophos Plc) C:\Windows\system32\D43F.tmp
2018-06-20 20:16 - 2018-06-20 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-06-20 20:16 - 2018-06-20 20:16 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 ____H C:\Users\RIYAS\AppData\Local\BIT7423.tmp
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 _____ C:\Users\RIYAS\AppData\Local\{72368EF5-ACDD-465C-A3B8-0A2C6CA10BFD}
2018-06-19 16:49 - 2018-06-20 19:37 - 000000000 ____D C:\ProgramData\MB3Install
2018-06-19 16:37 - 2018-06-19 16:49 - 078101496 _____ (Malwarebytes ) C:\Windows\SysWOW64\mb-setup.exe
2018-06-19 16:30 - 2018-06-21 22:32 - 002413568 _____ (Farbar) C:\Users\RIYAS\Downloads\FRSTEnglish.exe
2018-06-19 14:50 - 2018-06-19 14:57 - 017583333 _____ C:\Users\RIYAS\Downloads\mbar-1.10.3.1001.zip
2018-06-19 14:32 - 2018-06-19 14:32 - 000025566 _____ C:\ProgramData\agent.uninstall.1529398959.bdinstall.bin
2018-06-19 14:26 - 2018-06-19 14:39 - 035086936 _____ (Malwarebytes ) C:\Users\RIYAS\Downloads\Unconfirmed 724565.crdownload
2018-06-19 14:24 - 2018-06-19 14:24 - 000001644 _____ C:\Users\RIYAS\Downloads\mb-clean-results.txt
2018-06-19 13:41 - 2018-06-19 13:41 - 000085600 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02111698.sys
2018-06-19 03:47 - 2018-06-19 03:47 - 000042582 _____ C:\ProgramData\agent.1529360227.bdinstall.bin
2018-06-19 03:29 - 2018-06-19 03:29 - 000000926 _____ C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-19 03:29 - 2018-06-19 03:29 - 000000926 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-19 03:29 - 2018-06-19 03:29 - 000000896 _____ C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-06-19 03:29 - 2018-06-19 03:29 - 000000896 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-06-19 03:02 - 2018-06-19 03:04 - 000211570 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_03.02.50_log.txt
2018-06-19 02:33 - 2018-06-19 02:35 - 000210908 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_02.33.54_log.txt
2018-06-19 02:26 - 2018-06-21 22:32 - 000000000 ____D C:\Users\RIYAS\Desktop\New folder (2)
2018-06-19 01:49 - 2018-06-19 01:49 - 000052320 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\35199727.sys
2018-06-19 01:09 - 2018-06-19 01:10 - 000000000 ____D C:\KVRT_Data
2018-06-19 00:06 - 2018-06-19 03:26 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-19 00:05 - 2018-06-19 03:26 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-18 23:05 - 2018-06-18 23:05 - 000000000 ____D C:\Users\RIYAS\Downloads\E3372h-607_Update_22.200.05.00.00_universal
2018-06-18 22:33 - 2018-06-18 22:33 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-06-18 22:11 - 2018-06-18 22:11 - 000000000 ____D C:\ProgramData\MB2Migration
2018-06-18 21:55 - 2018-06-22 15:56 - 000000000 ____D C:\FRST
2018-06-18 21:50 - 2018-06-18 21:51 - 000000000 ____D C:\AdwCleaner
2018-06-18 17:24 - 2018-06-18 17:24 - 000000000 ____D C:\Users\RIYAS\Downloads\mbam-chameleon-3.1.33.0
2018-06-14 20:27 - 2018-06-14 20:27 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-14 20:27 - 2018-06-14 20:27 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-14 20:15 - 2018-06-14 20:15 - 000923537 _____ C:\Users\RIYAS\Downloads\Turn Off IDM Auto-Update Notification - My PC Tips.pdf
2018-06-14 19:39 - 2018-06-21 01:11 - 000477682 _____ C:\Users\RIYAS\Desktop\n hosts.txt
2018-06-14 05:29 - 2018-06-14 05:29 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-14 05:29 - 2018-06-14 05:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-08 17:44 - 2018-06-09 14:49 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000UA
2018-06-08 17:44 - 2018-06-09 14:49 - 000003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000Core
2018-06-08 17:42 - 2018-06-21 22:10 - 000000000 ____D C:\Users\RIYAS\Desktop\New folder
2018-06-07 16:48 - 2018-06-10 09:46 - 008441460 _____ C:\Users\RIYAS\Documents\FIELD WORK PRESENTATION.pptx
2018-06-05 11:56 - 2018-06-05 11:56 - 000016640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-06-05 01:13 - 2018-06-05 01:13 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-06-05 01:11 - 2018-06-05 01:11 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-06-05 01:04 - 2018-06-21 20:42 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\uTorrent
2018-06-05 01:04 - 2018-06-05 01:04 - 000000847 _____ C:\Users\RIYAS\Desktop\µTorrent.lnk
2018-06-05 01:01 - 2018-06-21 21:26 - 000000000 ____D C:\Users\RIYAS\Downloads\uTorrent Pro 3.5.3 Build 44396 Full Crack CracksNow_
2018-06-05 01:01 - 2018-06-05 00:51 - 029739790 _____ C:\Users\RIYAS\Downloads\uTorrent Pro 3.5.3 Build 44396 Full Crack CracksNow .zip
2018-06-05 00:56 - 2018-06-21 22:56 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-05 00:56 - 2018-06-05 00:56 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-06-05 00:56 - 2018-06-05 00:56 - 000000000 ____D C:\Program Files\CCleaner
2018-06-05 00:49 - 2018-06-21 21:26 - 000000000 ____D C:\Users\RIYAS\Downloads\CCleaner (All Editions) 5.41.6446 Crack CracksNow_
2018-06-05 00:48 - 2018-06-05 00:48 - 000002071 _____ C:\Users\RIYAS\Downloads\read me.txt
2018-06-05 00:33 - 2018-06-21 21:26 - 000000000 ____D C:\Users\RIYAS\Downloads\Malwarebytes Premium 3.4.5.2467 Crack CracksNow_
2018-06-05 00:25 - 2018-06-21 21:26 - 000000000 ____D C:\Users\RIYAS\Downloads\Total Uninstall Professional 6.23.0.510 _28x86%29 Crack CracksMind_
2018-06-04 23:49 - 2018-06-04 23:49 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Obsidium
2018-06-04 22:23 - 2018-06-04 22:28 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Telegram Desktop
2018-06-04 22:23 - 2018-06-04 22:28 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-06-04 13:37 - 2018-06-04 13:37 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-06-04 13:37 - 2018-06-04 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-06-04 13:26 - 2018-06-04 13:59 - 000000000 ____D C:\Users\RIYAS\AppData\Local\CyberGhost
2018-06-04 13:25 - 2018-06-04 22:24 - 000000000 ____D C:\Program Files\CyberGhost 6
2018-06-04 13:25 - 2018-06-04 13:25 - 000001728 _____ C:\Users\RIYAS\Desktop\CyberGhost 6.lnk
2018-06-04 13:25 - 2018-06-04 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2018-05-27 15:40 - 2015-01-07 17:21 - 000018560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2018-05-27 15:40 - 2015-01-07 17:16 - 000380800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_wwanecm.sys
2018-05-27 15:40 - 2014-09-11 15:36 - 000457728 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2018-05-27 15:40 - 2014-08-21 13:40 - 000248320 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2018-05-27 15:40 - 2014-07-25 17:08 - 000125952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_cdcacm.sys
2018-05-27 15:40 - 2013-11-30 17:10 - 000077312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2018-05-27 15:40 - 2013-11-30 17:10 - 000030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2018-05-27 15:40 - 2013-11-30 16:55 - 000226176 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2018-05-27 15:40 - 2013-01-25 09:16 - 000109568 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2018-05-27 15:40 - 2010-10-08 16:59 - 000032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2018-05-27 15:40 - 2010-09-26 18:09 - 000022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2018-05-25 18:01 - 2018-06-10 14:37 - 000000000 ____D C:\Users\RIYAS\Downloads\New folder (2)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-22 15:52 - 2018-01-25 03:50 - 000004278 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{63818375-8335-4A5C-8361-85FD73B5C50E}
2018-06-22 15:38 - 2009-07-14 10:15 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-22 15:38 - 2009-07-14 10:15 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-22 15:35 - 2009-07-14 10:43 - 000863612 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-22 15:35 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-06-22 15:29 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-22 01:29 - 2017-09-19 14:17 - 000000252 _____ C:\Windows\Tasks\{5E612DA9-698B-41D1-BE36-24F3B190E1A9}.job
2018-06-21 22:15 - 2017-08-09 23:59 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Adobe
2018-06-21 22:11 - 2018-04-09 00:01 - 000000000 ____D C:\Users\RIYAS\Downloads\topdf (1)
2018-06-21 22:10 - 2018-05-08 19:15 - 000000000 ____D C:\Users\RIYAS\Downloads\AIRTEL-E3372-ORIGINAL-DASHBOARD
2018-06-21 22:10 - 2018-04-08 16:31 - 000000000 ____D C:\Users\RIYAS\Downloads\Muhammed Riyas V.K-Payslip
2018-06-21 22:10 - 2018-01-16 22:42 - 000000000 ___RD C:\Users\RIYAS\Documents\Scanned Documents
2018-06-21 22:10 - 2017-11-28 00:35 - 000000000 ____D C:\Users\RIYAS\Documents\Youcam
2018-06-21 22:10 - 2017-10-25 15:50 - 000000000 ____D C:\Users\RIYAS\Documents\OneNote Notebooks
2018-06-21 21:26 - 2018-02-09 01:33 - 000000000 ____D C:\Users\RIYAS\Downloads\New folder
2018-06-21 21:26 - 2017-08-10 12:34 - 000000000 ____D C:\Users\RIYAS\Downloads\torrents
2018-06-21 20:47 - 2017-08-09 22:28 - 000000000 ____D C:\ProgramData\DatacardService
2018-06-21 17:00 - 2017-08-09 23:26 - 000000000 ____D C:\KMPlayer
2018-06-21 14:49 - 2018-03-15 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2018-06-21 14:49 - 2018-01-25 12:44 - 000000000 ____D C:\Disk
2018-06-20 19:33 - 2017-08-09 22:18 - 000000000 ____D C:\Users\RIYAS
2018-06-19 15:03 - 2018-03-25 02:29 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-19 14:55 - 2017-08-09 22:36 - 000000000 ____D C:\Users\RIYAS\AppData\Local\Google
2018-06-19 03:29 - 2018-01-09 09:54 - 000000896 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-06-19 03:29 - 2018-01-09 09:53 - 000000926 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-18 22:44 - 2017-08-09 23:51 - 000000000 ____D C:\Users\RIYAS\Downloads\Compressed
2018-06-18 22:24 - 2017-08-10 12:53 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-18 19:30 - 2017-12-16 18:42 - 000000000 ____D C:\Users\RIYAS\AppData\Local\ElevatedDiagnostics
2018-06-18 19:07 - 2018-01-25 12:14 - 000000000 ____D C:\found.000
2018-06-18 18:45 - 2009-07-14 10:15 - 000012288 _____ C:\Windows\system32\umstartup.etl
2018-06-18 18:08 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\LiveKernelReports
2018-06-18 16:17 - 2018-02-04 14:35 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2018-06-14 19:43 - 2017-08-09 22:40 - 000002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-14 19:43 - 2017-08-09 22:40 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-14 18:58 - 2018-03-13 10:28 - 000003868 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1508862486
2018-06-14 06:07 - 2018-02-03 22:02 - 000000000 ____D C:\Program Files\Recuva
2018-06-08 12:27 - 2018-02-04 14:35 - 000000000 ____D C:\ProgramData\PCDr
2018-06-05 12:10 - 2017-10-21 11:47 - 000000000 ____D C:\Program Files\WinRAR
2018-06-05 01:13 - 2017-08-10 11:56 - 000000000 ___SD C:\Users\RIYAS\AppData\LocalLow\Temp
2018-06-05 00:38 - 2017-08-10 11:41 - 000000000 ____D C:\Windows\Panther
2018-06-04 23:58 - 2017-11-28 00:31 - 000000000 ____D C:\ProgramData\Temp

