Chrome browser opens to Index and Mozilla Firefox wont start

[devd]

Hi,

So a couple weeks ago (Jun 1), I did an unfortunate thing and installed a .exe file from an untrusted source due to some stupid reason. After a series of panicking, I downloaded malwarebytes which removed apparently 100+ Bad Things from my PC and allowed it to function again (the virus/adware would force my PC to run a bunch of random programs and take over my browser to set the homepage to Goojle.com or something like that which was clearly not right. But malwarebytes fixed that). However, I've noticed 2 things since then:

1. Opening Chrome browser no longer leads me to the google homepage. Instead, it leads to:file:///C:/PROGRA~2/Google/Chrome/APPLIC~1/58.0.3029.110/

2.Mozilla won't start

Can you please guide me out of this situation?

Thanks.

[devd]

++log files

Addition.txt

FRST.txt

[Aura]

Hi devd

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
  

This being said, it's time to clean-up some malware, so let's get started, shall we?

Please give me a few hours to review your logs and get back at you.

[Aura]

Thank you for waiting.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Click on the Fix button;
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Copy and paste its content in your next reply;
  

fixlist.txt

[Aura]

Hi devd,

Are you still with me?

[devd]

Ya ya I am still there.thanks for the reply..a lot of it actually!

Though I haven't acted on your advice but soon will.

I will get back to you by replying on this post again when I am done following your instructions. 

[Aura]

Alright, I'll be waiting  

[devd]

Hi Aura..I was about to start with the process through FRST.exe but when I clicked on it it says "This app cant run on your PC".Probably it got updated as it was runing fine just a while ago.

[Aura]

If you click on the "More Details" or "More Information" text in the message box, you'll see an option that says "Run Anyway".

[devd]

I already re-installed the software before reading your suggestion..anyway..i have generated the Log file.Copying it's contents below.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01
Ran by debanshu (20-06-2017 01:25:22) Run:1
Running from C:\Users\debanshu\Downloads
Loaded Profiles: debanshu (Available Profiles: debanshu & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\Run: [DriverUpdaterPro] => C:\Program Files (x86)\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-653892147-3159774569-4200303000-1002 -> DefaultScope {4DCE72C4-68A5-43B7-AB95-3D1C89D61251} URL = hxxps://in.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-653892147-3159774569-4200303000-1002 -> {4DCE72C4-68A5-43B7-AB95-3D1C89D61251} URL = hxxps://in.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

FF Plugin HKU\S-1-5-21-653892147-3159774569-4200303000-1002: @hola.org/FlashPlayer -> C:\Users\debanshu\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-03-06] ()
FF Plugin HKU\S-1-5-21-653892147-3159774569-4200303000-1002: @hola.org/vlc -> C:\Users\debanshu\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-03-06] (Hola)

CHR Extension: (Honey) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-06-14]
CHR Extension: (MakkhiChoose) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmlkidgbagkcikijiljllpdloelocn [2017-05-27]
CHR Extension: (Download Youtube Chrome) - C:\Users\debanshu\Downloads\download-youtube-chrome-2.0 [2017-06-16] [UpdateUrl: hxxp://www.downloadyoutubechrome.com/updates.xml] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

Task: {3853F1FD-14E5-49BC-8E5B-56D2CA44EE9C} - System32\Tasks\{0A96913E-3973-4E41-BEC8-7E7593965B1A} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {5F46C59C-852B-4E93-8CF1-0BC53FC3CE1A} - System32\Tasks\{4B8F2772-A215-4555-B7B3-0196B6830F4D} => pcalua.exe -a "C:\Program Files\Trend Micro\Titanium\Remove.exe"
Task: {95D0781C-20B9-4180-85D7-DE06DB7910FC} - System32\Tasks\{465C35A6-D4CD-48B8-851F-26413CB71753} => pcalua.exe -a "C:\Users\debanshu\Desktop\Age of Empires 2\AOE2 Game\Register-AOE.exe" -d "C:\Users\debanshu\Desktop\Age of Empires 2\AOE2 Game"

IE trusted site: HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\hola.org -> hxxp://hola.org

HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\StartupApproved\Run: => "DriverUpdaterPro"

FirewallRules: [TCP Query User{9A6E2E0D-E29F-4B00-A458-EDF2DBF36DA2}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [UDP Query User{D925DFFA-F344-4D5C-85EA-C906C1DAD146}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe

C:\Program Files\Hola
C:\Program Files (x86)\DriverUpdaterPro
C:\Program Files (x86)\Temp
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Mozilla Firefox\firefox.bat
C:\ProgramData\VideoDownloaderUltimateWinApp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
C:\Users\Default\AppData\Local\AdvinstAnalytics
C:\Users\Default User\AppData\Local\AdvinstAnalytics
C:\Users\debanshu\ntuser.pol
C:\Users\debanshu\Desktop\Tor Browser
C:\Users\debanshu\Desktop\Stаrt Тоr Вrоwsеr.lnk
C:\Users\debanshu\Downloads\download-youtube-chrome-2.0
C:\Users\debanshu\AppData\Local\AdvinstAnalytics
C:\Users\debanshu\AppData\Local\Hola
C:\Users\debanshu\AppData\Local\Temp;
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk
C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
C:\Users\Public\Desktop\Моzillа Firеfох.lnk

