[RESOLVED] Infected with Trojan
Page 1 of 2 12 LastLast
Results 1 to 15 of 20

Thread: [RESOLVED] Infected with Trojan

  1. #1
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312

    Resolved [RESOLVED] Infected with Trojan

    OS Windows 8.1Pro
    Internet Jio thro Dongal

    of late getting redirected to the site https://ruvi.tv/x.html

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2020
    Ran by my pc (administrator) on RANGA (Hewlett-Packard PPPPP-CCC#MMMMMMMM) (28-11-2020 15:31:22)
    Running from C:\Users\my pc\Desktop
    Loaded Profiles: my pc
    Platform: Windows 8.1 Pro (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <33>
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
    (IObit) [File not signed] C:\Program Files (x86)\MachinerData\aiWisCopy.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\MountPoints2: {63b78721-85b8-11e9-8e3c-78e3b5ab55d6} - "E:\.\ShowModem.exe"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\MountPoints2: {ca920bc9-33c1-11e8-8b8f-78e3b5ab55d6} - "E:\Lenovo_Suite.exe"
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\Installer\chrmstp.exe [2020-11-18] (Google LLC -> Google LLC)
    Startup: C:\Users\my pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-09-14]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1BB53701-065E-4CEF-8DC1-671D63006821} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-11] (Google Inc -> Google Inc.)
    Task: {2E053ABF-261F-4251-828C-F1717A0F0755} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
    Task: {4242DAC1-A04B-41BA-95BF-3C10781E7A01} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
    Task: {48833B88-D685-43B7-A352-2D7BA1B4585F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-11] (Google Inc -> Google Inc.)
    Task: {96F7BC8C-A88A-42BF-B5A4-10809965D634} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_pepper.exe [1498680 2020-11-11] (Adobe Inc. -> Adobe)
    Task: {9BE51400-ED32-4120-A7E2-F217E8A96C84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-11] (Adobe Inc. -> Adobe)
    Task: {A2AE379E-54C3-4973-B43C-DEF263465762} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {A31609EB-BA9D-4823-A843-A5C29784D6DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
    Tcpip\..\Interfaces\{0F26F040-DF17-476B-8B0A-6354F6C93001}: [DhcpNameServer] 192.168.225.1 192.168.225.1
    Tcpip\..\Interfaces\{67CFFC19-0A2E-4829-BD2B-D694FB23E661}: [DhcpNameServer] 192.168.29.1
    Tcpip\..\Interfaces\{8249B71D-B392-47D0-AE85-E29481D9A5F4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{C83C1377-4D3F-4519-ADA8-8AAB5F50E2C0}: [DhcpNameServer] 192.168.225.1 192.168.225.1