==================== Files in the root of some directories =======

2018-03-24 20:42 - 2018-03-24 20:42 - 000356864 _____ () C:\ProgramData\wmimgmt.exe
2017-10-21 10:34 - 2017-10-21 10:53 - 000000048 _____ () C:\Users\RIYAS\AppData\Roaming\MCVi2UserDetail.ini
2017-08-14 16:14 - 2017-10-17 15:31 - 000000024 _____ () C:\Users\RIYAS\AppData\Roaming\MyPhrases.dta
2017-09-20 00:17 - 2017-10-15 21:22 - 000000286 _____ () C:\Users\RIYAS\AppData\Roaming\WB.CFG
2018-06-21 01:09 - 2018-06-21 01:09 - 000340588 _____ () C:\Users\RIYAS\AppData\Local\ars.cache
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 ____H () C:\Users\RIYAS\AppData\Local\BIT7423.tmp
2018-06-21 01:10 - 2018-06-21 01:10 - 000522825 _____ () C:\Users\RIYAS\AppData\Local\census.cache
2017-12-14 17:47 - 2017-12-14 17:47 - 000000068 _____ () C:\Users\RIYAS\AppData\Local\evMXizQbsJ
2018-06-21 00:19 - 2018-06-21 00:19 - 000000036 _____ () C:\Users\RIYAS\AppData\Local\housecall.guid.cache
2018-01-25 12:45 - 2018-01-25 12:45 - 000140800 _____ () C:\Users\RIYAS\AppData\Local\installer.dat
2017-08-24 11:59 - 2017-09-13 11:22 - 000000600 _____ () C:\Users\RIYAS\AppData\Local\PUTTY.RND
2017-08-10 00:07 - 2018-03-15 20:02 - 000007597 _____ () C:\Users\RIYAS\AppData\Local\resmon.resmoncfg
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 _____ () C:\Users\RIYAS\AppData\Local\{72368EF5-ACDD-465C-A3B8-0A2C6CA10BFD}

Files to move or delete:
====================
C:\Windows\Tasks\{5E612DA9-698B-41D1-BE36-24F3B190E1A9}.job


Some files in TEMP:
====================
2018-06-21 22:41 - 2018-05-03 09:34 - 000858912 _____ (Malwarebytes) C:\Users\RIYAS\AppData\Local\Temp\mb-clean.exe
2018-06-21 22:41 - 2018-06-19 02:36 - 074288784 _____ (Malwarebytes ) C:\Users\RIYAS\AppData\Local\Temp\mb3-setup-1878.1878-3.5.1.2522.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-19 17:32

==================== End of FRST.txt ============================
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by #root (22-06-2018 15:57:27)
Running from C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion\FRST-OlderVersion
Windows 7 Professional (X64) (2017-08-09 16:48:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