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DriverUpdaterPro => value removed successfully
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloaderUltimate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DCE72C4-68A5-43B7-AB95-3D1C89D61251} => key removed successfully
HKLM\Software\Classes\CLSID\{4DCE72C4-68A5-43B7-AB95-3D1C89D61251} => key not found. 
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\MozillaPlugins\@hola.org/FlashPlayer => key removed successfully
C:\Users\debanshu\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => moved successfully
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\MozillaPlugins\@hola.org/vlc => key removed successfully
C:\Users\debanshu\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => moved successfully
C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj => moved successfully
C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmlkidgbagkcikijiljllpdloelocn => moved successfully
C:\Users\debanshu\Downloads\download-youtube-chrome-2.0 <==== ATTENTION => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
HKLM\System\CurrentControlSet\Services\Amsp => key removed successfully
Amsp => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3853F1FD-14E5-49BC-8E5B-56D2CA44EE9C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3853F1FD-14E5-49BC-8E5B-56D2CA44EE9C} => key removed successfully
C:\Windows\System32\Tasks\{0A96913E-3973-4E41-BEC8-7E7593965B1A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A96913E-3973-4E41-BEC8-7E7593965B1A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F46C59C-852B-4E93-8CF1-0BC53FC3CE1A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F46C59C-852B-4E93-8CF1-0BC53FC3CE1A} => key removed successfully
C:\Windows\System32\Tasks\{4B8F2772-A215-4555-B7B3-0196B6830F4D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B8F2772-A215-4555-B7B3-0196B6830F4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95D0781C-20B9-4180-85D7-DE06DB7910FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95D0781C-20B9-4180-85D7-DE06DB7910FC} => key removed successfully
C:\Windows\System32\Tasks\{465C35A6-D4CD-48B8-851F-26413CB71753} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{465C35A6-D4CD-48B8-851F-26413CB71753} => key removed successfully
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org => key removed successfully
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\DriverUpdaterPro => value removed successfully
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverUpdaterPro => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9A6E2E0D-E29F-4B00-A458-EDF2DBF36DA2}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D925DFFA-F344-4D5C-85EA-C906C1DAD146}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe => value removed successfully
C:\Program Files\Hola => moved successfully
"C:\Program Files (x86)\DriverUpdaterPro" => not found.
C:\Program Files (x86)\Temp => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat => moved successfully
C:\Program Files (x86)\Internet Explorer\iexplore.bat => moved successfully
C:\Program Files (x86)\Mozilla Firefox\firefox.bat => moved successfully
"C:\ProgramData\VideoDownloaderUltimateWinApp" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\Users\debanshu\ntuser.pol => moved successfully
"C:\Users\debanshu\Desktop\Tor Browser" => not found.
C:\Users\debanshu\Desktop\Stаrt Тоr Вrоwsеr.lnk => moved successfully
C:\Users\debanshu\Downloads\download-youtube-chrome-2.0 => moved successfully
C:\Users\debanshu\AppData\Local\AdvinstAnalytics => moved successfully
C:\Users\debanshu\AppData\Local\Hola => moved successfully
C:\Users\debanshu\AppData\Local\Temp; => moved successfully
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk => moved successfully
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk => moved successfully
C:\Users\debanshu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk => moved successfully
C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk => moved successfully
C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk => moved successfully
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\Public\Desktop\Моzillа Firеfох.lnk => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18776922 B
Java, Flash, Steam htmlcache => 758 B
Windows/system/drivers => 9689026 B
Edge => 0 B
Chrome => 792521056 B
Firefox => 102920163 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 101641837 B
LocalService => 119696 B
NetworkService => 1595846 B
debanshu => 195135704 B
Guest => 1291445 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 01:28:28 ====

[Aura]

Good! Since you already ran Malwarebytes prior to posting this thread, we'll do a sweep with JRT and AdwCleaner now.

Junkware Removal Tool (JRT)

• Download Junkware Removal Tool (JRT) and move it to your Desktop;
• Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Press on any key to launch the scan and let it complete;
  
  Credits : BleepingComputer.com
• Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
  

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the EULA (I accept), let the database update, then click on Scan;
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
  

Your next reply(ies) should therefore contain:

• Copy/pasted JRT log;
• Copy/pasted AdwCleaner clean log;
  

[devd]

Hi...

Pasting the logs...first the JRT and then ADwCleaner.

1.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8 Single Language x64 
Ran by debanshu (Administrator) on 21-06-2017 at  0:31:49.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8 

Successfully deleted: C:\ProgramData\ammyy (Folder) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\debanshu\AppData\Local\torch (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\Program Files (x86)\esupport.com (Folder) 

Deleted the following from C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Profiles\jt6nfb6w.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21-06-2017 at  0:36:47.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

2.

# AdwCleaner v6.047 - Logfile created 21/06/2017 at 00:43:40
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-20.1 [Server]
# Operating System : Windows 8 Single Language  (X64)
# Username : debanshu - HOMEWORK
# Running from : C:\Users\debanshu\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: DrvAgent64

***** [ Folders ] *****

[-] Folder deleted: C:\Users\debanshu\AppData\Roaming\devnull
[-] Folder deleted: C:\ProgramData\devnull
[#] Folder deleted on reboot: C:\ProgramData\Application Data\devnull
[-] Folder deleted: C:\Program Files (x86)\devnull
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\AdvinstAnalytics
[-] Folder deleted: C:\AppData\Roaming\devnull

***** [ Files ] *****

[-] File deleted: C:\Windows\SysWOW64\drivers\DRVAGENT64.SYS

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C8B797A0-024C-4D90-80F5-4CCC0988013A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4511A7B0-96B2-47A7-84AB-FB76078EA007}
[-] Key deleted: HKU\.DEFAULT\Software\Hola
[-] Key deleted: HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\DriverUpdaterPro
[-] Key deleted: HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\eSupport.com
[-] Key deleted: HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\torch
[-] Key deleted: HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\Link64
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Hola
[#] Key deleted on reboot: HKCU\Software\DriverUpdaterPro
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\torch
[#] Key deleted on reboot: HKCU\Software\Link64
[#] Key deleted on reboot: [x64] HKCU\Software\DriverUpdaterPro
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\torch
[#] Key deleted on reboot: [x64] HKCU\Software\Link64
[-] Key deleted: [x64] HKLM\SOFTWARE\Hola
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4724 Bytes] - [03/06/2017 23:54:50]
C:\AdwCleaner\AdwCleaner[C2].txt - [2672 Bytes] - [21/06/2017 00:43:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [4356 Bytes] - [03/06/2017 23:45:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [2787 Bytes] - [21/06/2017 00:43:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2891 Bytes] ##########
 

Thanks..

[Aura]

Good  Now run a new scan with FRST and provide me a fresh set of logs, as I'll look for any remnants left behind.

[devd]

3 minutes ago, Aura said:

Good  Now run a new scan with FRST and provide me a fresh set of logs, as I'll look for any remnants left behind.

..Sure.

[devd]

FRST Log..