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [k7srff_enUS@k7computing.com] - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SR\K7WebProtection.xpi => not found
    FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default [2020-11-28]
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://google.com/"
    CHR Extension: (Docs) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
    CHR Extension: (Google Drive) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
    CHR Extension: (YouTube) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-11]
    CHR Extension: (Adobe Acrobat) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-17]
    CHR Extension: (Google Docs Offline) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
    CHR Extension: (Skip Redirect) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaoafjdoijdconemdmodhbfpianehlon [2020-11-28]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
    CHR Extension: (Gmail) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
    CHR Extension: (Chrome Media Router) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-18]
    CHR Profile: C:\Users\my pc\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-20]
    CHR HKU\S-1-5-21-2010342076-676048620-2654598280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
    CHR HKU\S-1-5-21-2010342076-676048620-2654598280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-11] (Adobe Inc. -> Adobe)
    R2 Main Service; C:\Program Files (x86)\MachinerData\aiWisCopy.exe [2502656 2020-11-25] (IObit) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
    S2 AnyDesk; "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service [X]
    S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
    S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2013-06-18] (Microsoft Windows -> Realtek Semiconductor Corporation)
    R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
    R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-30] (SOKNO S.R.L. -> Almico Software)
    S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
    S3 MpKslf2c0ebb5; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75EDB686-453C-4F74-A5F2-631715D2897D}\MpKslDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-11-28 15:31 - 2020-11-28 15:32 - 000011030 _____ C:\Users\my pc\Desktop\FRST.txt
    2020-11-28 15:30 - 2020-11-28 15:32 - 000000000 ____D C:\FRST
    2020-11-28 15:27 - 2020-11-28 15:28 - 002290176 _____ (Farbar) C:\Users\my pc\Desktop\FRST64.exe
    2020-11-25 18:28 - 2020-11-25 18:31 - 347373576 _____ (Emsisoft Ltd. ) C:\Users\my pc\Downloads\EmsisoftAntiMalwareSetup_bc.exe
    2020-11-25 17:13 - 2020-11-25 17:13 - 000000000 ____D C:\Users\my pc\AppData\Local\Pipeer
    2020-11-25 17:12 - 2020-11-25 17:13 - 000000000 ____D C:\Program Files (x86)\MachinerData
    2020-11-25 17:12 - 2014-04-03 20:22 - 000645592 _____ C:\Windows\SysWOW64\sqlite3.dll
    2020-11-25 17:12 - 2005-04-27 12:40 - 000002570 _____ C:\Windows\WINDVDBOOTRECDOE.sys
    2020-11-25 17:11 - 2020-11-25 17:19 - 000000000 ____D C:\Program Files (x86)\VirtualDVI
    2020-11-24 16:34 - 2020-11-24 16:34 - 000001354 _____ C:\Users\my pc\Desktop\VID-20200628-WA0004.lnk
    2020-11-24 16:34 - 2020-11-24 16:34 - 000001332 _____ C:\Users\my pc\Downloads\VID-20200628-WA0004.lnk
    2020-11-24 16:31 - 2020-11-24 16:31 - 008282380 _____ C:\Users\my pc\Downloads\VID-20200628-WA0004.mp4
    2020-11-17 11:49 - 2020-11-17 11:49 - 000244410 _____ C:\Users\my pc\Downloads\CMVOLT_10112020.CSV
    2020-11-17 11:03 - 2020-11-17 11:03 - 000243388 _____ C:\Users\my pc\Downloads\CMVOLT_14112020.CSV
    2020-11-17 08:57 - 2020-11-17 08:57 - 000001070 _____ C:\Users\my pc\Desktop\Follow-Fibonacci-ratio-dynamic-approach-in-trade.lnk
    2020-11-13 14:57 - 2020-11-13 14:57 - 005289700 _____ C:\Users\my pc\Downloads\VID-20201112-WA0003.mp4
    2020-11-12 11:54 - 2020-11-12 11:54 - 011720050 _____ C:\Users\my pc\Downloads\DAC Rayar Kudil_compressed - Copy.pdf
    2020-10-31 11:23 - 2020-10-31 11:23 - 010378893 _____ C:\Users\my pc\Downloads\EBrochure.pdf
    2020-10-31 11:17 - 2020-10-31 11:17 - 000029696 _____ C:\Users\my pc\Downloads\The Bloomingdale Cost sheet.xls

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-11-28 15:26 - 2015-09-13 02:15 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2010342076-676048620-2654598280-1001
    2020-11-28 11:35 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-11-27 17:08 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\NDF
    2020-11-25 19:07 - 2017-12-08 17:46 - 000000000 ____D C:\Users\my pc\AppData\Local\CrashDumps
    2020-11-25 14:40 - 2015-09-13 02:09 - 000000000 ____D C:\Users\my pc
    2020-11-25 14:40 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
    2020-11-25 09:20 - 2017-04-11 09:13 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
    2020-11-24 11:23 - 2020-01-07 11:08 - 000018432 _____ C:\Users\my pc\Desktop\Fibo retrace1 (1).xls
    2020-11-18 09:21 - 2018-01-11 19:16 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-11-12 09:09 - 2015-11-21 18:29 - 000000000 ____D C:\Users\my pc\AppData\Local\ElevatedDiagnostics
    2020-11-11 10:21 - 2018-01-11 19:32 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-11-11 10:21 - 2018-01-11 19:32 - 000004324 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
    2020-11-11 10:21 - 2013-08-22 21:08 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2020-11-11 10:21 - 2013-08-22 21:08 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2020-11-11 10:21 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2020-11-11 10:21 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
    2020-11-05 19:34 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf

    ==================== Files in the root of some directories ========

    2016-10-11 19:02 - 2016-10-11 19:02 - 000007609 _____ () C:\Users\my pc\AppData\Local\Resmon.ResmonCfg
    2016-10-06 20:13 - 2016-10-06 20:13 - 000000000 _____ () C:\Users\my pc\AppData\Local\{F2E70E13-5AC6-4D9F-9E10-3CD44B0850E1}