#root (S-1-5-21-570170127-3439773959-704584474-1000 - Administrator - Enabled) => C:\Users\RIYAS
Administrator (S-1-5-21-570170127-3439773959-704584474-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-570170127-3439773959-704584474-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-570170127-3439773959-704584474-1009 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 3.7.0 - philandro Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version: - Cisco Systems, Inc.)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.A.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
f.lux (HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.5 - PandoraTV)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (HKLM-x32\...\NVIDIA StereoUSB Driver) (Version: 260.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA Update 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation)
Opera Stable 53.0.2907.99 (HKLM-x32\...\Opera 53.0.2907.99) (Version: 53.0.2907.99 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.14.0 - Prolific Technology Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.88.617.2014 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.12.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.23.0 - Adlice Software)
Sophos Anti-Rootkit 1.5.23 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.23 - Sophos Plc)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.5058 - TeamViewer)
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-570170127-3439773959-704584474-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-04-05] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-07-11] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {063189E1-7E54-4255-A38A-2913E8EE64D6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-21] (AVG Technologies CZ, s.r.o.)
Task: {0BD5A536-CB89-4011-929D-EB1B660E2F82} - \SUPERAntiSpyware Scheduled Task 5dec0090-8f5b-4de8-9842-4cd6297ef99b -> No File <==== ATTENTION
Task: {166B1371-D6BA-4624-BE95-0D92DFF2C657} - System32\Tasks\{C9A6BF6A-7464-4DB8-8429-DDC0765B3A8D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\security\security.exe" -c /U
Task: {1CC231C0-DDFB-4DB3-82A9-847BD2EB7860} - System32\Tasks\Opera scheduled Autoupdate 1502349815 => C:\Users\RIYAS\AppData\Local\Programs\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {23C51783-D2A2-44BB-8D5F-097D3DFCD9A7} - System32\Tasks\Opera scheduled Autoupdate 1508862486 => C:\Users\RIYAS\AppData\Local\Programs\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {293F88BB-967B-4200-984D-6816F75C807F} - System32\Tasks\{5E612DA9-698B-41D1-BE36-24F3B190E1A9} => C:\PROGRA~2\COMMON~1\Cohoniti\UpdTask.exe <==== ATTENTION
Task: {2F226B2A-32A4-4142-AF9D-B053B6990690} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()
Task: {322CE6CC-C596-4526-95DC-75912D3DC5C5} - System32\Tasks\Aginity Weather Suite => C:\Windows\system32\rundll32.exe "C:\Program Files\Aginity Weather Suite\Aginity Weather Suite.dll",igpIAfn <==== ATTENTION
Task: {40C7A443-00DF-472B-A91D-6499E434353A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-09] (Google Inc.)
Task: {420967BD-7C2F-44CF-99F0-3C5F337C8926} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-07] (Piriform Ltd)
Task: {501000B8-EA69-43D1-B032-5CB37F3AB418} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {5B45E367-825F-45AD-9388-26EBE4F035DF} - System32\Tasks\{E10233AC-8382-451C-8E2A-B83ED129F5CE} => C:\Windows\system32\pcalua.exe -a C:\Users\RIYAS\Downloads\Synaptics_v15_1_22_2_C_XP64_Vista64_Win7-64.exe -d C:\Users\RIYAS\Downloads
Task: {5E6B5E76-C738-4736-9DC4-F4CBEF2A6793} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-07] (Piriform Ltd)
Task: {5EC76A5D-ECCD-47BA-8D3B-74D6266263E9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {7B2E5987-4743-4D15-AEA0-A785B3A3BF31} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7DA2BE0D-1B82-476C-B310-710CE01D4644} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {8C325114-7B4C-4651-9E2B-F49223668DBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000Core => C:\Users\RIYAS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A6D798CC-DD6C-4700-94A9-0CEAA91522BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000UA => C:\Users\RIYAS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BDE23A53-E5D5-4CBB-B05C-C5D4549BA9F7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe
Task: {CFEA4CAE-9717-4F37-ABCD-B95AA6752A41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-09] (Google Inc.)
Task: {E06CA1F6-01AC-451A-8B96-E4B88DDFA983} - System32\Tasks\{3909A959-8E14-4C30-9E62-015217DD552F} => C:\Windows\system32\pcalua.exe -a E:\install.exe -d E:\
Task: {E212F498-38D7-4B11-A295-E8722357AD30} - \022d67a112d6dc9386f6ad10d6873e8d -> No File <==== ATTENTION
Task: {E292D3AF-998D-4CB2-9615-5DC8ACC81300} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()
Task: {F462100F-E8FC-4DB0-B538-05A1F507ED0C} - \SUPERAntiSpyware Scheduled Task 1fbeeef5-eb20-4553-a9a3-677747d2065f -> No File <==== ATTENTION
Task: {F7F9996F-E991-44E3-8719-21EFDCC3355C} - System32\Tasks\McInstruTrack => C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe [2017-09-05] (McAfee, Inc.)
Task: {F9F38E99-524C-4704-BB61-7F53FD9B076D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{5E612DA9-698B-41D1-BE36-24F3B190E1A9}.job => C:\PROGRA~2\COMMON~1\Cohoniti\UpdTask.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2017-08-09 23:00 - 2016-07-11 07:43 - 000020536 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-08-09 23:03 - 2016-07-11 04:47 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-02-14 18:34 - 2018-02-14 18:34 - 000071640 _____ () C:\Program Files\Dell\SupportAssistAgent\bin\SmartThreadPool.dll
2018-02-14 18:34 - 2018-02-14 18:34 - 000010712 _____ () C:\Program Files\Dell\SupportAssistAgent\bin\Owin.dll
2017-08-09 23:00 - 2016-07-11 07:43 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2018-06-14 19:43 - 2018-06-12 11:16 - 003867480 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-14 19:43 - 2018-06-12 11:16 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [272]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09720012.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48539134.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\09720012.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48539134.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\kmpmedia.net -> player.kmpmedia.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-06-17 16:29 - 2018-06-21 22:36 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-570170127-3439773959-704584474-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AnyDesk.lnk => C:\Windows\pss\AnyDesk.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^RIYAS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Airtel 4G => C:\Program Files (x86)\Airtel 4G\Main\LaunchAssistant.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET Security\ecmds.exe" /launch /hide
MSCONFIG\startupreg: Google Update => C:\Users\RIYAS\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_AECF93FEF8D35C7D9F50A7D258DC2D11 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: MiPhoneManager => "C:\Users\RIYAS\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
MSCONFIG\startupreg: Multitimer => "C:\Program Files (x86)\Multitimer\Multitimer.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SERVICE =>
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\Reliance 3G\UIExec.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\RIYAS\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: wmi32 => "C:\ProgramData\Application Data\wmimgmt.exe"
MSCONFIG\startupreg: {7401410A-CF98-40EF-A6B6-236F8745DF8B} => "C:\Program Files (x86)\Airtel MF833T\UUShell.exe" /CallBySystem
MSCONFIG\startupreg: 小米云服务 => "C:\Users\RIYAS\AppData\Local\MiCloudPC\update.exe" --processStart "小米云服务.exe" --process-start-args "--hidden"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8D61D523-6415-4160-BBFD-3D58A6EF8845}] => (Allow) C:\Users\RIYAS\AppData\Local\Programs\Opera\47.0.2631.39\opera.exe
FirewallRules: [{38C78249-B4C3-4B28-9255-7D452ADCA4A3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C38A4FF1-4A1F-4C15-889F-EC9201A072B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{85BAB05E-FB94-49E1-BA3A-45E2B9BC6D99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{28D44290-7B03-4D16-89FB-0EC52143F202}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1BCDAFDB-FF33-4BCA-8E61-389837FBFC7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11BB2D0B-7ABC-4436-A03B-0AE93C45CD6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3BEA4E21-0968-4649-B133-A867FCC4E12C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4F7C7ECC-D3C8-4866-A2B6-A6C43D099E8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D0076214-AFF0-45F1-8AF4-54FCC0597FA6}] => (Block) %SystemDrive%\KMPlayer\KMPlayer.exe
FirewallRules: [{17468987-1C40-4F2D-9CF5-FB57E38E512A}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{C4B2036B-CEC1-42AD-83AC-4D01E2B327D8}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{11843274-83FE-4419-8C32-D938C88921C0}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{C77BF6BA-1D12-47D6-BBBF-5F9472596937}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{FE97AF78-B607-4DFE-BA57-2BA11C907423}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{B0E2BA3A-18A1-471A-A737-419005F56E73}] => (Allow) C:\Users\RIYAS\AppData\Local\Programs\Opera\53.0.2907.68\opera.exe
FirewallRules: [{32152ED1-4098-4087-BC38-BABE891BD3AF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{E7CBB80B-F9C2-44AD-8744-5B78C0D9DAB0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{3759487B-C124-4012-AB52-1DFBACA8EF7A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{37FA9A76-BC98-4F66-BEFD-900AE1E65F57}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{F1F5D79F-06D2-4256-92CF-FFAD275895BF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{2FAA0721-06A8-47A5-8E45-CAB36097D901}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [TCP Query User{DEF79258-C34E-49E8-B0B1-E77EAE7544D6}C:\users\riyas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\riyas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{762FC2E3-3C7B-48A9-8C74-5D010D1D4BAA}C:\users\riyas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\riyas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4B30392C-5FE6-473E-88AD-57B6C5887A86}] => (Allow) C:\Users\RIYAS\AppData\Local\Programs\Opera\53.0.2907.99\opera.exe
FirewallRules: [{98613B00-8E97-4E0C-9501-5B178B21B7B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-06-2018 17:39:44 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2018 10:49:59 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ at System.Net.HttpWebRequest.GetResponse()
at eSupport.Common.Client.Core.DownloadHelper.c7830ac1bc4e91dab8bde579f211f329c(String c8673d9709497f3c74ce807a680598785, String c91396822be155ce2c311fce26d8381b0, String c4f92ed345e3cbb336c52d8fa69d33697)]]></StackTrace><SysInfo STag="J1P6812" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="A12" SMBIOSPresent="True" Rel_Date="20160513000000.000000+000" DSDVersion="10.0.3.0" Vendor="Dell Inc." PName="Inspiron 3542" Ident_Num="ROOT" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 7 Professional"/><HostIP>192.168.43.218</HostIP></Exception>

Error: (06/21/2018 10:46:43 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: HB_StopScreenSaver
Object description:
The HRESULT was 80070005.

Error: (06/21/2018 10:45:01 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: HB_StopScreenSaver
Object description:
The HRESULT was 80070005.

Error: (06/21/2018 10:35:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRSTEnglish.exe version 6.6.2018.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a8

Start Time: 01d40981f2ee44f9

Termination Time: 7

Application Path: C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion\FRSTEnglish.exe

Report Id: 3ff6d486-7575-11e8-a20c-645a04bf7d48

Error: (06/21/2018 10:17:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-570170127-3439773959-704584474-1000}/">.

Error: (06/21/2018 08:55:12 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ at System.Net.HttpWebRequest.GetResponse()
at eSupport.Common.Client.Core.DownloadHelper.c7830ac1bc4e91dab8bde579f211f329c(String c8673d9709497f3c74ce807a680598785, String c91396822be155ce2c311fce26d8381b0, String c4f92ed345e3cbb336c52d8fa69d33697)]]></StackTrace><SysInfo STag="J1P6812" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="A12" SMBIOSPresent="True" Rel_Date="20160513000000.000000+000" DSDVersion="10.0.3.0" Vendor="Dell Inc." PName="Inspiron 3542" Ident_Num="ROOT" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 7 Professional"/><HostIP>127.0.0.1</HostIP></Exception>

Error: (06/21/2018 08:55:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nailsetter.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: nailsetter.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x36c
Faulting application start time: 0x01d4097406d1cff1
Faulting application path: C:\Users\RIYAS\Desktop\New folder (2)\RootkitRevealer\nailsetter.exe
Faulting module path: C:\Users\RIYAS\Desktop\New folder (2)\RootkitRevealer\nailsetter.exe
Report Id: 45b62f15-7567-11e8-a20c-645a04bf7d48

Error: (06/21/2018 08:53:49 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-570170127-3439773959-704584474-1000}/">.


System errors:
=============
Error: (06/22/2018 03:29:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (06/21/2018 10:47:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (06/21/2018 10:45:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (06/21/2018 10:44:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (06/21/2018 10:42:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (06/21/2018 10:37:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (06/21/2018 10:36:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s).