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01
Ran by debanshu (administrator) on HOMEWORK (21-06-2017 00:57:47)
Running from C:\Users\debanshu\Downloads
Loaded Profiles: debanshu (Available Profiles: debanshu & Guest)
Platform: Windows 8 Single Language (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\debanshu\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-07-12] (Broadcom Corporation.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10592256 2013-10-25] (Broadcom Corporation)
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [2141184 2013-05-31] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213856 2013-05-31] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [819760 2013-05-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\Run: [uTorrent] => C:\Users\debanshu\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\debanshu\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\MountPoints2: E - "E:\Autorun.exe" 
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\MountPoints2: {0404c762-3d23-11e3-be6a-806e6f6e6963} - "D:\Autorun.exe" 
BootExecute: autocheck autochk * 
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{54F39E5F-4E6F-44C5-92BB-1F5A3508B732}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7ADF8D4D-A78C-45F6-9B40-E3F8656EF448}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.in/
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SAJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2016-01-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2016-01-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-28] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jt6nfb6w.default
FF ProfilePath: C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Profiles\jt6nfb6w.default [2017-06-20]
FF Extension: (Lightbeam) - C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Profiles\jt6nfb6w.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-03-23]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Profiles\jt6nfb6w.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-03-31]
FF Extension: (GitHub Extension Installer) - C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Profiles\jt6nfb6w.default\Extensions\{86054B0A-BD85-42F9-8E58-8794EC6F6EA1}.xpi [2016-01-10]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Profiles\jt6nfb6w.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
FF Extension: (Docs Online Viewer) - C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Profiles\jt6nfb6w.default\Extensions\{bfb54675-2fd9-4e22-949d-c36333aff6b5}.xpi [2016-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (No Name) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-03-20] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-20] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2016-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2016-01-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default [2017-06-21]
CHR Extension: (Google Slides) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-05]
CHR Extension: (Google Docs) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-05]
CHR Extension: (Google Drive) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (MakkhiChoose) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmlkidgbagkcikijiljllpdloelocn [2017-06-20]
CHR Extension: (Cisco WebEx Extension) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-22]
CHR Extension: (Tatkal Ticket Now) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\konojmimochobcfkmnamhlhnpiofplkm [2017-06-15]
CHR Extension: (Autofill) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2017-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-22]
CHR Extension: (Gmail) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-07-23] (Broadcom Corporation.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [642648 2013-06-26] (Sony Corporation)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [248640 2013-05-31] (Trend Micro Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-07] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1656600 2016-03-31] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6100480 2013-10-25] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdGpio; C:\Windows\System32\drivers\AmdGpio.sys [17640 2013-08-01] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AmdSMBus; C:\Windows\System32\drivers\AmdSMBus.sys [40168 2013-08-01] (Advanced Micro Devices, INC.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [172760 2013-07-23] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6957744 2013-10-25] (Broadcom Corporation)
R3 btwpanfl; C:\Windows\system32\drivers\btwpanfl.sys [44760 2013-07-23] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-07-18] (Realsil Semiconductor Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [107048 2013-05-30] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2013-05-30] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2013-05-30] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [94520 2013-05-30] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [33176 2013-05-30] (trend_company_name)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [77184 2013-05-30] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2013-05-30] (Trend Micro Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-01-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-01-29] (Microsoft Corporation)
S3 easytether; \SystemRoot\system32\DRIVERS\easytthr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-21 00:36 - 2017-06-21 00:36 - 00001489 _____ C:\Users\debanshu\Desktop\JRT.txt
2017-06-21 00:31 - 2017-06-21 00:31 - 04110280 _____ C:\Users\debanshu\Desktop\AdwCleaner.exe
2017-06-21 00:29 - 2017-06-21 00:29 - 01663672 _____ (Malwarebytes) C:\Users\debanshu\Desktop\JRT.exe
2017-06-20 01:56 - 2017-06-20 01:57 - 30360545 _____ C:\Users\debanshu\Downloads\xvideos.com_86691a92644abf4e634c84d2a0fe0fa4.mp4
2017-06-20 01:30 - 2017-06-21 00:31 - 00000000 ____D C:\Users\debanshu\AppData\Local\Temp;
2017-06-20 01:25 - 2017-06-20 01:28 - 00013037 _____ C:\Users\debanshu\Downloads\Fixlog.txt
2017-06-20 01:24 - 2017-06-20 01:24 - 02439680 _____ (Farbar) C:\Users\debanshu\Downloads\FRST64 (1).exe
2017-06-20 01:17 - 2017-06-20 01:17 - 00000000 ____D C:\Users\debanshu\Downloads\FRST-OlderVersion
2017-06-20 01:06 - 2017-06-20 01:08 - 00003746 _____ C:\Users\debanshu\Desktop\Westbengalfacts.txt
2017-06-18 16:10 - 2017-06-18 16:10 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2017-06-18 16:09 - 2017-06-18 16:09 - 05838640 _____ (Adobe Systems Inc.) C:\Users\debanshu\Downloads\Shockwave_Installer_Slim.exe