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2020-11-24 08:58
    ==================== End of FRST.txt ========================

  2. #2
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2020
    Ran by my pc (28-11-2020 15:33:33)
    Running from C:\Users\my pc\Desktop
    Windows 8.1 Pro (X64) (2015-09-12 20:39:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2010342076-676048620-2654598280-500 - Administrator - Disabled)
    Guest (S-1-5-21-2010342076-676048620-2654598280-501 - Limited - Disabled)
    my pc (S-1-5-21-2010342076-676048620-2654598280-1001 - Administrator - Enabled) => C:\Users\my pc

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.453 - Adobe)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.66 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
    Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Java(TM) SE Development Kit 6 Update 43 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160430}) (Version: 1.6.0.430 - Oracle)
    Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
    Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )

    Packages:
    =========
    Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2020-03-18] (Microsoft Corporation) [MS Ad]
    Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2016-04-02] (Skype) [MS Ad]
    Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2020-03-18] (Microsoft Corporation) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
    HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2020-11-18 09:21 - 2020-11-25 19:04 - 153401840 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\chrome.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gfe_rd=cr&ei=bmy6WOvfH8iL8QeG45LoAQ&gws_rd=ssl
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 18:55 - 2018-01-16 17:41 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\my pc\Desktop\IMG-20170811-WA0007.jpg
    DNS Servers: 192.168.225.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AeLookupSvc => 3
    MSCONFIG\Services: ALG => 3
    MSCONFIG\Services: AppIDSvc => 3
    MSCONFIG\Services: AppMgmt => 3
    MSCONFIG\Services: AppReadiness => 3
    MSCONFIG\Services: AxInstSV => 3
    MSCONFIG\Services: BDESVC => 3
    MSCONFIG\Services: BITS => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: CertPropSvc => 3
    MSCONFIG\Services: CscService => 3
    MSCONFIG\Services: DPS => 2
    MSCONFIG\Services: Eaphost => 3
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: fhsvc => 3
    MSCONFIG\Services: GoogleChromeElevationService => 3
    MSCONFIG\Services: hidserv => 3
    MSCONFIG\Services: hkmsvc => 3
    MSCONFIG\Services: HomeGroupListener => 3
    MSCONFIG\Services: HomeGroupProvider => 3
    MSCONFIG\Services: iphlpsvc => 2
    MSCONFIG\Services: KtmRm => 3
    MSCONFIG\Services: lltdsvc => 3
    MSCONFIG\Services: Netlogon => 3
    MSCONFIG\Services: p2pimsvc => 3
    MSCONFIG\Services: p2psvc => 3
    MSCONFIG\Services: PeerDistSvc => 3
    MSCONFIG\Services: PerfHost => 3
    MSCONFIG\Services: pla => 3
    MSCONFIG\Services: PlugPlay => 3
    MSCONFIG\Services: PNRPAutoReg => 3
    MSCONFIG\Services: PNRPsvc => 3
    MSCONFIG\Services: PolicyAgent => 3
    MSCONFIG\Services: PrintNotify => 3
    MSCONFIG\Services: SCPolicySvc => 3
    MSCONFIG\Services: Spooler => 2
    MSCONFIG\Services: Themes => 2
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: wuauserv => 3
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "LWS"
    HKLM\...\StartupApproved\Run32: => "tvncontrol"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{04FFBBC9-BAA9-42FD-A7BE-CA9696362106}C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [UDP Query User{C742AD1E-389E-4097-8F7D-3FC2175B1B30}C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [{CB499DCF-4C69-48A4-9971-50AC91FD5305}] => (Block) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [{72D5CE6A-292C-4596-B163-BC48E559D35D}] => (Block) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [TCP Query User{6E5571A2-141B-47C1-9F48-BE787CD3FDF1}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe => No File
    FirewallRules: [UDP Query User{F4CC53B3-A929-4045-8526-30E659B14773}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe => No File
    FirewallRules: [{99A5ED43-0929-49C1-A573-30412D31223D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
    FirewallRules: [{D2CC4500-F618-4386-A264-75A5B2E45986}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    11-11-2020 10:14:32 Scheduled Checkpoint
    19-11-2020 09:31:50 Scheduled Checkpoint
    28-11-2020 13:04:28 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (11/28/2020 03:21:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Adobe Acrobat Reader DC - Update 'Adobe Acrobat Reader DC
    (19.010.20098)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/28/2020 03:21:03 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
    Description: Product: Adobe Acrobat Reader DC -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action InstallWebResources, location: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe, command: 19.010.20098 18.011.20040.1