Error: (06/21/2018 10:36:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2018-06-18 22:40:58.288
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{FA087DA8-DD99-4F3E-8D7B-B770005BADD0}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-01-25 12:41:13.644
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload!rfn&threatid=213866
Name:TrojanDownloader:Win32/Adload!rfn
ID:213866
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\RIYAS\Downloads\torrents\Malwarebytes Anti-Malware Premium 2.1.4.1018 Final Incl. Keys [ATOM]\mbam-setup-2.1.4.1018.exe;process:pid:420
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2018-01-25 12:41:11.680
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload!rfn&threatid=213866
Name:TrojanDownloader:Win32/Adload!rfn
ID:213866
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\RIYAS\Downloads\torrents\Malwarebytes Anti-Malware Premium 2.1.4.1018 Final Incl. Keys [ATOM]\mbam-setup-2.1.4.1018.exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2018-01-24 13:58:57.889
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Obrypser&threatid=237525
Name:BrowserModifier:Win32/Obrypser
ID:237525
Severity:High
Category:Browser Modifier
Path Found:file:D:\software\IDM_6.29_Serial_Key_Crack_Patch_Full_Free_Download (1).exe;file:D:\software\IDM_6.29_Serial_Key_Crack_Patch_Full_Free_Download.exe
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe

Date: 2017-12-15 21:14:14.599
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{3694CFAB-10A1-4DA7-B99A-40AFFD06C842}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2018-06-20 20:43:15.489
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:43:15.482
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:42:56.507
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:42:56.497
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:40:31.362
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:40:31.316
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:18:53.952
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:18:53.952
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 57%
Total physical RAM: 3233.98 MB
Available physical RAM: 1374.85 MB
Total Virtual: 6466.1 MB
Available Virtual: 4246.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:62.05 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:0.53 GB) NTFS
Drive e: () (Fixed) (Total:221.62 GB) (Free:15.92 GB) NTFS

\\?\Volume{60df8e52-7d8a-11e7-a24f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 746367AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Posts: 55,827   +503
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
please check rogue killer scan log



RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : #root [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/23/2018 13:30:01 (Duration : 00:21:45)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 ATA Device +++++
--- User ---
[MBR] bd616b3c2eabba8a91165b60db015ae7
[BSP] b486f3352006716add5f25ba2ba4fb1b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 150000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512002048 | Size: 226938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
I downloaded malwarebytes it says to reboot the system to install the malwarebytes, after the reboot it says the same , reboot to install malwarebytes
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
pls check AdwCleaner scan log

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-04-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2018
# Duration: 00:00:37
# OS: Windows 7 Professional
# Scanned: 40920
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [4807 octets] - [18/06/2018 21:51:11]
AdwCleaner[C00].txt - [4144 octets] - [18/06/2018 21:51:50]
AdwCleaner[S01].txt - [1249 octets] - [18/06/2018 23:16:22]
AdwCleaner[S02].txt - [1329 octets] - [19/06/2018 03:07:20]
AdwCleaner[C02].txt - [1414 octets] - [19/06/2018 03:08:12]
AdwCleaner[S03].txt - [1315 octets] - [20/06/2018 23:07:54]
AdwCleaner[C03].txt - [1382 octets] - [20/06/2018 23:08:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
 

Broni

Posts: 55,827   +503
Regarding Malwarebytes installation create new topic at their forum: https://forums.malwarebytes.com/
They should be able to help you.

Here...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
Sorry for the delay
please check the FRST logs



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by #root (administrator) on ROOT (02-07-2018 23:42:08)
Running from C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion
Loaded Profiles: #root (Available Profiles: #root & Administrator & Guest)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-07] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177952 2016-07-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-07-11] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{03C537D5-A4D5-4555-9394-7EC1604B8EBB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0DDD04AC-7857-45E9-B8F7-4D85631F0411}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{238FEAC3-AEB6-4D96-B1FE-E91050F7DAC4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{238FEAC3-AEB6-4D96-B1FE-E91050F7DAC4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{245C93DB-554F-4F27-8273-577C237EDEE7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{245C93DB-554F-4F27-8273-577C237EDEE7}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{3C18D9E3-1C04-418E-9263-6EACA557253C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3C18D9E3-1C04-418E-9263-6EACA557253C}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{68FE99FC-C7EE-4B6F-8E7B-1DCCB7593CD4}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-570170127-3439773959-704584474-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-570170127-3439773959-704584474-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-570170127-3439773959-704584474-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-570170127-3439773959-704584474-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-570170127-3439773959-704584474-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-570170127-3439773959-704584474-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-15] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-15] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 23ofghs6.default
FF ProfilePath: C:\Users\RIYAS\AppData\Roaming\Mozilla\Firefox\Profiles\23ofghs6.default [2018-07-02]
FF Homepage: Mozilla\Firefox\Profiles\23ofghs6.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180604__yaff
FF NewTab: Mozilla\Firefox\Profiles\23ofghs6.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180604__yaff
FF SearchPlugin: C:\Users\RIYAS\AppData\Roaming\Mozilla\Firefox\Profiles\23ofghs6.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-06-05]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker => not found
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-15] (Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-01] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default [2018-07-02]
CHR Extension: (Slides) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-17]
CHR Extension: (Touch VPN) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2018-06-19]
CHR Extension: (YouTube) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-17]
CHR Extension: (Sheets) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-17]
CHR Extension: (160by2) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieodemnbjjlohmojcimkdpmdfjcihehg [2018-07-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Speedtest by Ookla) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2018-06-03]
CHR Extension: (Gmail) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\RIYAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-570170127-3439773959-704584474-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (No Name) - C:\Users\RIYAS\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekeecmblpnobdaijmfkcfcnofopooipg [2018-03-15]
StartMenuInternet: (HKLM) OperaStable - C:\Users\RIYAS\AppData\Local\Programs\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1810120 2018-02-15] ()
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [239184 2018-05-14] (CyberGhost S.A.)
S3 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2015-10-09] () [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-05] (Intel Corporation)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-11-24] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [18560 2015-01-07] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380800 2015-01-07] (Huawei Technologies Co., Ltd.) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 MEMSWEEP2; C:\Windows\system32\7F1F.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2017-09-12] (PC-Doctor, Inc.)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 zteusbfilter1021; C:\Windows\System32\DRIVERS\zteusbfilter1021.sys [57048 2017-03-06] (ZTE Incorporated)
S3 zteusbnetqn4025; C:\Windows\System32\DRIVERS\zteusbnetqn4025.sys [397528 2017-03-06] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cmnuusbser14; system32\DRIVERS\cmnuusbser14.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 mmx_cmnxnet; system32\DRIVERS\mmx_cmnxnet.sys [X]
S3 mmx_cmnxusbser; system32\DRIVERS\mmx_cmnxusbser.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WCDMA_Datacard_Usb_Ser; system32\DRIVERS\WCDMA_Datacard_Usb_Ser.sys [X]
S3 WinRing0_1_2_0; \??\Z:\bin\tools\openhardwaremonitor\OpenHardwareMonitor.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-02 23:40 - 2018-07-02 23:40 - 000017003 _____ C:\ComboFix.txt
2018-07-02 23:28 - 2011-06-26 12:15 - 000256000 _____ C:\Windows\PEV.exe
2018-07-02 23:28 - 2010-11-07 22:50 - 000208896 _____ C:\Windows\MBR.exe
2018-07-02 23:28 - 2009-04-20 10:26 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-07-02 23:28 - 2000-08-31 05:30 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-07-02 23:28 - 2000-08-31 05:30 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-07-02 23:28 - 2000-08-31 05:30 - 000098816 _____ C:\Windows\sed.exe
2018-07-02 23:28 - 2000-08-31 05:30 - 000080412 _____ C:\Windows\grep.exe
2018-07-02 23:28 - 2000-08-31 05:30 - 000068096 _____ C:\Windows\zip.exe
2018-07-02 23:27 - 2018-07-02 23:40 - 000000000 ____D C:\Qoobox
2018-07-02 23:27 - 2018-07-02 23:39 - 000000000 ____D C:\Windows\erdnt
2018-06-29 16:09 - 2018-06-29 16:09 - 000039568 _____ C:\Users\RIYAS\Downloads\the-amazing-spider-man-english-yify-2205.zip
2018-06-29 16:00 - 2018-06-29 16:00 - 000034271 _____ C:\Users\RIYAS\Downloads\Padmaavat (Padmavati) 2018 - English.zip
2018-06-25 14:41 - 2018-06-25 14:41 - 000086016 _____ C:\Users\RIYAS\Desktop\Print Visa.pdf
2018-06-24 22:37 - 2018-06-24 22:37 - 000001035 _____ C:\Users\RIYAS\Desktop\1.txt
2018-06-24 22:26 - 2018-06-24 22:26 - 000001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2018-06-24 22:26 - 2018-06-24 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2018-06-24 22:26 - 2018-06-24 22:26 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-06-24 15:17 - 2018-06-24 15:19 - 000028300 _____ C:\Users\RIYAS\Desktop\mb-check-results.zip
2018-06-24 15:15 - 2018-06-24 15:16 - 000003366 _____ C:\Users\RIYAS\Desktop\mb-clean-results.txt
2018-06-24 15:14 - 2018-06-24 15:16 - 002326304 _____ (Malwarebytes Corporation) C:\Users\RIYAS\Downloads\mb-check-3.1.10.1000.exe
2018-06-24 15:13 - 2018-06-24 15:15 - 000858912 _____ (Malwarebytes) C:\Users\RIYAS\Downloads\mb-clean-3.1.0.1035.exe
2018-06-23 14:10 - 2018-06-23 14:12 - 007372496 _____ (Malwarebytes) C:\Users\RIYAS\Downloads\adwcleaner_7.2.0.exe
2018-06-22 15:54 - 2018-06-22 15:55 - 000041999 _____ C:\Users\RIYAS\Downloads\Addition (1).txt
2018-06-22 15:54 - 2018-06-22 15:54 - 000040387 _____ C:\Users\RIYAS\Downloads\FRST.txt
2018-06-21 22:28 - 2018-07-02 23:13 - 000000090 _____ C:\Users\RIYAS\Downloads\fixlist.txt
2018-06-21 20:55 - 2018-07-02 23:24 - 000000000 ____D C:\Users\RIYAS\AppData\Local\CrashDumps
2018-06-21 20:08 - 2018-06-21 20:10 - 000125399 _____ C:\Users\RIYAS\Downloads\hosts.zip
2018-06-21 18:14 - 2018-06-21 20:33 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-06-21 17:16 - 2018-06-21 17:16 - 000000000 ____D C:\Users\RIYAS\AppData\Local\ESET
2018-06-21 15:03 - 2018-06-21 15:09 - 004279416 _____ (ESET) C:\Users\RIYAS\Downloads\eset_nod32_antivirus_live_installer.exe
2018-06-21 14:52 - 2018-06-21 14:52 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2018-06-21 12:45 - 2018-06-21 12:45 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5769B3F3.sys
2018-06-21 01:31 - 2018-06-21 01:31 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-06-21 01:29 - 2018-06-23 14:03 - 000000000 ____D C:\ProgramData\RogueKiller
2018-06-21 01:29 - 2018-06-21 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-06-21 01:29 - 2018-06-21 01:29 - 000000000 ____D C:\Program Files\RogueKiller
2018-06-21 01:24 - 2018-06-21 01:24 - 000000000 ____D C:\Windows\Trend Micro
2018-06-21 01:24 - 2018-06-21 01:24 - 000000000 ____D C:\ProgramData\Trend Micro
2018-06-21 01:16 - 2018-06-21 20:22 - 000000000 ____D C:\ProgramData\AVG
2018-06-21 01:10 - 2018-06-21 01:10 - 000522825 _____ C:\Users\RIYAS\AppData\Local\census.cache
2018-06-21 01:09 - 2018-06-21 01:09 - 000340588 _____ C:\Users\RIYAS\AppData\Local\ars.cache
2018-06-21 00:19 - 2018-06-21 00:19 - 000000036 _____ C:\Users\RIYAS\AppData\Local\housecall.guid.cache
2018-06-20 23:35 - 2018-06-20 23:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-20 20:18 - 2011-08-25 09:33 - 000006144 ____N (Sophos Plc) C:\Windows\system32\7F1F.tmp
2018-06-20 20:17 - 2011-08-25 09:33 - 000006144 ____N (Sophos Plc) C:\Windows\system32\D43F.tmp
2018-06-20 20:16 - 2018-06-23 19:14 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 ____H C:\Users\RIYAS\AppData\Local\BIT7423.tmp
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 _____ C:\Users\RIYAS\AppData\Local\{72368EF5-ACDD-465C-A3B8-0A2C6CA10BFD}
2018-06-19 16:49 - 2018-06-20 19:37 - 000000000 ____D C:\ProgramData\MB3Install
2018-06-19 16:37 - 2018-06-19 16:49 - 078101496 _____ (Malwarebytes ) C:\Windows\SysWOW64\mb-setup.exe
2018-06-19 16:30 - 2018-06-21 22:32 - 002413568 _____ (Farbar) C:\Users\RIYAS\Downloads\FRSTEnglish.exe
2018-06-19 14:50 - 2018-06-19 14:57 - 017583333 _____ C:\Users\RIYAS\Downloads\mbar-1.10.3.1001.zip
2018-06-19 14:32 - 2018-06-19 14:32 - 000025566 _____ C:\ProgramData\agent.uninstall.1529398959.bdinstall.bin
2018-06-19 14:26 - 2018-06-19 14:39 - 035086936 _____ (Malwarebytes ) C:\Users\RIYAS\Downloads\Unconfirmed 724565.crdownload
2018-06-19 14:24 - 2018-06-19 14:24 - 000001644 _____ C:\Users\RIYAS\Downloads\mb-clean-results.txt
2018-06-19 13:41 - 2018-06-19 13:41 - 000085600 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02111698.sys
2018-06-19 03:47 - 2018-06-19 03:47 - 000042582 _____ C:\ProgramData\agent.1529360227.bdinstall.bin
2018-06-19 03:29 - 2018-06-19 03:29 - 000000926 _____ C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-19 03:29 - 2018-06-19 03:29 - 000000926 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-19 03:29 - 2018-06-19 03:29 - 000000896 _____ C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-06-19 03:29 - 2018-06-19 03:29 - 000000896 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-06-19 03:02 - 2018-06-19 03:04 - 000211570 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_03.02.50_log.txt
2018-06-19 02:33 - 2018-06-19 02:35 - 000210908 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_02.33.54_log.txt
2018-06-19 02:26 - 2018-06-25 19:33 - 000000000 ____D C:\Users\RIYAS\Desktop\New folder (2)
2018-06-19 01:49 - 2018-06-19 01:49 - 000052320 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\35199727.sys
2018-06-19 01:09 - 2018-06-19 01:10 - 000000000 ____D C:\KVRT_Data
2018-06-19 00:06 - 2018-06-19 03:26 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-19 00:05 - 2018-06-19 03:26 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-18 23:05 - 2018-06-18 23:05 - 000000000 ____D C:\Users\RIYAS\Downloads\E3372h-607_Update_22.200.05.00.00_universal
2018-06-18 22:33 - 2018-06-18 22:33 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-06-18 22:11 - 2018-06-18 22:11 - 000000000 ____D C:\ProgramData\MB2Migration
2018-06-18 21:55 - 2018-07-02 23:42 - 000000000 ____D C:\FRST
2018-06-18 21:50 - 2018-06-18 21:51 - 000000000 ____D C:\AdwCleaner
2018-06-18 17:24 - 2018-06-18 17:24 - 000000000 ____D C:\Users\RIYAS\Downloads\mbam-chameleon-3.1.33.0
2018-06-14 20:27 - 2018-06-14 20:27 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-14 20:27 - 2018-06-14 20:27 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-14 20:15 - 2018-06-14 20:15 - 000923537 _____ C:\Users\RIYAS\Downloads\Turn Off IDM Auto-Update Notification - My PC Tips.pdf
2018-06-14 19:39 - 2018-06-21 01:11 - 000477682 _____ C:\Users\RIYAS\Desktop\n hosts.txt
2018-06-14 05:29 - 2018-06-14 05:29 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-14 05:29 - 2018-06-14 05:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-08 17:44 - 2018-06-09 14:49 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000UA
2018-06-08 17:44 - 2018-06-09 14:49 - 000003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000Core
2018-06-08 17:42 - 2018-06-21 22:10 - 000000000 ____D C:\Users\RIYAS\Desktop\New folder
2018-06-07 16:48 - 2018-06-10 09:46 - 008441460 _____ C:\Users\RIYAS\Documents\FIELD WORK PRESENTATION.pptx
2018-06-05 11:56 - 2018-06-05 11:56 - 000020644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-06-05 01:13 - 2018-06-05 01:13 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-06-05 01:11 - 2018-06-05 01:11 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-06-05 01:04 - 2018-06-21 20:42 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\uTorrent
2018-06-05 01:04 - 2018-06-05 01:04 - 000000847 _____ C:\Users\RIYAS\Desktop\µTorrent.lnk
2018-06-05 01:01 - 2018-06-21 21:26 - 000000000 ____D C:\Users\RIYAS\Downloads\uTorrent Pro 3.5.3 Build 44396 Full Crack CracksNow_
2018-06-05 01:01 - 2018-06-05 00:51 - 029739790 _____ C:\Users\RIYAS\Downloads\uTorrent Pro 3.5.3 Build 44396 Full Crack CracksNow .zip
2018-06-05 00:56 - 2018-06-29 17:30 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-05 00:56 - 2018-06-05 00:56 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-06-05 00:56 - 2018-06-05 00:56 - 000000000 ____D C:\Program Files\CCleaner
2018-06-05 00:49 - 2018-06-21 21:26 - 000000000 ____D C:\Users\RIYAS\Downloads\CCleaner (All Editions) 5.41.6446 Crack CracksNow_
2018-06-05 00:48 - 2018-06-05 00:48 - 000002071 _____ C:\Users\RIYAS\Downloads\read me.txt
2018-06-05 00:25 - 2018-06-21 21:26 - 000000000 ____D C:\Users\RIYAS\Downloads\Total Uninstall Professional 6.23.0.510 _28x86%29 Crack CracksMind_
2018-06-04 23:49 - 2018-06-04 23:49 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Obsidium
2018-06-04 22:23 - 2018-06-04 22:28 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Telegram Desktop
2018-06-04 22:23 - 2018-06-04 22:28 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-06-04 13:37 - 2018-06-04 13:37 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-06-04 13:37 - 2018-06-04 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-06-04 13:26 - 2018-06-04 13:59 - 000000000 ____D C:\Users\RIYAS\AppData\Local\CyberGhost
2018-06-04 13:25 - 2018-06-04 22:24 - 000000000 ____D C:\Program Files\CyberGhost 6
2018-06-04 13:25 - 2018-06-04 13:25 - 000001728 _____ C:\Users\RIYAS\Desktop\CyberGhost 6.lnk
2018-06-04 13:25 - 2018-06-04 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-02 23:42 - 2009-07-14 10:43 - 000863612 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-02 23:42 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-07-02 23:37 - 2009-07-14 08:04 - 000000215 _____ C:\Windows\system.ini
2018-07-02 23:36 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-02 23:23 - 2009-07-14 10:15 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-02 23:23 - 2009-07-14 10:15 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-02 23:17 - 2017-10-13 01:03 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\vlc
2018-07-02 23:10 - 2018-01-25 03:50 - 000004278 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{63818375-8335-4A5C-8361-85FD73B5C50E}
2018-06-29 23:34 - 2017-08-09 23:26 - 000000000 ____D C:\KMPlayer
2018-06-29 16:39 - 2017-08-09 22:40 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-29 16:39 - 2017-08-09 22:40 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-23 19:13 - 2017-08-09 23:59 - 000000000 ____D C:\Users\RIYAS\AppData\Roaming\Adobe
2018-06-22 19:49 - 2017-08-10 12:34 - 000000000 ____D C:\Users\RIYAS\Downloads\torrents
2018-06-21 22:11 - 2018-04-09 00:01 - 000000000 ____D C:\Users\RIYAS\Downloads\topdf (1)
2018-06-21 22:10 - 2018-05-08 19:15 - 000000000 ____D C:\Users\RIYAS\Downloads\AIRTEL-E3372-ORIGINAL-DASHBOARD
2018-06-21 22:10 - 2018-04-08 16:31 - 000000000 ____D C:\Users\RIYAS\Downloads\Muhammed Riyas V.K-Payslip
2018-06-21 22:10 - 2018-01-16 22:42 - 000000000 ___RD C:\Users\RIYAS\Documents\Scanned Documents
2018-06-21 22:10 - 2017-11-28 00:35 - 000000000 ____D C:\Users\RIYAS\Documents\Youcam
2018-06-21 22:10 - 2017-10-25 15:50 - 000000000 ____D C:\Users\RIYAS\Documents\OneNote Notebooks
2018-06-21 21:26 - 2018-02-09 01:33 - 000000000 ____D C:\Users\RIYAS\Downloads\New folder
2018-06-21 20:47 - 2017-08-09 22:28 - 000000000 ____D C:\ProgramData\DatacardService
2018-06-21 14:49 - 2018-03-15 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2018-06-21 14:49 - 2018-01-25 12:44 - 000000000 ____D C:\Disk
2018-06-20 19:33 - 2017-08-09 22:18 - 000000000 ____D C:\Users\RIYAS
2018-06-19 15:03 - 2018-03-25 02:29 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-19 14:55 - 2017-08-09 22:36 - 000000000 ____D C:\Users\RIYAS\AppData\Local\Google
2018-06-19 03:29 - 2018-01-09 09:54 - 000000896 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-06-19 03:29 - 2018-01-09 09:53 - 000000926 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-18 22:44 - 2017-08-09 23:51 - 000000000 ____D C:\Users\RIYAS\Downloads\Compressed
2018-06-18 22:24 - 2017-08-10 12:53 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-18 19:30 - 2017-12-16 18:42 - 000000000 ____D C:\Users\RIYAS\AppData\Local\ElevatedDiagnostics
2018-06-18 19:07 - 2018-01-25 12:14 - 000000000 ____D C:\found.000
2018-06-18 18:45 - 2009-07-14 10:15 - 000012288 _____ C:\Windows\system32\umstartup.etl
2018-06-18 18:08 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\LiveKernelReports
2018-06-18 16:17 - 2018-02-04 14:35 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2018-06-14 18:58 - 2018-03-13 10:28 - 000003868 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1508862486
2018-06-14 06:07 - 2018-02-03 22:02 - 000000000 ____D C:\Program Files\Recuva
2018-06-10 14:37 - 2018-05-25 18:01 - 000000000 ____D C:\Users\RIYAS\Downloads\New folder (2)
2018-06-08 12:27 - 2018-02-04 14:35 - 000000000 ____D C:\ProgramData\PCDr
2018-06-05 12:10 - 2017-10-21 11:47 - 000000000 ____D C:\Program Files\WinRAR
2018-06-05 01:13 - 2017-08-10 11:56 - 000000000 ___SD C:\Users\RIYAS\AppData\LocalLow\Temp
2018-06-05 00:38 - 2017-08-10 11:41 - 000000000 ____D C:\Windows\Panther
2018-06-04 23:58 - 2017-11-28 00:31 - 000000000 ____D C:\ProgramData\Temp

==================== Files in the root of some directories =======

2017-10-21 10:34 - 2017-10-21 10:53 - 000000048 _____ () C:\Users\RIYAS\AppData\Roaming\MCVi2UserDetail.ini
2017-08-14 16:14 - 2017-10-17 15:31 - 000000024 _____ () C:\Users\RIYAS\AppData\Roaming\MyPhrases.dta
2017-09-20 00:17 - 2017-10-15 21:22 - 000000286 _____ () C:\Users\RIYAS\AppData\Roaming\WB.CFG
2018-06-21 01:09 - 2018-06-21 01:09 - 000340588 _____ () C:\Users\RIYAS\AppData\Local\ars.cache
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 ____H () C:\Users\RIYAS\AppData\Local\BIT7423.tmp
2018-06-21 01:10 - 2018-06-21 01:10 - 000522825 _____ () C:\Users\RIYAS\AppData\Local\census.cache
2018-06-21 00:19 - 2018-06-21 00:19 - 000000036 _____ () C:\Users\RIYAS\AppData\Local\housecall.guid.cache
2018-01-25 12:45 - 2018-01-25 12:45 - 000140800 _____ () C:\Users\RIYAS\AppData\Local\installer.dat
2017-08-24 11:59 - 2017-09-13 11:22 - 000000600 _____ () C:\Users\RIYAS\AppData\Local\PUTTY.RND
2017-08-10 00:07 - 2018-03-15 20:02 - 000007597 _____ () C:\Users\RIYAS\AppData\Local\resmon.resmoncfg
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 _____ () C:\Users\RIYAS\AppData\Local\{72368EF5-ACDD-465C-A3B8-0A2C6CA10BFD}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-29 21:41

==================== End of FRST.txt ============================
 

Riyasvkmuhammed

Posts: 17   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by #root (02-07-2018 23:42:58)
Running from C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion
Windows 7 Professional (X64) (2017-08-09 16:48:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

#root (S-1-5-21-570170127-3439773959-704584474-1000 - Administrator - Enabled) => C:\Users\RIYAS
Administrator (S-1-5-21-570170127-3439773959-704584474-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-570170127-3439773959-704584474-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-570170127-3439773959-704584474-1009 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 3.7.0 - philandro Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version: - Cisco Systems, Inc.)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.A.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
f.lux (HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.5 - PandoraTV)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (HKLM-x32\...\NVIDIA StereoUSB Driver) (Version: 260.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA Update 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation)
Opera Stable 53.0.2907.99 (HKLM-x32\...\Opera 53.0.2907.99) (Version: 53.0.2907.99 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.14.0 - Prolific Technology Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.88.617.2014 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.12.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.23.0 - Adlice Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.5058 - TeamViewer)
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-570170127-3439773959-704584474-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-04-05] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-07-11] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {063189E1-7E54-4255-A38A-2913E8EE64D6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-21] (AVG Technologies CZ, s.r.o.)
Task: {0BD5A536-CB89-4011-929D-EB1B660E2F82} - \SUPERAntiSpyware Scheduled Task 5dec0090-8f5b-4de8-9842-4cd6297ef99b -> No File <==== ATTENTION
Task: {166B1371-D6BA-4624-BE95-0D92DFF2C657} - System32\Tasks\{C9A6BF6A-7464-4DB8-8429-DDC0765B3A8D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\security\security.exe" -c /U
Task: {1CC231C0-DDFB-4DB3-82A9-847BD2EB7860} - System32\Tasks\Opera scheduled Autoupdate 1502349815 => C:\Users\RIYAS\AppData\Local\Programs\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {23C51783-D2A2-44BB-8D5F-097D3DFCD9A7} - System32\Tasks\Opera scheduled Autoupdate 1508862486 => C:\Users\RIYAS\AppData\Local\Programs\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {2F226B2A-32A4-4142-AF9D-B053B6990690} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()
Task: {322CE6CC-C596-4526-95DC-75912D3DC5C5} - System32\Tasks\Aginity Weather Suite => C:\Windows\system32\rundll32.exe "C:\Program Files\Aginity Weather Suite\Aginity Weather Suite.dll",igpIAfn <==== ATTENTION
Task: {40C7A443-00DF-472B-A91D-6499E434353A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-09] (Google Inc.)
Task: {420967BD-7C2F-44CF-99F0-3C5F337C8926} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-07] (Piriform Ltd)
Task: {501000B8-EA69-43D1-B032-5CB37F3AB418} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {5B45E367-825F-45AD-9388-26EBE4F035DF} - System32\Tasks\{E10233AC-8382-451C-8E2A-B83ED129F5CE} => C:\Windows\system32\pcalua.exe -a C:\Users\RIYAS\Downloads\Synaptics_v15_1_22_2_C_XP64_Vista64_Win7-64.exe -d C:\Users\RIYAS\Downloads
Task: {5E6B5E76-C738-4736-9DC4-F4CBEF2A6793} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-07] (Piriform Ltd)
Task: {5EC76A5D-ECCD-47BA-8D3B-74D6266263E9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {7B2E5987-4743-4D15-AEA0-A785B3A3BF31} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7DA2BE0D-1B82-476C-B310-710CE01D4644} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {8C325114-7B4C-4651-9E2B-F49223668DBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000Core => C:\Users\RIYAS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A6D798CC-DD6C-4700-94A9-0CEAA91522BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-570170127-3439773959-704584474-1000UA => C:\Users\RIYAS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BDE23A53-E5D5-4CBB-B05C-C5D4549BA9F7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe
Task: {CFEA4CAE-9717-4F37-ABCD-B95AA6752A41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-09] (Google Inc.)
Task: {E06CA1F6-01AC-451A-8B96-E4B88DDFA983} - System32\Tasks\{3909A959-8E14-4C30-9E62-015217DD552F} => C:\Windows\system32\pcalua.exe -a E:\install.exe -d E:\
Task: {E292D3AF-998D-4CB2-9615-5DC8ACC81300} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()
Task: {F462100F-E8FC-4DB0-B538-05A1F507ED0C} - \SUPERAntiSpyware Scheduled Task 1fbeeef5-eb20-4553-a9a3-677747d2065f -> No File <==== ATTENTION
Task: {F7F9996F-E991-44E3-8719-21EFDCC3355C} - System32\Tasks\McInstruTrack => C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe [2017-09-05] (McAfee, Inc.)
Task: {F9F38E99-524C-4704-BB61-7F53FD9B076D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-08-09 23:03 - 2016-07-11 04:47 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-02-23 09:08 - 2018-02-23 09:08 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-06-29 16:39 - 2018-06-23 00:34 - 003867480 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-29 16:39 - 2018-06-23 00:34 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [272]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-570170127-3439773959-704584474-1000\...\kmpmedia.net -> player.kmpmedia.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-06-17 16:29 - 2018-07-02 23:37 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-570170127-3439773959-704584474-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RIYAS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AnyDesk.lnk => C:\Windows\pss\AnyDesk.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^RIYAS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Airtel 4G => C:\Program Files (x86)\Airtel 4G\Main\LaunchAssistant.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET Security\ecmds.exe" /launch /hide
MSCONFIG\startupreg: Google Update => C:\Users\RIYAS\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_AECF93FEF8D35C7D9F50A7D258DC2D11 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: MiPhoneManager => "C:\Users\RIYAS\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"
MSCONFIG\startupreg: Multitimer => "C:\Program Files (x86)\Multitimer\Multitimer.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SERVICE =>
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\Reliance 3G\UIExec.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\RIYAS\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: wmi32 => "C:\ProgramData\Application Data\wmimgmt.exe"
MSCONFIG\startupreg: {7401410A-CF98-40EF-A6B6-236F8745DF8B} => "C:\Program Files (x86)\Airtel MF833T\UUShell.exe" /CallBySystem
MSCONFIG\startupreg: 小米云服务 => "C:\Users\RIYAS\AppData\Local\MiCloudPC\update.exe" --processStart "小米云服务.exe" --process-start-args "--hidden"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8D61D523-6415-4160-BBFD-3D58A6EF8845}] => (Allow) C:\Users\RIYAS\AppData\Local\Programs\Opera\47.0.2631.39\opera.exe
FirewallRules: [{38C78249-B4C3-4B28-9255-7D452ADCA4A3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C38A4FF1-4A1F-4C15-889F-EC9201A072B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{85BAB05E-FB94-49E1-BA3A-45E2B9BC6D99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{28D44290-7B03-4D16-89FB-0EC52143F202}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1BCDAFDB-FF33-4BCA-8E61-389837FBFC7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11BB2D0B-7ABC-4436-A03B-0AE93C45CD6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3BEA4E21-0968-4649-B133-A867FCC4E12C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4F7C7ECC-D3C8-4866-A2B6-A6C43D099E8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D0076214-AFF0-45F1-8AF4-54FCC0597FA6}] => (Block) %SystemDrive%\KMPlayer\KMPlayer.exe
FirewallRules: [{17468987-1C40-4F2D-9CF5-FB57E38E512A}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{C4B2036B-CEC1-42AD-83AC-4D01E2B327D8}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{11843274-83FE-4419-8C32-D938C88921C0}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{C77BF6BA-1D12-47D6-BBBF-5F9472596937}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{FE97AF78-B607-4DFE-BA57-2BA11C907423}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{B0E2BA3A-18A1-471A-A737-419005F56E73}] => (Allow) C:\Users\RIYAS\AppData\Local\Programs\Opera\53.0.2907.68\opera.exe
FirewallRules: [{32152ED1-4098-4087-BC38-BABE891BD3AF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{E7CBB80B-F9C2-44AD-8744-5B78C0D9DAB0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{3759487B-C124-4012-AB52-1DFBACA8EF7A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{37FA9A76-BC98-4F66-BEFD-900AE1E65F57}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{F1F5D79F-06D2-4256-92CF-FFAD275895BF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{2FAA0721-06A8-47A5-8E45-CAB36097D901}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [TCP Query User{DEF79258-C34E-49E8-B0B1-E77EAE7544D6}C:\users\riyas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\riyas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{762FC2E3-3C7B-48A9-8C74-5D010D1D4BAA}C:\users\riyas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\riyas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4B30392C-5FE6-473E-88AD-57B6C5887A86}] => (Allow) C:\Users\RIYAS\AppData\Local\Programs\Opera\53.0.2907.99\opera.exe
FirewallRules: [{79107A65-6C57-4F97-B934-83AB037F8ACD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-06-2018 17:39:44 Scheduled Checkpoint
29-06-2018 21:48:14 Scheduled Checkpoint
02-07-2018 23:28:20 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2018 11:24:54 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-570170127-3439773959-704584474-1000}/">.

Error: (07/02/2018 11:06:03 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ at System.Net.HttpWebRequest.GetResponse()
at eSupport.Common.Client.Core.DownloadHelper.c7830ac1bc4e91dab8bde579f211f329c(String c8673d9709497f3c74ce807a680598785, String c91396822be155ce2c311fce26d8381b0, String c4f92ed345e3cbb336c52d8fa69d33697)]]></StackTrace><SysInfo STag="J1P6812" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="A12" SMBIOSPresent="True" Rel_Date="20160513000000.000000+000" DSDVersion="10.0.3.0" Vendor="Dell Inc." PName="Inspiron 3542" Ident_Num="ROOT" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 7 Professional"/><HostIP>127.0.0.1</HostIP></Exception>

Error: (06/29/2018 11:56:25 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SENS Logon Subscription
Object description:
The HRESULT was 80070005.

Error: (06/29/2018 09:41:58 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/28/2018 10:47:46 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ at System.Net.HttpWebRequest.GetResponse()
at eSupport.Common.Client.Core.DownloadHelper.c7830ac1bc4e91dab8bde579f211f329c(String c8673d9709497f3c74ce807a680598785, String c91396822be155ce2c311fce26d8381b0, String c4f92ed345e3cbb336c52d8fa69d33697)]]></StackTrace><SysInfo STag="J1P6812" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="A12" SMBIOSPresent="True" Rel_Date="20160513000000.000000+000" DSDVersion="10.0.3.0" Vendor="Dell Inc." PName="Inspiron 3542" Ident_Num="ROOT" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 7 Professional"/><HostIP>127.0.0.1</HostIP></Exception>

Error: (06/25/2018 10:04:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/25/2018 09:31:59 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ at System.Net.HttpWebRequest.GetResponse()
at eSupport.Common.Client.Core.DownloadHelper.c7830ac1bc4e91dab8bde579f211f329c(String c8673d9709497f3c74ce807a680598785, String c91396822be155ce2c311fce26d8381b0, String c4f92ed345e3cbb336c52d8fa69d33697)]]></StackTrace><SysInfo STag="J1P6812" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="A12" SMBIOSPresent="True" Rel_Date="20160513000000.000000+000" DSDVersion="10.0.3.0" Vendor="Dell Inc." PName="Inspiron 3542" Ident_Num="ROOT" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 7 Professional"/><HostIP>127.0.0.1</HostIP></Exception>

Error: (06/25/2018 05:11:04 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ at System.Net.HttpWebRequest.GetResponse()
at eSupport.Common.Client.Core.DownloadHelper.c7830ac1bc4e91dab8bde579f211f329c(String c8673d9709497f3c74ce807a680598785, String c91396822be155ce2c311fce26d8381b0, String c4f92ed345e3cbb336c52d8fa69d33697)]]></StackTrace><SysInfo STag="J1P6812" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="A12" SMBIOSPresent="True" Rel_Date="20160513000000.000000+000" DSDVersion="10.0.3.0" Vendor="Dell Inc." PName="Inspiron 3542" Ident_Num="ROOT" TimeZone="(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi" OSName="Microsoft Windows 7 Professional"/><HostIP>127.0.0.1</HostIP></Exception>


System errors:
=============
Error: (07/02/2018 11:39:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (07/02/2018 11:35:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/02/2018 11:35:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/02/2018 11:33:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/02/2018 11:14:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/02/2018 11:14:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2018 11:14:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2018 11:14:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 32767 milliseconds: Run the configured recovery program.


Windows Defender:
===================================
Date: 2018-06-18 22:40:58.288
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{FA087DA8-DD99-4F3E-8D7B-B770005BADD0}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-01-25 12:41:13.644
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload!rfn&threatid=213866
Name:TrojanDownloader:Win32/Adload!rfn
ID:213866
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\RIYAS\Downloads\torrents\Malwarebytes Anti-Malware Premium 2.1.4.1018 Final Incl. Keys [ATOM]\mbam-setup-2.1.4.1018.exe;process:pid:420
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2018-01-25 12:41:11.680
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload!rfn&threatid=213866
Name:TrojanDownloader:Win32/Adload!rfn
ID:213866
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\RIYAS\Downloads\torrents\Malwarebytes Anti-Malware Premium 2.1.4.1018 Final Incl. Keys [ATOM]\mbam-setup-2.1.4.1018.exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2018-01-24 13:58:57.889
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Obrypser&threatid=237525
Name:BrowserModifier:Win32/Obrypser
ID:237525
Severity:High
Category:Browser Modifier
Path Found:file:D:\software\IDM_6.29_Serial_Key_Crack_Patch_Full_Free_Download (1).exe;file:D:\software\IDM_6.29_Serial_Key_Crack_Patch_Full_Free_Download.exe
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe

Date: 2017-12-15 21:14:14.599
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{3694CFAB-10A1-4DA7-B99A-40AFFD06C842}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2018-07-02 23:35:00.767
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-07-02 23:35:00.765
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:43:15.489
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:43:15.482
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:42:56.507
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:42:56.497
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:40:31.362
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-20 20:40:31.316
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\7F1F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 53%
Total physical RAM: 3233.98 MB
Available physical RAM: 1505.39 MB
Total Virtual: 6466.1 MB
Available Virtual: 4650.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:61.89 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:20.88 GB) NTFS
Drive e: () (Fixed) (Total:221.62 GB) (Free:15.92 GB) NTFS

\\?\Volume{60df8e52-7d8a-11e7-a24f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 746367AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Posts: 55,827   +503
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3 KB · Views: 2

Riyasvkmuhammed

Posts: 17   +0
@Broni
fix ran successfully
check fixlog

I am getting this msg when copy pasting fix log on post
The following error occurred:
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.


so I attached the fixlog, sorry for the inconvenience
 

Attachments

  • Fixlog.txt
    8.4 KB · Views: 1

Broni

Posts: 55,827   +503
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by #root (03-07-2018 12:44:37) Run:4
Running from C:\Users\RIYAS\Desktop\New folder (2)\FRST-OlderVersion
Loaded Profiles: #root (Available Profiles: #root & riyas & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cmnuusbser14; system32\DRIVERS\cmnuusbser14.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 mmx_cmnxnet; system32\DRIVERS\mmx_cmnxnet.sys [X]
S3 mmx_cmnxusbser; system32\DRIVERS\mmx_cmnxusbser.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WCDMA_Datacard_Usb_Ser; system32\DRIVERS\WCDMA_Datacard_Usb_Ser.sys [X]
S3 WinRing0_1_2_0; \??\Z:\bin\tools\openhardwaremonitor\OpenHardwareMonitor.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2017-10-21 10:34 - 2017-10-21 10:53 - 000000048 _____ () C:\Users\RIYAS\AppData\Roaming\MCVi2UserDetail.ini
2017-08-14 16:14 - 2017-10-17 15:31 - 000000024 _____ () C:\Users\RIYAS\AppData\Roaming\MyPhrases.dta
2017-09-20 00:17 - 2017-10-15 21:22 - 000000286 _____ () C:\Users\RIYAS\AppData\Roaming\WB.CFG
2018-06-21 01:09 - 2018-06-21 01:09 - 000340588 _____ () C:\Users\RIYAS\AppData\Local\ars.cache
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 ____H () C:\Users\RIYAS\AppData\Local\BIT7423.tmp
2018-06-21 01:10 - 2018-06-21 01:10 - 000522825 _____ () C:\Users\RIYAS\AppData\Local\census.cache
2018-06-21 00:19 - 2018-06-21 00:19 - 000000036 _____ () C:\Users\RIYAS\AppData\Local\housecall.guid.cache
2018-01-25 12:45 - 2018-01-25 12:45 - 000140800 _____ () C:\Users\RIYAS\AppData\Local\installer.dat
2017-08-24 11:59 - 2017-09-13 11:22 - 000000600 _____ () C:\Users\RIYAS\AppData\Local\PUTTY.RND
2017-08-10 00:07 - 2018-03-15 20:02 - 000007597 _____ () C:\Users\RIYAS\AppData\Local\resmon.resmoncfg
2018-06-19 23:43 - 2018-06-19 23:43 - 000000000 _____ () C:\Users\RIYAS\AppData\Local\{72368EF5-ACDD-465C-A3B8-0A2C6CA10BFD}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0BD5A536-CB89-4011-929D-EB1B660E2F82} - \SUPERAntiSpyware Scheduled Task 5dec0090-8f5b-4de8-9842-4cd6297ef99b -> No File <==== ATTENTION
Task: {322CE6CC-C596-4526-95DC-75912D3DC5C5} - System32\Tasks\Aginity Weather Suite => C:\Windows\system32\rundll32.exe "C:\Program Files\Aginity Weather Suite\Aginity Weather Suite.dll",igpIAfn <==== ATTENTION
C:\Program Files\Aginity Weather Suite
Task: {F462100F-E8FC-4DB0-B538-05A1F507ED0C} - \SUPERAntiSpyware Scheduled Task 1fbeeef5-eb20-4553-a9a3-677747d2065f -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [272]

*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\cmnuusbser14" => removed successfully
cmnuusbser14 => service removed successfully
"HKLM\System\CurrentControlSet\Services\huawei_cdcacm" => removed successfully
huawei_cdcacm => service removed successfully
"HKLM\System\CurrentControlSet\Services\huawei_enumerator" => removed successfully
huawei_enumerator => service removed successfully
"HKLM\System\CurrentControlSet\Services\massfilter" => removed successfully
massfilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\mmx_cmnxnet" => removed successfully
mmx_cmnxnet => service removed successfully
"HKLM\System\CurrentControlSet\Services\mmx_cmnxusbser" => removed successfully
mmx_cmnxusbser => service removed successfully
"HKLM\System\CurrentControlSet\Services\VMnetAdapter" => removed successfully
VMnetAdapter => service removed successfully
"HKLM\System\CurrentControlSet\Services\WCDMA_Datacard_Usb_Ser" => removed successfully
WCDMA_Datacard_Usb_Ser => service removed successfully
"HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0" => removed successfully
WinRing0_1_2_0 => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZTEusbmdm6k" => removed successfully
ZTEusbmdm6k => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZTEusbnmea" => removed successfully
ZTEusbnmea => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZTEusbser6k" => removed successfully
ZTEusbser6k => service removed successfully
C:\Users\RIYAS\AppData\Roaming\MCVi2UserDetail.ini => moved successfully
C:\Users\RIYAS\AppData\Roaming\MyPhrases.dta => moved successfully
C:\Users\RIYAS\AppData\Roaming\WB.CFG => moved successfully
C:\Users\RIYAS\AppData\Local\ars.cache => moved successfully
C:\Users\RIYAS\AppData\Local\BIT7423.tmp => moved successfully
C:\Users\RIYAS\AppData\Local\census.cache => moved successfully
C:\Users\RIYAS\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\RIYAS\AppData\Local\installer.dat => moved successfully
C:\Users\RIYAS\AppData\Local\PUTTY.RND => moved successfully
C:\Users\RIYAS\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\RIYAS\AppData\Local\{72368EF5-ACDD-465C-A3B8-0A2C6CA10BFD} => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BD5A536-CB89-4011-929D-EB1B660E2F82}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BD5A536-CB89-4011-929D-EB1B660E2F82}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 5dec0090-8f5b-4de8-9842-4cd6297ef99b" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{322CE6CC-C596-4526-95DC-75912D3DC5C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{322CE6CC-C596-4526-95DC-75912D3DC5C5}" => removed successfully
C:\Windows\System32\Tasks\Aginity Weather Suite => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Aginity Weather Suite" => removed successfully
C:\Program Files\Aginity Weather Suite => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F462100F-E8FC-4DB0-B538-05A1F507ED0C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F462100F-E8FC-4DB0-B538-05A1F507ED0C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 1fbeeef5-eb20-4553-a9a3-677747d2065f" => removed successfully
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully

==== End of Fixlog 12:44:48 ====
 

Broni

Posts: 55,827   +503
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
please check Security Check log

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (67.0.3396.99)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Riyasvkmuhammed

Posts: 17   +0
@Broni
please check FSS.txt


Farbar Service Scanner Version: 27-01-2016
Ran by #root (administrator) on 04-07-2018 at 10:41:06
Running from "C:\Users\RIYAS\Desktop\New folder (2)\New folder (2)"
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Broni

Posts: 55,827   +503
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current (Security Check log says Out of date service pack!!

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.