2017-06-18 13:20 - 2017-06-18 13:21 - 00785288 _____ C:\Users\debanshu\Documents\1606172157Grade B ad 2017 for Website.pdf
2017-06-16 19:47 - 2017-06-16 19:48 - 00047509 _____ C:\Users\debanshu\Downloads\Addition.txt
2017-06-16 19:46 - 2017-06-21 00:58 - 00018761 _____ C:\Users\debanshu\Downloads\FRST.txt
2017-06-16 19:46 - 2017-06-21 00:57 - 00000000 ____D C:\FRST
2017-06-16 19:45 - 2017-06-20 01:17 - 01050624 _____ C:\Users\debanshu\Downloads\FRST64.exe
2017-06-16 16:28 - 2017-06-16 16:35 - 230688820 _____ C:\Users\debanshu\Documents\videoplayback1.mp4
2017-06-16 16:15 - 2014-11-26 17:30 - 00000312 _____ C:\Users\debanshu\Desktop\download.js
2017-06-16 16:15 - 2014-11-26 15:56 - 00000548 _____ C:\Users\debanshu\Desktop\manifest.json
2017-06-16 16:14 - 2017-06-16 16:14 - 00000814 _____ C:\Users\debanshu\Downloads\download-youtube-chrome-2.0.zip
2017-06-16 02:40 - 2017-06-16 02:40 - 02036392 _____ C:\Users\debanshu\Documents\THE_HINDU_REVIEW_2017.pdf
2017-06-15 01:47 - 2017-06-15 01:47 - 00012651 _____ C:\Users\debanshu\Downloads\ManyVids - Lena Paul - Anal Training 1 - My 1st Anal Sex Orgasm! mp4 (Lena Paul First Anal)-[rarbg.to].torrent
2017-06-15 01:47 - 2017-06-15 01:47 - 00012651 _____ C:\Users\debanshu\Downloads\ManyVids - Lena Paul - Anal Training 1 - My 1st Anal Sex Orgasm! mp4 (Lena Paul First Anal)-[rarbg.to] (1).torrent
2017-06-15 01:47 - 2017-06-15 01:47 - 00000000 ____D C:\Users\debanshu\AppData\LocalLow\uTorrent
2017-06-14 00:24 - 2017-06-14 00:24 - 208365332 _____ C:\Windows\MEMORY.DMP
2017-06-14 00:24 - 2017-06-14 00:24 - 00321680 _____ C:\Windows\Minidump\061417-68765-01.dmp
2017-06-12 01:36 - 2017-06-12 01:38 - 04263836 _____ C:\Users\debanshu\Documents\MIT14_01SCF10_lec02_300k.mp4
2017-06-12 01:32 - 2017-06-12 01:32 - 15822980 _____ C:\Users\debanshu\Documents\MIT14_01SCF11_rttext.pdf
2017-06-11 19:18 - 2017-06-11 19:18 - 00060379 _____ C:\Users\debanshu\Downloads\MomsInControl - Misty Stone &amp; Sarah Banks - Like Mother, Like Daughter 480p mp4-[rarbg.to].torrent
2017-06-11 19:18 - 2017-06-11 19:18 - 00016930 _____ C:\Users\debanshu\Downloads\BFFS - Lily Rader, Carolina Sweets - Lust In Translation mp4-[rarbg.to].torrent
2017-06-11 19:15 - 2017-06-11 19:15 - 00033758 _____ C:\Users\debanshu\Downloads\CuckoldSessions - Gabriella Paltrova mp4 11 June 2017-[rarbg.to].torrent
2017-06-11 19:12 - 2017-06-11 19:12 - 00032447 _____ C:\Users\debanshu\Downloads\MonstersOfCock - Vienna Black - Stretching My Step Sister's Pussy mp4 11 June 2017-[rarbg.to].torrent
2017-06-11 19:12 - 2017-06-11 19:12 - 00032447 _____ C:\Users\debanshu\Downloads\MonstersOfCock - Vienna Black - Stretching My Step Sister's Pussy mp4 11 June 2017-[rarbg.to] (1).torrent
2017-06-11 18:48 - 2017-06-14 13:49 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-06-11 12:46 - 2017-06-11 12:46 - 00833428 _____ C:\Users\debanshu\Downloads\General studies syllabus.tif
2017-06-10 17:24 - 2017-06-10 17:24 - 00035437 _____ C:\Users\debanshu\Downloads\Culioneros - Tight Italian Pussy - BlackAngelika-[rarbg.to].torrent
2017-06-10 16:03 - 2017-06-10 16:03 - 00027282 _____ C:\Users\debanshu\Downloads\Culioneros - Russian Chicks Love To Be censoreded - Bibi Noel-[rarbg.to].torrent
2017-06-10 15:41 - 2017-06-10 15:41 - 00017940 _____ C:\Users\debanshu\Downloads\NoBoring - Lara - Three dudes shag high-heeled babe mp4-[rarbg.to].torrent
2017-06-10 10:56 - 2017-06-10 10:56 - 00003261 _____ C:\Users\debanshu\Downloads\ColombiacensoredFest - Reina Taylor mp4 06 June 2017-[rarbg.to].torrent
2017-06-10 10:53 - 2017-06-10 10:53 - 00019864 _____ C:\Users\debanshu\Downloads\BangBus - Megan Rain - Jizz On Megan mp4-[rarbg.to].torrent
2017-06-06 00:46 - 2017-06-06 00:46 - 00042186 _____ C:\Users\debanshu\Downloads\ShesNew - Davina Davis - New To The Sex Game mp4 04 June 2017-[rarbg.to].torrent
2017-06-06 00:44 - 2017-06-06 00:44 - 00039005 _____ C:\Users\debanshu\Downloads\Big Latina Tits 9 (2017) WEB-DL SPLIT SCENES MP4-RARBG-[rarbg.to].torrent
2017-06-03 23:43 - 2017-06-03 23:47 - 00002686 _____ C:\Users\debanshu\Desktop\Rkill.txt
2017-06-03 23:40 - 2017-06-21 00:43 - 00000000 ____D C:\AdwCleaner
2017-06-03 23:25 - 2017-06-03 23:57 - 00000000 ____D C:\Users\debanshu\AppData\Local\FSDART
2017-06-03 23:25 - 2017-06-03 23:35 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-03 16:27 - 2017-06-03 16:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-06-03 16:23 - 2017-06-03 16:23 - 00192540 _____ C:\Users\debanshu\Downloads\idm-crack.zip
2017-06-03 16:16 - 2017-06-03 16:18 - 07167896 _____ (Tonec Inc.) C:\Users\debanshu\Downloads\idman628build11.exe
2017-05-28 13:05 - 2017-05-28 13:05 - 03457474 _____ C:\Users\debanshu\Downloads\Economic Development NCERT.zip
2017-05-24 00:28 - 2017-05-24 00:30 - 27078904 _____ (Insecure.org) C:\Users\debanshu\Downloads\nmap-7.40-setup.exe
2017-05-22 01:17 - 2017-05-22 01:17 - 00000890 _____ C:\Users\debanshu\Desktop\Router Settings.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-21 00:45 - 2012-07-26 12:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-21 00:44 - 2015-09-11 09:06 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-20 01:27 - 2015-05-24 18:42 - 00000000 ____D C:\Users\debanshu\AppData\LocalLow\Temp
2017-06-20 01:26 - 2017-04-25 10:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-20 01:26 - 2015-03-02 09:46 - 00000000 ____D C:\Users\debanshu
2017-06-20 01:10 - 2016-01-17 15:33 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-20 01:09 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-20 01:09 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-19 01:08 - 2016-09-18 22:33 - 00001705 _____ C:\Users\debanshu\Desktop\notes.txt
2017-06-18 15:09 - 2015-10-17 12:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-18 12:31 - 2016-02-01 21:07 - 00000000 ____D C:\Users\debanshu\Documents\phi
2017-06-17 21:56 - 2015-12-26 18:28 - 00000000 ____D C:\Users\debanshu\Documents\FIFA 12
2017-06-16 19:30 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\AUInstallAgent
2017-06-16 19:29 - 2012-07-26 13:42 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 02:20 - 2015-06-16 12:18 - 00000000 ____D C:\Users\debanshu\AppData\Roaming\uTorrent
2017-06-14 13:53 - 2016-03-13 17:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-06-14 13:53 - 2015-09-15 09:11 - 00000000 ____D C:\Users\Guest
2017-06-14 13:53 - 2013-10-25 10:03 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-06-14 13:52 - 2017-03-03 16:42 - 00000000 ____D C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto 3
