[RESOLVED] FRXT unable to install
Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: [RESOLVED] FRXT unable to install

  1. #1
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312

    Resolved [RESOLVED] FRXT unable to install

    Mine Windows 8.1 Pro
    Today , by mistake i had opened an unsolicited Email both in the Desk Top and Smart phone Redmi4 yahoo app
    I am now afraid whether my system may be infected.
    I downloaded FRXT and tried to instal both {32 and 64}
    But i couldnt.
    I have Win Defender installed and when it prompted i opted Keep
    I had d/L Adware s/w from Bleeping scanned. No problem shown

    Pl guide how to go ahead

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    I have moved your post to the intensive care forum where Broni can assist.

    (I assume you meant FRST not FRXT)

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  3. #3
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Thanks

  4. #4
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    tried again to install both FRST and Combofix, but didnt open.
    Also though my OS is 8.1Pro, msg shows the OS as 2000 and hence not compatible

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ===================================

    Combofix is not compatible with Windows 8.1 so it won't run.
    FRST doesn't have to be installed. It just runs upon double clicking on it. Nothing happens when you do so?

  6. #6
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Quote Originally Posted by Broni View Post
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ===================================

    Combofix is not compatible with Windows 8.1 so it won't run.
    FRST doesn't have to be installed. It just runs upon double clicking on it. Nothing happens when you do so?
    posting the log
    Last edited by rangarajan; January 19th, 2020 at 10:22 AM.

  7. #7
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
    Ran by my pc (administrator) on RANGA (Hewlett-Packard PPPPP-CCC#MMMMMMMM) (19-01-2020 19:43:06)
    Running from C:\Users\my pc\Downloads
    Loaded Profiles: my pc (Available Profiles: my pc)
    Platform: Windows 8.1 Pro (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\ProgramData\ChgService.exe
    (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
    (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
    (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [Emsisoft Anti-Malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9258208 2020-01-02] (Emsisoft Ltd -> Emsisoft Ltd)
    HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\MountPoints2: {63b78721-85b8-11e9-8e3c-78e3b5ab55d6} - "E:\.\ShowModem.exe"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\MountPoints2: {ca920bc9-33c1-11e8-8b8f-78e3b5ab55d6} - "E:\Lenovo_Suite.exe"
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-10] (Google LLC -> Google LLC)
    Startup: C:\Users\my pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-09-14]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1BB53701-065E-4CEF-8DC1-671D63006821} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-11] (Google Inc -> Google Inc.)
    Task: {2E053ABF-261F-4251-828C-F1717A0F0755} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
    Task: {4242DAC1-A04B-41BA-95BF-3C10781E7A01} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
    Task: {48833B88-D685-43B7-A352-2D7BA1B4585F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-11] (Google Inc -> Google Inc.)
    Task: {96F7BC8C-A88A-42BF-B5A4-10809965D634} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_314_pepper.exe [1453112 2020-01-15] (Adobe Inc. -> Adobe)
    Task: {9BE51400-ED32-4120-A7E2-F217E8A96C84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-11] (Adobe Inc. -> Adobe)
    Task: {A2AE379E-54C3-4973-B43C-DEF263465762} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {F7B414E0-EB47-4BE3-8B81-226D28A296C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
    Tcpip\..\Interfaces\{67CFFC19-0A2E-4829-BD2B-D694FB23E661}: [DhcpNameServer] 192.168.29.1
    Tcpip\..\Interfaces\{8249B71D-B392-47D0-AE85-E29481D9A5F4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{C83C1377-4D3F-4519-ADA8-8AAB5F50E2C0}: [DhcpNameServer] 192.168.225.1 192.168.225.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gfe_rd=cr&ei=bmy6WOvfH8iL8QeG45LoAQ&gws_rd=ssl
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [k7srff_enUS@k7computing.com] - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SR\K7WebProtection.xpi => not found
    FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-09] (Google LLC -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-09] (Google LLC -> Google LLC)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://google.com/"
    CHR Notifications: Default -> hxxps://mail.yahoo.com
    CHR Profile: C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default [2020-01-19]
    CHR Extension: (Docs) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
    CHR Extension: (Google Drive) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-11]
    CHR Extension: (YouTube) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-11]
    CHR Extension: (Adobe Acrobat) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30]
    CHR Extension: (Google Docs Offline) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
    CHR Extension: (Gmail) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
    CHR Extension: (Chrome Media Router) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-13]
    CHR HKU\S-1-5-21-2010342076-676048620-2654598280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2010342076-676048620-2654598280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9695176 2020-01-02] (Emsisoft Ltd -> Emsisoft Ltd)
    R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [114688 2012-08-02] () [File not signed] <==== ATTENTION
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
    S2 AnyDesk; "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service [X]
    S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
    S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
    S2 tvnserver; "C:\Program Files (x86)\ShowMyPCService\tvnserver.exe" -service [X]