    Error: (11/28/2020 02:48:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:34:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:34:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:34:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:28:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:28:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


    System errors:
    =============
    Error: (11/28/2020 01:00:57 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (11/28/2020 01:00:26 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (11/28/2020 12:33:43 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (11/28/2020 12:33:12 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (11/28/2020 11:37:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The %1!s! Update Service (avast) service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (11/28/2020 11:35:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (11/28/2020 11:35:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AnyDesk Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (11/28/2020 09:02:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The %1!s! Update Service (avast) service failed to start due to the following error:
    The system cannot find the file specified.


    Windows Defender:
    ===================================
    Date: 2020-11-28 12:33:33.113
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {DAEFB977-5DAA-40E2-968E-AE5908D90582}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-11-27 14:37:34.541
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {354A21EE-EC4F-4DE2-8352-5C36E65764C0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-11-27 13:42:11.239
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {498233BD-E1F9-48C6-846B-DC95C2B7A8F6}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-11-27 12:49:38.126
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...tid=2147733337
    Name: Trojan:JS/Iframe.EX
    ID: 2147733337
    Severity: Severe
    Category: Trojan
    Path: containerfile:_C:\Users\my pc\AppData\Local\Temp\5a6f6c28-8c9d-4cf6-b29a-aea5f7de7012.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\97cc9110-2dd2-4ae1-a41c-04cc88dbf13c.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\a30dbf13-dcb0-40b6-9898-8dc08ccebd64.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\d9226878-32b1-48b9-ab1e-e015f8e2f9af.tmp;file:_C:\Users\my pc\AppData\Local\Temp\5a6f6c28-8c9d-4cf6-b29a-aea5f7de7012.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\97cc9110-2dd2-4ae1-a41c-04cc88dbf13c.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\a30dbf13-dcb0-40b6-9898-8dc08ccebd64.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\d9226878-32b1-48b9-ab1e-e015f8e2f9af.tmp->(GZip)->(UTF-16LE)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: User
    Process Name: Unknown
    Signature Version: AV: 1.327.1543.0, AS: 1.327.1543.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.17600.5, NIS: 2.1.14600.4

    Date: 2020-11-27 11:44:54.911
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...tid=2147733337
    Name: Trojan:JS/Iframe.EX
    ID: 2147733337
    Severity: Severe
    Category: Trojan
    Path: containerfile:_C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e41;containerfile:_C:\Users\my pc\AppData\Local\Temp\0112708d-6414-4d88-8e0d-4ea7ec9d8cf7.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\22e4dccf-9342-41ed-b85b-d18870b7c012.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\b5b5305c-98bd-43ee-88f0-77c65340df27.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\ebed0b37-97d5-4c75-9800-b66b068ec639.tmp;file:_C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e41->(GZip);file:_C:\Users\my pc\AppData\Local\Temp\0112708d-6414-4d88-8e0d-4ea7ec9d8cf7.tmp->(GZip);file:_C:\Users\my pc\AppData\Local\Temp\22e4dccf-9342-41ed-b85b-d18870b7c012.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\b5b5305c-98bd-43ee-88f0-77c65340df27.tmp->(GZip);file:_C:\Users\my pc\AppData\Local\Temp\ebed0b37-97d5-4c75-9800-b66b068ec639.tmp->(GZip)->(UTF-16LE)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: User
    Process Name: Unknown
    Signature Version: AV: 1.327.1543.0, AS: 1.327.1543.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.17600.5, NIS: 2.1.14600.4

    Date: 2020-11-27 13:44:43.668
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.1543.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-27 13:44:27.448
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.1543.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-26 09:03:04.841
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.1174.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-19 12:42:52.820
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.772.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-12 10:10:33.217
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.352.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    CodeIntegrity:
    ===================================

    Date: 2018-12-28 16:57:57.772
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-28 16:54:39.557
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-28 08:56:40.200
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-27 09:01:14.337
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-26 18:16:09.607
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-26 07:14:10.120
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-25 11:39:44.518
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-25 08:38:07.728
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 6.09 03/22/2011
    Motherboard: MSI 2AB4
    Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
    Percentage of memory in use: 85%
    Total physical RAM: 1783.11 MB
    Available physical RAM: 256.89 MB
    Total Virtual: 2999.11 MB
    Available Virtual: 729.31 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:97.31 GB) (Free:70.17 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:135.23 GB) (Free:134.88 GB) NTFS
    Drive f: (TOX_VCD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS

    \\?\Volume{784bb8a1-598d-11e5-8250-806e6f6e6963}\ () (Fixed) (Total:0.34 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B7A483F7)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=135.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================

  3. #3
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2020
    Ran by my pc (28-11-2020 15:33:33)
    Running from C:\Users\my pc\Desktop
    Windows 8.1 Pro (X64) (2015-09-12 20:39:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2010342076-676048620-2654598280-500 - Administrator - Disabled)
    Guest (S-1-5-21-2010342076-676048620-2654598280-501 - Limited - Disabled)
    my pc (S-1-5-21-2010342076-676048620-2654598280-1001 - Administrator - Enabled) => C:\Users\my pc

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.453 - Adobe)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.66 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
    Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Java(TM) SE Development Kit 6 Update 43 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160430}) (Version: 1.6.0.430 - Oracle)
    Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
    Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )

    Packages:
    =========
    Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2020-03-18] (Microsoft Corporation) [MS Ad]
    Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2016-04-02] (Skype) [MS Ad]
    Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2020-03-18] (Microsoft Corporation) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
    HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2020-11-18 09:21 - 2020-11-25 19:04 - 153401840 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\chrome.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gfe_rd=cr&ei=bmy6WOvfH8iL8QeG45LoAQ&gws_rd=ssl
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 18:55 - 2018-01-16 17:41 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\my pc\Desktop\IMG-20170811-WA0007.jpg
    DNS Servers: 192.168.225.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AeLookupSvc => 3
    MSCONFIG\Services: ALG => 3
    MSCONFIG\Services: AppIDSvc => 3
    MSCONFIG\Services: AppMgmt => 3
    MSCONFIG\Services: AppReadiness => 3
    MSCONFIG\Services: AxInstSV => 3
    MSCONFIG\Services: BDESVC => 3
    MSCONFIG\Services: BITS => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: CertPropSvc => 3
    MSCONFIG\Services: CscService => 3
    MSCONFIG\Services: DPS => 2
    MSCONFIG\Services: Eaphost => 3
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: fhsvc => 3
    MSCONFIG\Services: GoogleChromeElevationService => 3
    MSCONFIG\Services: hidserv => 3
    MSCONFIG\Services: hkmsvc => 3
    MSCONFIG\Services: HomeGroupListener => 3
    MSCONFIG\Services: HomeGroupProvider => 3
    MSCONFIG\Services: iphlpsvc => 2
    MSCONFIG\Services: KtmRm => 3
    MSCONFIG\Services: lltdsvc => 3
    MSCONFIG\Services: Netlogon => 3
    MSCONFIG\Services: p2pimsvc => 3
    MSCONFIG\Services: p2psvc => 3
    MSCONFIG\Services: PeerDistSvc => 3
    MSCONFIG\Services: PerfHost => 3
    MSCONFIG\Services: pla => 3
    MSCONFIG\Services: PlugPlay => 3
    MSCONFIG\Services: PNRPAutoReg => 3
    MSCONFIG\Services: PNRPsvc => 3
    MSCONFIG\Services: PolicyAgent => 3
    MSCONFIG\Services: PrintNotify => 3
    MSCONFIG\Services: SCPolicySvc => 3
    MSCONFIG\Services: Spooler => 2
    MSCONFIG\Services: Themes => 2
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: wuauserv => 3
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "LWS"
    HKLM\...\StartupApproved\Run32: => "tvncontrol"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
    HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{04FFBBC9-BAA9-42FD-A7BE-CA9696362106}C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [UDP Query User{C742AD1E-389E-4097-8F7D-3FC2175B1B30}C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [{CB499DCF-4C69-48A4-9971-50AC91FD5305}] => (Block) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [{72D5CE6A-292C-4596-B163-BC48E559D35D}] => (Block) C:\program files (x86)\omnesys\nest3_3.18.1.5\nesttrader.exe => No File
    FirewallRules: [TCP Query User{6E5571A2-141B-47C1-9F48-BE787CD3FDF1}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe => No File
    FirewallRules: [UDP Query User{F4CC53B3-A929-4045-8526-30E659B14773}C:\program files (x86)\now\now.exe] => (Allow) C:\program files (x86)\now\now.exe => No File
    FirewallRules: [{99A5ED43-0929-49C1-A573-30412D31223D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
    FirewallRules: [{D2CC4500-F618-4386-A264-75A5B2E45986}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    11-11-2020 10:14:32 Scheduled Checkpoint
    19-11-2020 09:31:50 Scheduled Checkpoint
    28-11-2020 13:04:28 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (11/28/2020 03:21:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Adobe Acrobat Reader DC - Update 'Adobe Acrobat Reader DC
    (19.010.20098)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (11/28/2020 03:21:03 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
    Description: Product: Adobe Acrobat Reader DC -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action InstallWebResources, location: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe, command: 19.010.20098 18.011.20040.1