2017-06-14 13:52 - 2015-12-24 02:55 - 00000000 ____D C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2017-06-14 13:52 - 2015-08-22 18:20 - 00000000 ____D C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
2017-06-14 13:52 - 2015-03-08 13:09 - 00000000 ____D C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-14 13:52 - 2015-03-02 09:48 - 00000000 ____D C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2017-06-14 13:50 - 2017-01-19 00:25 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2017-06-14 13:50 - 2016-08-10 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Britannica Knowledge Pack
2017-06-14 13:50 - 2016-04-18 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2017-06-14 13:50 - 2016-01-19 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-06-14 13:50 - 2015-10-23 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 11g Express Edition
2017-06-14 13:50 - 2015-10-17 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-14 13:50 - 2015-09-22 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 13:50 - 2015-09-22 19:12 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2017-06-14 13:50 - 2015-09-19 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-14 13:50 - 2015-09-05 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2017-06-14 13:50 - 2015-07-05 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2017-06-14 13:50 - 2015-07-04 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-06-14 13:50 - 2015-03-08 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-14 13:50 - 2015-03-05 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Rivals
2017-06-14 13:50 - 2013-10-25 10:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2017-06-14 13:50 - 2013-10-25 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2017-06-14 13:48 - 2015-03-02 10:13 - 00000000 ____D C:\Users\debanshu\AppData\Roaming\Mozilla
2017-06-14 13:48 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\registration
2017-06-14 02:18 - 2017-03-02 14:35 - 00001978 _____ C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2017-06-14 02:18 - 2017-02-12 19:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-06-14 02:18 - 2017-01-19 00:25 - 00002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2017-06-14 02:18 - 2017-01-19 00:25 - 00002020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2017-06-14 02:18 - 2016-09-11 21:41 - 00001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2017-06-14 02:18 - 2015-09-14 12:24 - 00000637 _____ C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Libraries.lnk
2017-06-14 02:18 - 2015-04-25 21:38 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagannatha Hora.lnk
2017-06-14 02:18 - 2015-03-06 21:05 - 00002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk
2017-06-14 02:18 - 2015-03-06 19:58 - 00000299 _____ C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-06-14 02:18 - 2013-10-25 11:01 - 00001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2017-06-14 02:18 - 2013-10-25 10:42 - 00001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk
2017-06-14 02:18 - 2013-10-25 10:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-06-14 02:18 - 2013-10-25 10:30 - 00002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Movie Creator.lnk
2017-06-14 02:18 - 2013-10-25 10:24 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
2017-06-14 02:18 - 2013-10-25 10:23 - 00002390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gesture Control.lnk
2017-06-14 02:18 - 2013-10-25 10:23 - 00001556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
2017-06-14 02:18 - 2012-07-26 02:02 - 00002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2017-06-14 02:18 - 2012-07-26 01:51 - 00000787 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2017-06-14 02:18 - 2012-07-26 01:43 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
2017-06-14 02:17 - 2017-03-03 16:42 - 00001943 _____ C:\Users\debanshu\Desktop\Grand Theft Auto III.lnk
2017-06-14 02:17 - 2017-02-23 21:37 - 00001977 _____ C:\Users\debanshu\Desktop\PirateSnoop Browser.lnk
2017-06-14 02:17 - 2016-08-10 23:23 - 00002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Britannica Knowledge Pack.lnk
2017-06-14 02:17 - 2016-08-10 23:23 - 00002051 _____ C:\Users\Public\Desktop\Britannica Knowledge Pack.lnk
2017-06-14 02:17 - 2016-05-15 10:40 - 00000993 _____ C:\Users\debanshu\Desktop\fifa - Shortcut.lnk
2017-06-14 02:17 - 2016-04-18 01:13 - 00001758 _____ C:\Users\Public\Desktop\Stellarium.lnk
2017-06-14 02:17 - 2016-02-03 18:54 - 00001170 _____ C:\Users\debanshu\Desktop\eclipse - Shortcut.lnk
2017-06-14 02:17 - 2016-01-05 22:45 - 00001123 _____ C:\Users\Public\Desktop\Jagannatha Hora.lnk
2017-06-14 02:17 - 2015-10-23 18:36 - 00002090 _____ C:\Users\Public\Desktop\Get Started With Oracle Database 11g Express Edition .lnk
2017-06-14 02:17 - 2015-10-23 16:43 - 00000593 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk
2017-06-14 02:17 - 2015-10-17 12:29 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-14 02:17 - 2015-09-22 19:12 - 00001106 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2017-06-14 02:17 - 2015-09-05 15:06 - 00000907 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2017-06-14 02:17 - 2015-08-22 18:20 - 00001885 _____ C:\Users\debanshu\Desktop\BlueJ.lnk
2017-06-14 02:17 - 2015-06-16 12:18 - 00002624 _____ C:\Users\debanshu\Desktop\µTorrent.lnk
2017-06-14 02:17 - 2015-06-16 12:18 - 00000834 _____ C:\Users\debanshu\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-06-14 02:15 - 2015-03-04 14:57 - 00000000 ____D C:\Windows\Minidump
2017-06-14 02:15 - 2013-10-25 10:17 - 00000000 ____D C:\Program Files (x86)\Sony
2017-06-14 01:53 - 2016-11-23 01:36 - 00000000 ____D C:\Users\debanshu\AppData\LocalLow\Mozilla
2017-06-14 01:53 - 2015-03-02 10:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-14 01:51 - 2017-03-02 19:10 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2017-06-14 01:51 - 2013-10-25 10:17 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2017-06-14 01:51 - 2013-10-25 10:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-03 16:27 - 2012-07-26 13:42 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-06-02 23:39 - 2016-04-02 13:14 - 00000000 ____D C:\Users\debanshu\Desktop\personal
2017-06-01 03:01 - 2015-03-03 03:14 - 00000000 ____D C:\Users\debanshu\AppData\Local\ElevatedDiagnostics
2017-05-31 09:55 - 2012-07-26 13:29 - 00000000 ____D C:\Windows\CbsTemp
2017-05-25 01:01 - 2015-03-04 02:42 - 00000600 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-05-22 01:17 - 2012-07-26 11:07 - 00000000 ____D C:\Windows\Inf