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
    R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [155328 2019-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
    R0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37776 2019-06-03] (Emsisoft Ltd -> Emsisoft Ltd)
    R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [134896 2019-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
    S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2408208 2013-06-19] (Mediatek Inc. -> Ralink Technology Corp.)
    S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2013-06-18] (Microsoft Windows -> Realtek Semiconductor Corporation )
    R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
    R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-30] (SOKNO S.R.L. -> Almico Software)
    S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-01-19 19:43 - 2020-01-19 19:44 - 000013609 _____ C:\Users\my pc\Downloads\FRST.txt
    2020-01-19 19:42 - 2020-01-19 19:43 - 000000000 ____D C:\FRST
    2020-01-19 15:11 - 2020-01-19 15:11 - 000000000 ____D C:\ProgramData\Emsisoft
    2020-01-19 15:09 - 2020-01-19 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    2020-01-19 15:09 - 2019-06-03 12:01 - 000037776 _____ (Emsisoft Ltd) C:\Windows\system32\Drivers\eppdisk.sys
    2020-01-19 15:08 - 2020-01-19 19:42 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2020-01-19 13:22 - 2020-01-19 13:22 - 000432592 _____ (Bleeping Computer, LLC) C:\Users\my pc\Downloads\unhide.exe
    2020-01-19 12:13 - 2020-01-19 12:14 - 002572800 _____ (Farbar) C:\Users\my pc\Downloads\FRST64 (1).exe
    2020-01-18 19:41 - 2020-01-18 19:41 - 002303488 _____ (Farbar) C:\Users\my pc\Downloads\FRST (1).exe
    2020-01-18 19:38 - 2020-01-18 19:39 - 002303488 _____ (Farbar) C:\Users\my pc\Downloads\FRST.exe
    2020-01-18 19:36 - 2020-01-18 19:39 - 002572800 _____ (Farbar) C:\Users\my pc\Downloads\FRST64.exe
    2020-01-18 19:12 - 2020-01-18 19:14 - 000000000 ____D C:\AdwCleaner
    2020-01-18 15:04 - 2020-01-18 15:04 - 000128261 _____ C:\Users\my pc\Downloads\Receipt-TinderPlus_AS643D843_027.pdf
    2020-01-08 10:16 - 2020-01-08 10:16 - 000783338 _____ C:\Users\my pc\Downloads\ledger.pdf
    2020-01-08 10:16 - 2020-01-08 10:16 - 000326505 _____ C:\Users\my pc\Downloads\P & L summary.pdf
    2020-01-07 11:08 - 2020-01-17 19:47 - 000018432 _____ C:\Users\my pc\Desktop\Fibo retrace1 (1).xls

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-01-19 19:39 - 2015-09-13 02:15 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2010342076-676048620-2654598280-1001
    2020-01-19 19:34 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-01-18 19:48 - 2016-06-29 04:26 - 000000000 ____D C:\Users\my pc\AppData\Local\Deployment
    2020-01-18 19:14 - 2015-12-21 13:41 - 000000000 ____D C:\Users\my pc\AppData\Local\Lenovo
    2020-01-17 19:47 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
    2020-01-17 13:58 - 2017-12-08 17:46 - 000000000 ____D C:\Users\my pc\AppData\Local\CrashDumps
    2020-01-15 09:37 - 2018-01-11 19:32 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-01-15 09:37 - 2018-01-11 19:32 - 000004324 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
    2020-01-15 09:37 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2020-01-15 09:37 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
    2020-01-10 08:30 - 2018-01-11 19:16 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-01-10 08:30 - 2018-01-11 19:16 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2020-01-10 08:30 - 2018-01-11 19:16 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2020-01-07 11:08 - 2019-11-29 09:32 - 000018432 _____ C:\Users\my pc\Downloads\Fibo retrace1 (1).xls
    2020-01-07 09:05 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness
    2020-01-06 16:03 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
    2020-01-03 20:05 - 2015-09-13 02:09 - 000000000 ____D C:\Users\my pc

    ==================== Files in the root of some directories ========

    2019-06-03 14:03 - 2012-08-02 14:43 - 000114688 _____ () C:\ProgramData\ChgService.exe
    2016-10-11 19:02 - 2016-10-11 19:02 - 000007609 _____ () C:\Users\my pc\AppData\Local\Resmon.ResmonCfg
    2016-10-06 20:13 - 2016-10-06 20:13 - 000000000 _____ () C:\Users\my pc\AppData\Local\{F2E70E13-5AC6-4D9F-9E10-3CD44B0850E1}

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2020-01-19 08:35
    ==================== End of FRST.txt ========================