    Error: (11/28/2020 02:48:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:34:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:34:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:34:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:28:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (11/28/2020 12:28:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


    System errors:
    =============
    Error: (11/28/2020 01:00:57 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (11/28/2020 01:00:26 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (11/28/2020 12:33:43 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (11/28/2020 12:33:12 PM) (Source: DCOM) (EventID: 10010) (User: RANGA)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (11/28/2020 11:37:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The %1!s! Update Service (avast) service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (11/28/2020 11:35:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (11/28/2020 11:35:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AnyDesk Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (11/28/2020 09:02:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The %1!s! Update Service (avast) service failed to start due to the following error:
    The system cannot find the file specified.


    Windows Defender:
    ===================================
    Date: 2020-11-28 12:33:33.113
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {DAEFB977-5DAA-40E2-968E-AE5908D90582}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-11-27 14:37:34.541
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {354A21EE-EC4F-4DE2-8352-5C36E65764C0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-11-27 13:42:11.239
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {498233BD-E1F9-48C6-846B-DC95C2B7A8F6}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-11-27 12:49:38.126
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...tid=2147733337
    Name: Trojan:JS/Iframe.EX
    ID: 2147733337
    Severity: Severe
    Category: Trojan
    Path: containerfile:_C:\Users\my pc\AppData\Local\Temp\5a6f6c28-8c9d-4cf6-b29a-aea5f7de7012.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\97cc9110-2dd2-4ae1-a41c-04cc88dbf13c.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\a30dbf13-dcb0-40b6-9898-8dc08ccebd64.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\d9226878-32b1-48b9-ab1e-e015f8e2f9af.tmp;file:_C:\Users\my pc\AppData\Local\Temp\5a6f6c28-8c9d-4cf6-b29a-aea5f7de7012.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\97cc9110-2dd2-4ae1-a41c-04cc88dbf13c.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\a30dbf13-dcb0-40b6-9898-8dc08ccebd64.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\d9226878-32b1-48b9-ab1e-e015f8e2f9af.tmp->(GZip)->(UTF-16LE)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: User
    Process Name: Unknown
    Signature Version: AV: 1.327.1543.0, AS: 1.327.1543.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.17600.5, NIS: 2.1.14600.4

    Date: 2020-11-27 11:44:54.911
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...tid=2147733337
    Name: Trojan:JS/Iframe.EX
    ID: 2147733337
    Severity: Severe
    Category: Trojan
    Path: containerfile:_C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e41;containerfile:_C:\Users\my pc\AppData\Local\Temp\0112708d-6414-4d88-8e0d-4ea7ec9d8cf7.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\22e4dccf-9342-41ed-b85b-d18870b7c012.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\b5b5305c-98bd-43ee-88f0-77c65340df27.tmp;containerfile:_C:\Users\my pc\AppData\Local\Temp\ebed0b37-97d5-4c75-9800-b66b068ec639.tmp;file:_C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e41->(GZip);file:_C:\Users\my pc\AppData\Local\Temp\0112708d-6414-4d88-8e0d-4ea7ec9d8cf7.tmp->(GZip);file:_C:\Users\my pc\AppData\Local\Temp\22e4dccf-9342-41ed-b85b-d18870b7c012.tmp->(GZip)->(UTF-16LE);file:_C:\Users\my pc\AppData\Local\Temp\b5b5305c-98bd-43ee-88f0-77c65340df27.tmp->(GZip);file:_C:\Users\my pc\AppData\Local\Temp\ebed0b37-97d5-4c75-9800-b66b068ec639.tmp->(GZip)->(UTF-16LE)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: User
    Process Name: Unknown
    Signature Version: AV: 1.327.1543.0, AS: 1.327.1543.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.17600.5, NIS: 2.1.14600.4

    Date: 2020-11-27 13:44:43.668
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.1543.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-27 13:44:27.448
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.1543.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-26 09:03:04.841
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.1174.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-19 12:42:52.820
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.772.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2020-11-12 10:10:33.217
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.327.352.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    CodeIntegrity:
    ===================================

    Date: 2018-12-28 16:57:57.772
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-28 16:54:39.557
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-28 08:56:40.200
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-27 09:01:14.337
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-26 18:16:09.607
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-26 07:14:10.120
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-25 11:39:44.518
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-12-25 08:38:07.728
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 6.09 03/22/2011
    Motherboard: MSI 2AB4
    Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
    Percentage of memory in use: 85%
    Total physical RAM: 1783.11 MB
    Available physical RAM: 256.89 MB
    Total Virtual: 2999.11 MB
    Available Virtual: 729.31 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:97.31 GB) (Free:70.17 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:135.23 GB) (Free:134.88 GB) NTFS
    Drive f: (TOX_VCD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS

    \\?\Volume{784bb8a1-598d-11e5-8250-806e6f6e6963}\ () (Fixed) (Total:0.34 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B7A483F7)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=135.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================

  4. #4
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    one more site i am often redirected
    https://quick-speedtest.com/?c=stff6...73651&ct=1&v=1

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ================================

    Which browser is getting redirected?

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  6. #6
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Google Chrome is up to date
    Version 87.0.4280.66 (Official Build) (64-bit)

  7. #7
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 8.1 (6.3.9600) 64 bits
    Started in : Normal mode
    User : my pc [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20201126_165710, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2020/11/30 08:36:21 (Duration : 00:19:59)
    Switches : -minimize

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [Tr.Ursu (Malicious)] aiWisCopy.exe -- %programfiles(x86)%\MachinerData\aiWisCopy.exe -> Killed [Tree]
    [Tr.Ursu (Malicious)] Main Service -- %programfiles(x86)%\MachinerData\aiWisCopy.exe 1 -> ERROR [41C]
    [PUP.GCleaner (Potentially Malicious)] HKEY_USERS\S-1-5-21-2010342076-676048620-2654598280-1001\Software\GCleaner -- -> Deleted
    [Tr.Ursu (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Main Service -- [%programfiles(x86)%\MachinerData\aiWisCopy.exe 1] -> Deleted
    [Tr.Ursu (Malicious)] MachinerData -- %programfiles(x86)%\MachinerData -> Deleted
    => aiWisCopy.exe -- C:\PROGRA~2\MACHIN~1\AIWISC~1.EXE -> Deleted
    => main.exe -- C:\PROGRA~2\MACHIN~1\main.exe -> Deleted

  8. #8
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    RK report Not found on Desk Top

  9. #9
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    just for Information, even after RK, when tried to Download MB, it Redirected to some other site advt

  10. #10
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/30/20
    Scan Time: 9:01 AM
    Log File: 846b242e-32bc-11eb-8054-78e3b5ab55d6.json

    -Software Information-
    Version: 4.2.3.96
    Components Version: 1.0.1122
    Update Package Version: 1.0.33626
    License: Trial

    -System Information-
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: RANGA\my pc

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 235982
    Threats Detected: 13
    Threats Quarantined: 13
    Time Elapsed: 5 min, 34 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 3
    PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, 6933, 252393, 1.0.33626, , ame, , ,
    Trojan.CrthRazy, HKLM\SOFTWARE\WOW6432NODE\Machiner, Quarantined, 3181, 676882, 1.0.33626, , ame, , ,
    PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, 6933, 252393, 1.0.33626, , ame, , ,

    Registry Value: 2
    PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, 6933, 252393, 1.0.33626, , ame, , ,
    PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, 6933, 252393, 1.0.33626, , ame, , ,