==================== Files in the root of some directories =======

2015-03-05 21:02 - 2015-09-05 13:44 - 0007600 _____ () C:\Users\debanshu\AppData\Local\Resmon.ResmonCfg
2017-05-09 17:56 - 2017-05-09 17:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-11 11:54

==================== End of FRST.txt ============================

Addition Log..

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01
Ran by debanshu (21-06-2017 00:59:30)
Running from C:\Users\debanshu\Downloads
Windows 8 Single Language (X64) (2015-03-02 04:16:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-653892147-3159774569-4200303000-500 - Administrator - Disabled)
debanshu (S-1-5-21-653892147-3159774569-4200303000-1002 - Administrator - Enabled) => C:\Users\debanshu
Guest (S-1-5-21-653892147-3159774569-4200303000-501 - Limited - Enabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Britannica Knowledge Pack (HKLM-x32\...\Britannica Knowledge Pack) (Version:  - Britannica)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.138 - Broadcom Corporation)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto 3 (HKLM-x32\...\Grand Theft Auto 3   Version 1.1) (Version:    Version 1.1 - )
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IPFilter Updater (HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\07140e809c2bb6df) (Version: 2.0.0.4 - David Moore)
Jagannatha Hora 8.0 (HKLM-x32\...\Jagannatha Hora_is1) (Version: 8.0 - PVR Narasimha Rao)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Oracle Database 11g Express Edition (Version: 11.2.0 - Oracle Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Stellarium 0.14.3 (HKLM\...\Stellarium_is1) (Version: 0.14.3 - Stellarium team)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.4.1 - Synaptics Incorporated)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{404D6E7E-948E-4D2E-9540-59550AB59D4F}) (Version: 8.4.5.06026 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.3.8.13060 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.4.4.07220 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.4.0.06280 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.4.0.06280 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.2.00.07040 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.2.00.07040 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.3.0.05230 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.2.00.07040 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.2.00.07040 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.2.0.16270 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VUx64 (Version: 1.2.0 - Sony Corporation) Hidden
VUx86 (x32 Version: 1.2.0 - Sony Corporation) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7300 - Broadcom Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D5C180-F9DC-4E15-AAC0-70A2FFF5ACE7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-05-24] (Sony Corporation)
Task: {0335ED80-F132-4DBD-A44D-44583151D696} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2016-03-31] (Sony Corporation)
Task: {084ABFB2-FC78-4C52-91FF-AC2BAC63B39A} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-06-08] (Sony Corporation)
Task: {1201160E-241E-4915-AE29-A00B338D4181} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-20] (Adobe Systems Incorporated)
Task: {15F0AB33-6891-44FD-9C52-0A0037F18ED4} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {23914114-B16A-4495-81DA-41247CDF5BD8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-04-25] (CyberLink Corp.)
Task: {2CA1C3A1-B177-4766-9F68-AF877353096D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {2CA6FDD5-CAB6-4D6B-9DD0-0A8F8278A9DB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-31] (AVAST Software)
Task: {462D8088-9C5D-477F-A732-B7907BC9EC72} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {56C697DC-45FB-4250-83D2-60AE44ADCE94} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {5912CAAA-D63B-4E86-B720-EE2FFDE4D0EB} - System32\Tasks\Sony Corporation\VAIO Care\VTUsr => C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe [2016-05-30] (Sony Corporation)
Task: {5CF657C3-D30A-496E-AB52-F7DCF4CFA857} - System32\Tasks\Sony Corporation\VAIO Care\VTSvc => C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe [2016-05-30] (Sony Corporation)
Task: {65AAE3AB-AD92-4705-8B02-7417D641D4CC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {6CFBC0D2-5575-44C7-A019-4A716213620A} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {762E4564-EB3C-4EE6-A4F5-44E5A2792BE9} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcDaily => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2016-05-30] (Sony Corporation)
Task: {76F0E8A6-6225-4D5C-8DC1-2A0218FDD1F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {7859D5C4-9C9A-4386-8CD5-A528D8A65657} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-18] (Synaptics Incorporated)
Task: {79B468C4-5950-4FC2-B5A3-B1D12522F132} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-06-08] (Sony Corporation)
Task: {801FD793-9E8C-4D50-87A1-ECE4617B1D90} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcWeekly => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2016-05-30] (Sony Corporation)
Task: {82004AD6-11FC-483F-A23E-B2DB8B2C32CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9162B8E2-BB3A-492E-BBE8-95F51DC11F21} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)
Task: {A4775E96-A7F5-43BF-81D3-6821557E6561} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {AEF03768-D3CB-4CDB-806E-68B1C84C7AEC} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {B5C5A86F-E9F2-42A4-9010-37E20CB53FEA} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2016-04-25] (Sony Corporation)
Task: {B8C4136B-81ED-4D54-A2E0-C7F3177F55A3} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-07-11] (Sony Corporation)
Task: {C2D8F4F1-9B39-4E20-80C3-D96E49E56539} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2016-03-31] (Sony Corporation)
Task: {C4C80BAD-6D3B-4DA8-ADDF-E158A0386708} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {CF597879-B00A-425F-9B45-7655463CB030} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {D070AF95-1EFE-4D2B-92D0-945F5AF581F4} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {D37142F7-D8C7-48EA-91E6-ED52673B7B0E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-06-19] (Sony Corporation)
Task: {DF9D5F23-ABED-450A-A654-54C93B8F587F} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2016-03-24] (Sony Corporation)
Task: {E1FD963D-87FF-455F-B93F-513328A63AD0} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-06-19] (Sony Corporation)
Task: {FC219749-6E69-4DC1-A241-BB1B54BCA782} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2016-03-18] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-17 22:29 - 2014-04-17 22:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-12 04:21 - 2013-07-12 04:21 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-10-25 10:39 - 2013-05-30 23:31 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2013-10-25 10:39 - 2013-05-30 23:31 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2017-05-17 02:52 - 2017-05-09 13:42 - 02864984 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-17 02:52 - 2017-05-09 13:42 - 00087384 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 10:56 - 2012-07-26 10:56 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-653892147-3159774569-4200303000-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\debanshu\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Bluetooth"
HKLM\...\StartupApproved\Run: => "Broadcom Wireless Manager UI"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "Trend Micro Client Framework"
HKLM\...\StartupApproved\Run: => "VizorHtmlDialog.exe"
HKLM\...\StartupApproved\Run: => "Trend Micro Titanium"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-653892147-3159774569-4200303000-1002\...\StartupApproved\Run: => "HydraVisionDesktopManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5EBC8B32-D5AE-45ED-93D9-31ED392261CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{38650AC4-BFFB-49FC-8593-69BEDABD587C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{40A75FC3-520B-48BE-ABC5-D8C069190A0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0F73FF04-652E-48CB-9B35-4321C809AF67}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E16ED5C6-EC46-42DE-B970-55493438F4A3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{11F41661-9925-4999-B578-7D7CF7613CE3}C:\users\debanshu\downloads\utorrent.exe] => (Allow) C:\users\debanshu\downloads\utorrent.exe
FirewallRules: [UDP Query User{ECE16F1E-E9D0-47BD-94A2-774486B99F53}C:\users\debanshu\downloads\utorrent.exe] => (Allow) C:\users\debanshu\downloads\utorrent.exe
FirewallRules: [TCP Query User{7980ED22-23F9-4A8B-A911-A8A85E371E0E}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe
FirewallRules: [UDP Query User{18251EB2-C782-48F8-91C5-0B89198DB33A}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe
FirewallRules: [TCP Query User{78DEE86A-FC6F-4483-B348-F8A3DE45E7F6}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe
FirewallRules: [UDP Query User{96B5060C-80EC-486B-9D8A-150C66491EAD}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe
FirewallRules: [TCP Query User{78440712-419E-4320-AB16-5C54F0D4DC6D}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [UDP Query User{8016E428-3566-45B4-8A1C-6B0C91973CCC}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [{03CDBF90-B0DD-4260-8B3C-259EF0EBD70D}] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe
FirewallRules: [{C61F8D06-A68B-4272-8ECA-6E0B88E55AB4}] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39586.exe
FirewallRules: [{4DC53E1E-05BA-4338-AEA1-C78C57BDD761}] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [{0E02AF90-1B7D-4F51-B344-7F4CBC96AC9E}] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [TCP Query User{66AC87B4-EC95-4C05-A3A0-BBCAB7FB2906}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [UDP Query User{34DEA26F-1C30-452D-A23D-3CF796EC31F6}C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe] => (Allow) C:\users\debanshu\appdata\roaming\utorrent\updates\3.4.2_39710.exe
FirewallRules: [TCP Query User{94BABC2F-5E98-4758-8E0E-D394A7C50C0A}C:\users\debanshu\downloads\anydesk.exe] => (Allow) C:\users\debanshu\downloads\anydesk.exe
FirewallRules: [UDP Query User{41265A3E-A383-4CBA-8F22-2CB389892913}C:\users\debanshu\downloads\anydesk.exe] => (Allow) C:\users\debanshu\downloads\anydesk.exe
FirewallRules: [TCP Query User{EE7F1D4B-FAAA-432C-BEBB-4E3DE26976B5}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{02FEB493-6D51-42E4-A27F-9F7339CB5E05}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{5C7646AA-E7F6-400D-B61C-F2295E418626}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{45D4669D-3B01-4934-A055-4E9C057629C3}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{5798B0FC-744D-4997-B630-B9AA065A23F7}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{3E052900-A90C-4AA3-B8DA-8449FEF606FE}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{D7B8F5FB-D444-45DC-83C0-C8092A2FBEF6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D49A6870-260D-4435-8402-C295A9DF6150}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C8F86B07-06A9-4DBF-94A4-7BE976227E77}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{519E8B24-F527-4AA7-A83D-CCCF9408C712}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{7456467D-7DDE-4696-97CC-6BCE016A17AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{961B7406-1E7B-4964-B8DC-FA07BA9BE5FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2DAD9B2D-822D-4508-84EF-013A84B0E229}C:\users\debanshu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\debanshu\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D710C905-A764-4DE2-9E66-E7DF0C427A4B}C:\users\debanshu\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\debanshu\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C2BC91F1-3D62-42A7-A394-5050F6B1CE52}C:\users\debanshu\desktop\fifa 12\game\fifa.exe] => (Allow) C:\users\debanshu\desktop\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{42CF563C-4A39-4BAC-93BD-F728788DED6F}C:\users\debanshu\desktop\fifa 12\game\fifa.exe] => (Allow) C:\users\debanshu\desktop\fifa 12\game\fifa.exe
FirewallRules: [TCP Query User{0EF26A2B-6255-41C9-87F6-93F4892E1653}C:\users\debanshu\desktop\fifa 12\game\fifa.exe] => (Block) C:\users\debanshu\desktop\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{C186064F-973E-45BA-B396-C81379EFFFF4}C:\users\debanshu\desktop\fifa 12\game\fifa.exe] => (Block) C:\users\debanshu\desktop\fifa 12\game\fifa.exe
FirewallRules: [TCP Query User{D5996315-0549-4C62-8D68-28CBB5062765}C:\users\debanshu\appdata\local\temp\rar$exa0.863\u1504.exe] => (Allow) C:\users\debanshu\appdata\local\temp\rar$exa0.863\u1504.exe
FirewallRules: [UDP Query User{1AADF4C0-36E7-435C-90E0-6B3D75D473A2}C:\users\debanshu\appdata\local\temp\rar$exa0.863\u1504.exe] => (Allow) C:\users\debanshu\appdata\local\temp\rar$exa0.863\u1504.exe
FirewallRules: [TCP Query User{EC6591A1-24F6-44C7-A3B7-ED49E72AB1D1}C:\users\debanshu\appdata\local\temp\rar$exa0.313\u1504.exe] => (Allow) C:\users\debanshu\appdata\local\temp\rar$exa0.313\u1504.exe
FirewallRules: [UDP Query User{AB769A25-605F-4F68-A4B9-5A30CE73612F}C:\users\debanshu\appdata\local\temp\rar$exa0.313\u1504.exe] => (Allow) C:\users\debanshu\appdata\local\temp\rar$exa0.313\u1504.exe
FirewallRules: [TCP Query User{9CD3AFA5-1C0B-475A-A156-DB0FC09F15DE}C:\users\debanshu\appdata\local\temp\rar$exa0.075\u1504.exe] => (Allow) C:\users\debanshu\appdata\local\temp\rar$exa0.075\u1504.exe
FirewallRules: [UDP Query User{0C03D221-53B0-431B-B20F-2DCD0F6871A3}C:\users\debanshu\appdata\local\temp\rar$exa0.075\u1504.exe] => (Allow) C:\users\debanshu\appdata\local\temp\rar$exa0.075\u1504.exe
FirewallRules: [TCP Query User{90F7BB74-259E-46FC-884C-E98B3878DEC1}C:\users\debanshu\downloads\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\users\debanshu\downloads\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe
FirewallRules: [UDP Query User{46C20058-A9B1-49E0-9D21-19A9463F125F}C:\users\debanshu\downloads\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\users\debanshu\downloads\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe
FirewallRules: [TCP Query User{75D422DB-37D1-4E17-A65F-2BBF3642C1C9}C:\program files\java\jdk1.8.0_65\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_65\bin\jmc.exe
FirewallRules: [UDP Query User{557B28BE-C347-4B22-8DC9-C3E413EB8E92}C:\program files\java\jdk1.8.0_65\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_65\bin\jmc.exe
FirewallRules: [TCP Query User{8EA2A4C4-4E79-40E2-B0F3-B4EA5790CA13}C:\fifa 12\game\fifa.exe] => (Allow) C:\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{FD3C50D8-9B77-4F32-900F-8D6FB8C13E17}C:\fifa 12\game\fifa.exe] => (Allow) C:\fifa 12\game\fifa.exe
FirewallRules: [TCP Query User{1F414C3A-3EC3-4DE4-8D7B-D8B7602A15F7}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{939E2BFD-7B07-4BD9-AC83-02F4BF921091}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{DBBB2770-FC8E-4FE6-BFBC-108292858D29}D:\easysetupassistant\tssh2.exe] => (Block) D:\easysetupassistant\tssh2.exe
FirewallRules: [UDP Query User{73C953FD-9444-43D6-BDD8-FD0B642B4ED4}D:\easysetupassistant\tssh2.exe] => (Block) D:\easysetupassistant\tssh2.exe
FirewallRules: [TCP Query User{7B1C605B-AC1D-4D9A-B021-E190EBF43C78}C:\fifa 12\game\fifa.exe] => (Block) C:\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{D78A4459-2DFF-4C3A-A4F4-7C8412228080}C:\fifa 12\game\fifa.exe] => (Block) C:\fifa 12\game\fifa.exe
FirewallRules: [TCP Query User{8C259442-40B0-4E09-9897-AAF11975543E}C:\users\debanshu\desktop\age of empires 2\aoe2 game\empires2-play.exe] => (Block) C:\users\debanshu\desktop\age of empires 2\aoe2 game\empires2-play.exe
FirewallRules: [UDP Query User{A18CC7E1-54A2-4A71-AE59-DBB174427D42}C:\users\debanshu\desktop\age of empires 2\aoe2 game\empires2-play.exe] => (Block) C:\users\debanshu\desktop\age of empires 2\aoe2 game\empires2-play.exe
FirewallRules: [{179E2B99-5A8F-4380-8C0B-130AE3303DA4}] => (Allow) C:\Users\debanshu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91408932-E7A6-4DB3-B54B-A44EDEF00E8C}] => (Allow) C:\Users\debanshu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5461F0EB-A437-4B71-9A66-74C4C58F653C}] => (Allow) C:\Users\debanshu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CB63F75-4F06-40A4-969C-3C306440447B}] => (Allow) C:\Users\debanshu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{09A0192C-6D36-4254-BC1A-07FEBB66562F}] => (Allow) C:\Users\debanshu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{760B2B7E-B49D-4C94-AC82-E3C4FDA94493}] => (Allow) C:\Users\debanshu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{452B9469-4C27-44C3-B2F8-5C71BD42368F}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{A59C9AA9-2A09-4A63-AC6A-7BB6FEE44029}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{DA0D1C71-BCEB-4655-888E-0F04FE40471E}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{7FE5A26C-59D1-4DB2-B2B8-5EA4B4626F93}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [TCP Query User{19E9B754-F8F7-4A17-B983-60FBE808C39B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{65782259-1855-4044-BD3E-7B9FC8B5B2B8}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{ACA97715-2C70-4FA0-8508-FD7E40C2356B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71CC0201-E4DB-4119-A34F-6B26B49C9787}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F88F0493-8C0C-4B92-8916-49B8B106D1BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9CE0AB67-89BD-41A5-A50E-529B7C8F1535}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7FB6F793-6E95-4686-BC1A-8BE7D0EFEECA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-06-2017 01:36:57 Scheduled Checkpoint
03-06-2017 16:31:40 Removed Sparkol Tawe
14-06-2017 01:06:52 Scheduled Checkpoint
14-06-2017 01:36:51 Restore Operation
20-06-2017 01:25:28 Restore Point Created by FRST
21-06-2017 00:31:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2017 12:49:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/20/2017 01:25:27 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {15275b3e-d68f-4a96-814f-c90aa7f7affb}

Error: (06/20/2017 01:01:09 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (06/18/2017 12:56:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (06/16/2017 02:30:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NFS14_x86.exe, version: 1.1.0.0, time stamp: 0x52810f10
Faulting module name: NFS14_x86.exe, version: 1.1.0.0, time stamp: 0x52810f10
Exception code: 0xc0000005
Fault offset: 0x00128c1f
Faulting process id: 0x13d0
Faulting application start time: 0x01d2e67f088daea4
Faulting application path: C:\Program Files (x86)\NFS Rivals\NFS14_x86.exe
Faulting module path: C:\Program Files (x86)\NFS Rivals\NFS14_x86.exe
Report Id: 494fcd31-5272-11e7-beb9-3c77e6dc721a
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/16/2017 02:06:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (06/15/2017 01:19:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 82751121

Error: (06/15/2017 01:19:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 82751121

Error: (06/15/2017 01:19:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2017 01:52:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VizorHtmlDialog.exe, version: 6.0.0.1219, time stamp: 0x501a83d5
Faulting module name: libcef.dll, version: 2.0.0.1021, time stamp: 0x4ff4b1d4
Exception code: 0xc0000005
Fault offset: 0x00dafad5
Faulting process id: 0xb38
Faulting application start time: 0x01d2e482c6ee741e
Faulting application path: C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe
Faulting module path: C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll
Report Id: 071481b8-5076-11e7-beb8-3c77e6dc721a
Faulting package full name: 
Faulting package-relative application ID:

System errors:
=============
Error: (06/21/2017 12:44:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (06/21/2017 12:44:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (06/21/2017 12:44:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B3E53F1A-1C31-4A43-A66D-321FA322BCE7} did not register with DCOM within the required timeout.

Error: (06/21/2017 12:44:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (06/21/2017 12:44:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (06/21/2017 12:43:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VCService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/21/2017 12:43:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/21/2017 12:43:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VAIO Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (06/21/2017 12:43:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TiMiniService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/21/2017 12:43:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PMBDeviceInfoProvider service terminated unexpectedly.  It has done this 1 time(s).

==================== Memory info =========================== 

Processor: AMD A8-5545M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 53%
Total physical RAM: 3269.78 MB
Available physical RAM: 1531.16 MB
Total Virtual: 8269.78 MB
Available Virtual: 5583.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.64 GB) (Free:345.22 GB) NTFS
Drive d: (CD226A6) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 63071B5D)

Partition: GPT.

==================== End of Addition.txt ============================

Thanks..

 

[Aura]

Do you know these extensions? Did you install them?

CHR Extension: (MakkhiChoose) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmlkidgbagkcikijiljllpdloelocn [2017-06-20]
CHR Extension: (Tatkal Ticket Now) - C:\Users\debanshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\konojmimochobcfkmnamhlhnpiofplkm [2017-06-15]

The first one (MakkhiChoose) as been reported as PUP/Adware on the Chrome Web Store.

[devd]

Yes I did install them quite a while ago.Both of them.What shall I do now?

[devd]

Aura I'll catch up with you again tomorrow as I would be going off to sleep now.Please don't mind.Whatever I need to do next please include them in your next reply.bye.

[Aura]

Personally I would uninstall MakkhiChoose (since the dev. admitted that the extension can open tabs randomly with "special offers", which is adware by definition).

Once done, I would uninstall Google Chrome and Mozilla Firefox, reinstall them and see if they work properly. If you are logged in Google Chrome and sync is enabled, all your bookmarks, favorites, history, etc. will be preserved. Same for Mozilla Firefox.

Mozilla Firefox (backup profile): https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

[devd]

Okay Aura.. I am doing what you would have done.

 

[devd]

Hi Aura,finished uninstalling Makkhichoose and another extension in Chrome.

Also uninstalled Chrome and I am not able see Mozilla anymore in the Control Panel settings,though I do not remember uninstalling it.

Anything more?

And has the Mozilla really not there in my system? How can I be sure?

[devd]

Re-installed Chrome.The issue of going back to the index page of my hard drive instead of Google homepage is not there anymore.

[Aura]

Good, so that's solved for Google Chrome

As for Mozilla Firefox, I don't see it installed as a program in your logs, though there are traces of it (like firewall rules allowing the firefox.exe process to make connections). So install it from the website below, and see if it works after.

https://www.mozilla.org/en-US/firefox/new/

[devd]

Re-installing mozilla.Let's see if it works.

 

[devd]

Hey there was this option refresh firefox to which I agreed and clicked on refresh.Did I do the right thing?