  8. #8
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
    Ran by my pc (19-01-2020 19:44:38)
    Running from C:\Users\my pc\Downloads
    Windows 8.1 Pro (X64) (2015-09-12 20:39:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2010342076-676048620-2654598280-500 - Administrator - Disabled)
    Guest (S-1-5-21-2010342076-676048620-2654598280-501 - Limited - Disabled)
    my pc (S-1-5-21-2010342076-676048620-2654598280-1001 - Administrator - Enabled) => C:\Users\my pc

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Emsisoft Anti-Malware (Enabled - Up to date) {5FD8BF8F-F242-6153-61B5-8FF333E8736B}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Emsisoft Anti-Malware (Enabled - Up to date) {E4B95E6B-D478-6EDD-5B05-B481486F39D6}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.314 - Adobe)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    Emsisoft Anti-Malware (HKLM\...\{CA975286-D816-410C-B6C9-F7213CA84695}) (Version: 20.1.0.9926 - Emsisoft Ltd.)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
    Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Java(TM) SE Development Kit 6 Update 43 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160430}) (Version: 1.6.0.430 - Oracle)
    Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
    Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Nest Trader version 3.18.1.5 (HKLM-x32\...\{69b5e4ab-2587-434a-a612-3bc47bd93c60}_is1) (Version: 3.18.1.5 - Omnesys Technologies Pvt. Ltd.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
    WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

    Packages:
    =========
    Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2016-04-02] (Microsoft Corporation) [MS Ad]
    Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2016-04-02] (Skype) [MS Ad]
    Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2019-05-16] (Microsoft Corporation) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
    ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
    ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
    ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
    ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
    ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
    HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 18:55 - 2018-01-16 17:41 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\my pc\Desktop\IMG-20170811-WA0007.jpg
    DNS Servers: 192.168.225.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AeLookupSvc => 3
    MSCONFIG\Services: ALG => 3
    MSCONFIG\Services: AppIDSvc => 3
    MSCONFIG\Services: AppMgmt => 3
    MSCONFIG\Services: AppReadiness => 3
    MSCONFIG\Services: AxInstSV => 3
    MSCONFIG\Services: BDESVC => 3
    MSCONFIG\Services: BITS => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: CertPropSvc => 3
    MSCONFIG\Services: CscService => 3
    MSCONFIG\Services: DPS => 2
    MSCONFIG\Services: Eaphost => 3
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: fhsvc => 3
    MSCONFIG\Services: GoogleChromeElevationService => 3
    MSCONFIG\Services: hidserv => 3
    MSCONFIG\Services: hkmsvc => 3
    MSCONFIG\Services: HomeGroupListener => 3
    MSCONFIG\Services: HomeGroupProvider => 3
    MSCONFIG\Services: iphlpsvc => 2
    MSCONFIG\Services: KtmRm => 3
    MSCONFIG\Services: lltdsvc => 3
    MSCONFIG\Services: Netlogon => 3
    MSCONFIG\Services: p2pimsvc => 3
    MSCONFIG\Services: p2psvc => 3
    MSCONFIG\Services: PeerDistSvc => 3
    MSCONFIG\Services: PerfHost => 3
    MSCONFIG\Services: pla => 3
    MSCONFIG\Services: PlugPlay => 3
    MSCONFIG\Services: PNRPAutoReg => 3
    MSCONFIG\Services: PNRPsvc => 3
    MSCONFIG\Services: PolicyAgent => 3
    MSCONFIG\Services: PrintNotify => 3
    MSCONFIG\Services: SCPolicySvc => 3
    MSCONFIG\Services: Spooler => 2
    MSCONFIG\Services: Themes => 2
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: wuauserv => 3
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "LWS"
    HKLM\...\StartupApproved\Run32: => "tvncontrol"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{04FFBBC9-BAA9-42FD-A7BE-CA9696362106}C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe (Omnesys Technologies Pvt Ltd.) [File not signed]
    FirewallRules: [UDP Query User{C742AD1E-389E-4097-8F7D-3FC2175B1B30}C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe (Omnesys Technologies Pvt Ltd.) [File not signed]
    FirewallRules: [{CB499DCF-4C69-48A4-9971-50AC91FD5305}] => (Block) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe (Omnesys Technologies Pvt Ltd.) [File not signed]
    FirewallRules: [{72D5CE6A-292C-4596-B163-BC48E559D35D}] => (Block) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe (Omnesys Technologies Pvt Ltd.) [File not signed]
    FirewallRules: [{A7F38EA8-7DAD-4E74-9515-47975BCF8F28}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    01-01-2020 10:19:45 Scheduled Checkpoint
    09-01-2020 10:44:30 Scheduled Checkpoint
    18-01-2020 15:52:10 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (01/19/2020 07:35:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/19/2020 07:35:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (01/19/2020 07:01:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/19/2020 07:01:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/19/2020 07:00:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/19/2020 01:52:00 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (01/19/2020 01:50:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/19/2020 01:49:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