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 8
    Adware.DownloadAssistant, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\086753A6D489A2DF.VIR, Quarantined, 1211, 883282, 1.0.33626, 0000000000000000000003E9, dds, 01006640, D81DCCAFF049C9F83C2BA07DAD1C4482, C4538DC642DE40339EDBBE67F6DDFED5710289BDC52E40CCAB42EE5BCCEEFD8C
    Adware.DownloadAssistant, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\DC51C3AA31156D0D.VIR, Quarantined, 1211, 883282, 1.0.33626, 0000000000000000000003E9, dds, 01006640, D81DCCAFF049C9F83C2BA07DAD1C4482, C4538DC642DE40339EDBBE67F6DDFED5710289BDC52E40CCAB42EE5BCCEEFD8C
    Malware.AI.1661497837, C:\PROGRAM FILES (X86)\VIRTUALDVI\VIRTUALDVF.EXE, Quarantined, 1000000, 0, 1.0.33626, BC5AE833FE226982630871ED, dds, 01006640, 3EA9CF578BA12523619E2EDD011401CB, 00E4E0E147E096D005983D0D1E5A30A43B4371E1E13E90A0C3D10955D78F2685
    Adware.DownloadAssistant, C:\$RECYCLE.BIN\S-1-5-21-2010342076-676048620-2654598280-1001\$RDFQJUF\POJSS-PURUSHA-20974884.EXE, Quarantined, 1211, 882787, 1.0.33626, 000000000000000000000068, dds, 01006640, 2DBE8E80678011F88CCF56E820BB54ED, 997FAD04026A0B287BBC009041B7DE6CA6546963FF075F03EA9A93EFEA9E2E2D
    Trojan.MalPack, C:\USERS\MY PC\APPDATA\LOCAL\TEMP\{EL2A-AEHEF-T0PY-UCI4D}\23462670692.EXE, Quarantined, 630, 882689, 1.0.33626, , ame, , 2CE8D5F7DC0875044116C339273519B3, 300E150DA71927CC30C62A3A95031114549639BC9EAF6819E3CA7DCD34A604C2
    Adware.DownloadAssistant, C:\USERS\MY PC\APPDATA\LOCAL\TEMP\TEMP1_POJSS-PURUSHA-20974884.ZIP\POJSS-PURUSHA-20974884.EXE, Quarantined, 1211, 882787, 1.0.33626, 000000000000000000000068, dds, 01006640, 2DBE8E80678011F88CCF56E820BB54ED, 997FAD04026A0B287BBC009041B7DE6CA6546963FF075F03EA9A93EFEA9E2E2D
    Spyware.CryptBot, C:\USERS\MY PC\APPDATA\LOCAL\TEMP\{EL2A-AEHEF-T0PY-UCI4D}\07550221522.EXE, Quarantined, 7398, 883271, 1.0.33626, 0000000000000000000003EB, dds, 01006640, 9A245CFF0A4D2292C490FE9933C5845E, 6DDD34E94EAD448DEB6C742159D1B2A5EC9762F973D39B6AF95239F0A413E22D
    Spyware.CryptBot, C:\USERS\MY PC\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\QD4JE6HN\FILE[1].EXE, Quarantined, 7398, 883271, 1.0.33626, 0000000000000000000003EB, dds, 01006640, 9A245CFF0A4D2292C490FE9933C5845E, 6DDD34E94EAD448DEB6C742159D1B2A5EC9762F973D39B6AF95239F0A413E22D

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  11. #11
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.8.0
    # -------------------------------
    # Build: 10-08-2020
    # Database: 2020-11-23.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 11-30-2020
    # Duration: 00:00:06
    # OS: Windows 8.1 Pro
    # Cleaned: 0
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1406 octets] - [30/11/2020 09:25:46]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

  12. #12
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Popup of Blocked Trojan site due to Malware has become more frequent and annoying.
    It was not the case before.
    Posted for yr analysis.

  13. #13
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    Uninstalled and reinstalled Chrome

  14. #14
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    No Pop up experienced in IE
    No Pop Up seen after uninstall / Reinstalling Chrome

  15. #15
    Join Date
    Aug 2010
    Location
    India,Chennai
    Posts
    312
    today again one Malware detected and deleted.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •