Parth115

Ish Sorry, completely forgot about it. Yes my PC is now behaving normally and good Just want to take one advice that whenever I install some program, some of them makes their directory very deep inside windows like AppData/Roaming or Local how do I remove them i don't want any stray files BTW I am very sincere about keeping my PC in good health regular PC cleanup with ccleaner but I don't know how I got this adware i was getting suspicion so was installing malwarebytes,but very glad you helped me . Thanks Man And no more queries

Sorry for delay, just forgot Here are the logs: Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017 Ran by Parth (19-07-2017 19:52:56) Run:1 Running from C:\Users\Parth\Desktop Loaded Profiles: Parth (Available Profiles: Parth) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Restriction <==== ATTENTION SearchScopes: HKU\S-1-5-21-1256186401-4122250216-2161670127-1001 -> {226C0947-895E-4309-84C7-F04984F4C4ED} URL = hxxps://in.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx DeleteKey: HKEY_CURRENT_USER\Google\Chrome\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom HKU\S-1-5-21-1256186401-4122250216-2161670127-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION FirewallRules: [TCP Query User{AF2E70E2-FC91-46C0-AC41-AAC0C0CD8728}H:\pc\softwares\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) H:\pc\softwares\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [UDP Query User{FAE7B9A0-DAD8-4251-AD1A-C08B9CD3B289}H:\pc\softwares\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) H:\pc\softwares\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe C:\Program Files\Erocketing Disk Software C:\ProgramData\KMSAuto C:\Users\Parth\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-1256186401-4122250216-2161670127-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{226C0947-895E-4309-84C7-F04984F4C4ED} => key removed successfully HKLM\Software\Classes\CLSID\{226C0947-895E-4309-84C7-F04984F4C4ED} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found. Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully Chrome DefaultSuggestURL => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom => key removed successfully HKEY_CURRENT_USER\Google\Chrome\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom => key not found. HKU\S-1-5-21-1256186401-4122250216-2161670127-1001\Software\Classes\regfile => key removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AF2E70E2-FC91-46C0-AC41-AAC0C0CD8728}H:\pc\softwares\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FAE7B9A0-DAD8-4251-AD1A-C08B9CD3B289}H:\pc\softwares\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe => value removed successfully C:\Program Files\Erocketing Disk Software => moved successfully C:\ProgramData\KMSAuto => moved successfully C:\Users\Parth\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28931108 B Java, Flash, Steam htmlcache => 492 B Windows/system/drivers => 4199296 B Edge => 6706853 B Chrome => 27714658 B Firefox => 20358575 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 10571772 B Parth => 58858007 B RecycleBin => 121021 B EmptyTemp: => 160.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:55:02 ====

Sorry, it was getting very late yesterday so I wasn't able to provide you logs, nvm attached logs Addition.txt FRST.txt

AdwCleaner Logs # AdwCleaner v6.047 - Logfile created 17/07/2017 at 22:30:45 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-07-13.1 [Server] # Operating System : Windows 10 Home Single Language (X64) # Username : Parth - PARTH-PC # Running from : C:\Users\Parth\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Parth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-1256186401-4122250216-2161670127-1001\Software\APN PIP [-] Key deleted: HKU\S-1-5-21-1256186401-4122250216-2161670127-1001\Software\cain [#] Key deleted on reboot: HKCU\Software\APN PIP [#] Key deleted on reboot: HKCU\Software\cain [#] Key deleted on reboot: [x64] HKCU\Software\APN PIP [#] Key deleted on reboot: [x64] HKCU\Software\cain [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=How+nice+current+Prime+Minister+of+India%3f&input=2&nclid=5CC3727A9F83A332DA97FCB14E3FF3D9&FORM=WNSSCX&cc=IN&setlang=en-US&sbts=1483173924834 [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=How+nice+current+Prime+Minister+of+India%3f&input=2&nclid=5CC3727A9F83A332DA97FCB14E3FF3D9&FORM=WNSSCX&cc=IN&setlang=en-US&sbts=1483173924834 ***** [ Web browsers ] ***** [-] [C:\Users\Parth\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: youndoo ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1824 Bytes] - [17/07/2017 22:30:45] C:\AdwCleaner\AdwCleaner[S0].txt - [2194 Bytes] - [17/07/2017 22:29:55] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1970 Bytes] ########## <----------------------------------------------------------------------------------------------------------> JRT Logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 10 Home Single Language x64 Ran by Parth (Administrator) on 17-07-2017 at 22:40:45.12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\WINDOWS\system32\Tasks\Erocketing Disk Software (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17-07-2017 at 22:48:05.37 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan Done Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/17/17 Scan Time: 9:57 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2384 License: Trial -System Information- OS: Windows 10 (Build 15063.483) CPU: x64 File System: NTFS User: PARTH-PC\Parth -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 454579 Threats Detected: 86 Threats Quarantined: 86 Time Elapsed: 12 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 86 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6326], [406765],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6326], [406766],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6326], [406767],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6326], [406768],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6326], [406769],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6326], [406770],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6326], [406773],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6326], [406774],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6326], [406775],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6326], [406778],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6326], [406779],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6326], [406781],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6326], [406788],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6326], [406787],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6326], [406783],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6326], [406784],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6326], [406789],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6326], [406823],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6326], [406822],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6326], [406790],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6326], [406791],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6326], [406792],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6326], [406793],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6326], [406821],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6326], [406806],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6326], [406807],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6326], [406812],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6326], [406811],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6326], [406810],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6326], [406809],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6326], [406804],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6326], [406805],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6326], [406803],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6326], [406802],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6326], [406801],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6326], [406799],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6326], [406798],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6326], [406797],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6326], [406796],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6326], [406795],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6326], [406786],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6326], [406785],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6326], [406777],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6326], [406765],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6326], [406766],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6326], [406767],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6326], [406768],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6326], [406769],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6326], [406770],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6326], [406773],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6326], [406774],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6326], [406775],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6326], [406778],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6326], [406779],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6326], [406781],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6326], [406788],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6326], [406787],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6326], [406783],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6326], [406784],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6326], [406789],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6326], [406823],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6326], [406822],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6326], [406790],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6326], [406791],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6326], [406792],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6326], [406793],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6326], [406821],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6326], [406806],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6326], [406807],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6326], [406812],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6326], [406811],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6326], [406810],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6326], [406809],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6326], [406804],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6326], [406805],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6326], [406803],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6326], [406802],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6326], [406801],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6326], [406799],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6326], [406798],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6326], [406797],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6326], [406796],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6326], [406795],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6326], [406786],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6326], [406785],1.0.2384 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6326], [406777],1.0.2384 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)

Yes, now I am able to install Malwarebytes successfully, started the scan, Thanks for the help I will paste the summary ASAP

Hi, Thanks Aura for quick reply and providing your time, Here is the mbar-log you requested. I also attached the screenshot of detected files mbar-log-2017-07-17 (21-17-28).txt

Ran farbar again and it completed Addition.txt FRST.txt

I have uploaded mb-check-results.zip Farbar scan was stuck on scanning shortcuts so i uploaded the logs partially mb-check-results.zip Addition.txt FRST.txt

Unable to install Malwarebytes, its blocked by windows See Image: UAC has blocked Malwarebytes from installing