    System errors:
    =============
    Error: (01/19/2020 07:36:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The %1!s! Update Service (avast) service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (01/19/2020 07:35:33 PM) (Source: DCOM) (EventID: 10016) (User: RANGA)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user RANGA\my pc SID (S-1-5-21-2010342076-676048620-2654598280-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/19/2020 07:35:33 PM) (Source: DCOM) (EventID: 10016) (User: RANGA)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user RANGA\my pc SID (S-1-5-21-2010342076-676048620-2654598280-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/19/2020 07:35:32 PM) (Source: DCOM) (EventID: 10016) (User: RANGA)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user RANGA\my pc SID (S-1-5-21-2010342076-676048620-2654598280-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/19/2020 07:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
    %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (01/19/2020 07:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TightVNC Server service failed to start due to the following error:
    %%2 = The system cannot find the file specified.

    Error: (01/19/2020 07:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AnyDesk Service service failed to start due to the following error:
    %%2 = The system cannot find the file specified.

    Error: (01/19/2020 03:57:54 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2020-01-19 13:43:30.864
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {C544D42D-C1C0-465F-9834-7B12DA961C72}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-18 11:11:18.673
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {6CEEA069-7D16-4777-929D-1A57CE6F828D}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-18 10:58:44.401
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {3FA495EF-A085-40E6-BD83-96D15AFCE088}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-17 11:59:21.626
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {E69475A6-A04E-4902-8D26-CEE3D06BDCB6}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-17 11:36:47.631
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {EFE5A022-076E-483A-89FA-CE9B0AAE4D44}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-13 10:25:27.950
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.1786.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-01-13 09:17:44.585
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 119.0.0.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: Network Inspection System
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 2.1.14600.4
    Error code: 0x800b0003
    Error description: The form specified for the subject is not one supported or known by the specified trust provider.

    Date: 2020-01-13 09:17:44.538
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.1786.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x800b0003
    Error description: The form specified for the subject is not one supported or known by the specified trust provider.

    Date: 2020-01-13 09:17:44.538
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.1786.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x800b0003
    Error description: The form specified for the subject is not one supported or known by the specified trust provider.

    Date: 2020-01-13 09:17:44.288
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.1786.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    CodeIntegrity:
    ===================================

    Date: 2018-12-28 16:57:57.772
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-28 16:54:39.557
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-28 08:56:40.200
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-27 09:01:14.337
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-26 18:16:09.607
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-26 07:14:10.120
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-25 11:39:44.518
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-25 08:38:07.728
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 6.09 03/22/2011
    Motherboard: MSI 2AB4
    Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
    Percentage of memory in use: 78%
    Total physical RAM: 1783.11 MB
    Available physical RAM: 376.4 MB
    Total Virtual: 3191.11 MB
    Available Virtual: 1354.68 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:97.31 GB) (Free:68.8 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:135.23 GB) (Free:134.85 GB) NTFS
    Drive f: (TOX_VCD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS

    \\?\Volume{784bb8a1-598d-11e5-8250-806e6f6e6963}\ () (Fixed) (Total:0.34 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B7A483F7)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=135.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    So far, I don't see much there...

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  10. #10
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    RogueKiller Anti-Malware V14.0.4.0 (x64) [Jan 6 2020] (Premium) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 8.1 (6.3.9600) 64 bits
    Started in : Normal mode
    User : my pc [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20200116_111743, Driver : Loaded
    Mode : Quick Scan, Scan -- Date : 2020/01/20 08:47:53 (Duration : 00:00:36)
    Switches : -minimize

  11. #11
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Did a Standard scan also,
    Eight items were detected, outdated prog, Deleted

  12. #12
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/20/20
    Scan Time: 9:13 AM
    Log File: 097453d0-3b37-11ea-b184-6e317522fc29.json

    -Software Information-
    Version: 4.0.4.49
    Components Version: 1.0.793
    Update Package Version: 1.0.17968
    License: Free

    -System Information-
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: RANGA\my pc

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 238110
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 3 min, 55 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  13. #13
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.1.0
    # -------------------------------
    # Build: 12-17-2019
    # Database: 2019-12-17.1 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 01-20-2020
    # Duration: 00:00:41
    # OS: Windows 8.1 Pro
    # Scanned: 35232
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  14. #14
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    can i use the above procedure for my smart phone also.
    Redmi4

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Your computer is clean. I don't see anything malicious there.
    Since you opened same email on your phone I'm assuming it's clean as well.
    Good luck and stay safe

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •