Solved I have been getting redirected to this url

[Abhishek]

So lately i have been getting issues while browsing, whenever i type a url and press enter my browser automatically redirects me to the page attached even though my net is working fine. I am using Windows 7 64 bit. I would be grateful for any help. thanks

 

[jmarket]

Hi @Abhishek and welcome to PCHF

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post for review by our Security Team

 

[Abhishek]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
Ran by SR (26-09-2017 22:07:54)
Running from C:\Users\SR\Desktop
Windows 7 Ultimate (X64) (2016-10-20 12:44:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-805211517-1252705670-668489745-500 - Administrator - Disabled)
Guest (S-1-5-21-805211517-1252705670-668489745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-805211517-1252705670-668489745-1002 - Limited - Enabled)
SR (S-1-5-21-805211517-1252705670-668489745-1000 - Administrator - Enabled) => C:\Users\SR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2015-04-07] (McAfee, Inc.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] ()
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2015-04-07] (McAfee, Inc.)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32B8B57C-0EE8-423D-B522-50FB116F7E16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-09] (Google Inc.)
Task: {7D3897D2-97AF-4D71-9436-72AC3063E860} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-09] (Google Inc.)
Task: {A84F1148-0E66-4439-AE92-338058728D82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {B6F48275-AC5C-4996-9EE0-C035E168BB32} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-03] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-26 19:08 - 2017-09-21 12:59 - 002692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\swiftshader\libglesv2.dll
2017-09-26 19:08 - 2017-09-21 12:59 - 000138584 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2009-06-11 02:30 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-805211517-1252705670-668489745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C064689-5EE8-49AC-BF37-77DE1C9CCCEA}] => (Allow) I:\Program Files\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A8A7662B-1723-488F-B432-DED388A76ABC}] => (Allow) I:\Program Files\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{20ADB24F-CBF2-4D52-822D-D8E5E9631091}] => (Allow) I:\Program Files\Digital Imaging\bin\hposid01.exe
FirewallRules: [{230E82D7-FDB3-4755-951B-E6FBDCF9D850}] => (Allow) I:\Program Files\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{27A7882A-C1AE-4F87-AD8C-AB5EDB65C79C}] => (Allow) I:\Program Files\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{29C5F0A2-41B6-467A-8CC6-EA8CEB85D7AD}] => (Allow) I:\Program Files\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{B12DEEA0-EF3D-4FDB-B2AB-66D326A66BD2}] => (Allow) I:\Program Files\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{1824DE9D-941C-4B8B-8D99-1BB2F6F76E1A}] => (Allow) I:\Program Files\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{93FE03E2-A43E-457F-BD09-999A523E1919}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{392DA3BE-4578-4863-BEE9-ED7B4873087E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2017 11:52:23 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={DD0BBEAE-F7C9-4D5A-8C91-2AB6E3327394}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (09/14/2017 11:52:18 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={20D0BDEC-9B5E-4691-8E57-EF8B3ACB40BF}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (09/14/2017 11:52:13 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9C39C86D-DD8C-4E01-A36D-0901A6B26D63}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (09/14/2017 11:06:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={094D84B6-DFB0-4B1F-9E96-C1D0CA9C1FEE}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (09/14/2017 11:05:40 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A56E8061-9752-4A29-9984-F101E038D9DB}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (09/14/2017 10:58:10 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={2714E9BD-5B11-4C2F-90B6-9485408C0EF9}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (09/14/2017 10:57:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C8C7BC08-B541-42C7-9E7F-71784F7BA4D0}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (09/14/2017 10:51:49 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E64795A5-6121-43D0-911A-1416EDAD82AC}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (09/14/2017 10:51:42 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BA181F4B-D4B0-4923-B2E2-0B64FF55B1F3}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (09/14/2017 10:51:30 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={915B7E3C-A856-4FF1-86DA-EFA77055C954}: The user ABHI-PC\SR dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.


System errors:
=============
Error: (09/26/2017 08:08:53 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/26/2017 08:08:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/26/2017 08:05:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/26/2017 08:05:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/26/2017 08:05:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/26/2017 08:04:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/26/2017 08:04:29 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/26/2017 06:33:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Personal Firewall Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/26/2017 06:33:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.

Error: (09/26/2017 06:33:20 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Percentage of memory in use: 71%
Total physical RAM: 2038.3 MB
Available physical RAM: 583.84 MB
Total Virtual: 4076.61 MB
Available Virtual: 2027.65 MB

==================== Drives ================================

Drive c: (win) (Fixed) (Total:13.97 GB) (Free:1.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (STUFF) (Fixed) (Total:37.25 GB) (Free:6.08 GB) FAT32
Drive e: (SONGS) (Fixed) (Total:37.25 GB) (Free:0.58 GB) FAT32
Drive f: (MOVIES) (Fixed) (Total:60.54 GB) (Free:8.8 GB) FAT32
Drive g: (New Volume) (Fixed) (Total:116.44 GB) (Free:112.68 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:232.88 GB) (Free:3.94 GB) NTFS
Drive i: (New Volume) (Fixed) (Total:116.44 GB) (Free:13.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 31CF31CE)
Partition 1: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.1 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B1A6CB7C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)

==================== End of Addition.txt ============================



















Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01
Ran by SR (administrator) on ABHI-PC (26-09-2017 22:08:14)
Running from C:\Users\SR\Desktop
Loaded Profiles: SR (Available Profiles: SR)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-805211517-1252705670-668489745-1000\...\MountPoints2: {024fb8b5-742d-11e7-ae62-00e04c795d9c} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-805211517-1252705670-668489745-1000\...\MountPoints2: {024fb8b9-742d-11e7-ae62-00e04c795d9c} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-805211517-1252705670-668489745-1000\...\MountPoints2: {024fb8c9-742d-11e7-ae62-00e04c795d9c} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-805211517-1252705670-668489745-1000\...\MountPoints2: {d23c4f2f-4d42-11e7-9c5c-00e04c795d9c} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-805211517-1252705670-668489745-1000\...\MountPoints2: {d23c4f34-4d42-11e7-9c5c-00e04c795d9c} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-805211517-1252705670-668489745-1000\...\MountPoints2: {d23c4f3c-4d42-11e7-9c5c-00e04c795d9c} - K:\HiSuiteDownLoader.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2017-05-30]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [2017-05-30]
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{20A76BF1-D894-4A9F-B730-34EB1A11159C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CA41DFAD-7D6A-47E9-AD0D-8A8EA9DD6085}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-805211517-1252705670-668489745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-805211517-1252705670-668489745-1000 -> DefaultScope {E466C0B0-F1D1-4C24-914A-BABEBB5C2BE5} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B015US997D20170809&p={searchTerms}
SearchScopes: HKU\S-1-5-21-805211517-1252705670-668489745-1000 -> {E466C0B0-F1D1-4C24-914A-BABEBB5C2BE5} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B015US997D20170809&p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-09-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default [2017-09-26]
CHR Extension: (YouTube) - C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-09]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-09-02]
CHR Extension: (Bubbles) - C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmlfdhandmdjnapmjopbnccgpcageop [2017-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\SR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2017-09-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2017-09-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154856 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-26 22:06 - 2017-09-26 22:07 - 000016242 _____ C:\Users\SR\Desktop\Addition.txt
2017-09-26 22:04 - 2017-09-26 22:08 - 000014325 _____ C:\Users\SR\Desktop\FRST.txt
2017-09-26 22:04 - 2017-09-26 22:08 - 000000000 ____D C:\FRST
2017-09-26 21:55 - 2017-09-26 22:01 - 002399744 _____ (Farbar) C:\Users\SR\Desktop\FRST64.exe
2017-09-07 22:16 - 2017-09-26 21:51 - 000004278 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D514383-14CF-42AA-8E40-493DBC484225}
2017-09-03 22:15 - 2017-09-03 22:49 - 000000000 ____D C:\Users\SR\AppData\Roaming\Opera Software
2017-09-03 22:15 - 2017-09-03 22:49 - 000000000 ____D C:\Users\SR\AppData\Local\Opera Software
2017-09-03 22:13 - 2017-09-03 22:49 - 000000000 ____D C:\Program Files\Opera
2017-09-02 14:02 - 2017-09-02 14:02 - 000001919 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2017-09-02 14:02 - 2017-09-02 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-09-02 14:01 - 2013-09-23 13:49 - 000197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2017-09-02 13:59 - 2017-09-02 13:59 - 000000000 ____D C:\Program Files (x86)\McAfee.com
2017-09-02 13:57 - 2017-09-13 21:30 - 000003308 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-09-02 13:57 - 2017-09-02 14:02 - 000000000 ____D C:\Program Files\McAfee
2017-09-02 13:57 - 2017-09-02 13:57 - 000000000 ____D C:\Program Files\McAfee.com
2017-09-02 13:57 - 2017-09-02 13:57 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-02 13:44 - 2016-04-26 17:56 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-09-02 13:17 - 2017-09-02 13:17 - 000000192 _____ C:\Windows\wininit.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-26 21:57 - 2009-07-14 10:15 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-26 21:57 - 2009-07-14 10:15 - 000010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-26 20:08 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-26 19:08 - 2017-06-09 20:56 - 000002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 19:08 - 2017-06-09 20:56 - 000002186 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-14 22:55 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2017-09-14 22:43 - 2017-08-09 00:04 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-09-13 21:30 - 2017-08-08 22:10 - 000000000 ____D C:\ProgramData\McAfee
2017-09-13 14:58 - 2017-05-30 13:30 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-13 14:58 - 2017-05-30 13:30 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-13 14:58 - 2017-05-30 13:30 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-13 14:58 - 2017-05-30 13:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-13 14:58 - 2017-05-30 13:30 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-04 18:00 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2017-09-04 17:27 - 2017-05-30 15:27 - 000000000 ____D C:\Users\SR\AppData\Roaming\vlc
2017-09-03 22:49 - 2016-10-20 18:16 - 000001446 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-03 22:49 - 2016-10-20 18:16 - 000001412 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-09-02 14:16 - 2017-06-01 11:50 - 000000000 ____D C:\Windows\Minidump
2017-09-02 14:16 - 2016-10-21 07:20 - 000000000 ____D C:\Windows\Panther
2017-09-02 14:01 - 2017-08-08 22:11 - 000000000 ____D C:\Program Files\Common Files\McAfee

==================== Files in the root of some directories =======

2017-08-20 18:49 - 2017-08-20 19:12 - 000003781 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2015-04-08 18:36 - 2015-04-08 18:36 - 000119312 _____ (McAfee, Inc.) C:\Users\SR\AppData\Local\Temp\McCSPInstall.dll
2017-09-02 13:17 - 2015-04-08 18:36 - 000161472 _____ (McAfee Inc.) C:\Users\SR\AppData\Local\Temp\mccspuninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-25 22:57

==================== End of FRST.txt ============================

 

[gus]

Hello Abhishek and welcome again to PCHF
My Name is Gus and I'll be helping you. Before we start can I ask you to read these instructions carefully and if possible print them out for use as we go through the cleaning process. Depending on what tools are in use you may not have access to these instructions.

• If you are unsure of any request as we progress PLEASE ASK, and remember as we proceed that there is no such thing as a silly question.
• Please let me know if you are receiving help at another forum on this issue so I can close this thread?
• At the right hand top of your first post please click on the"Watch thread" marker so you will receive an immediate alert when I reply.
• Please do not run any tools other than the ones we ask you to, some can be very dangerous and actually make things worse.
• Should any tools we ask you to use give you a security warning you can safely allow them to run, they have all been proven safe.
• Download any requested tools and make sure to run them from the desktop, unless specifically instructed otherwise.
• Please do not install any other software whilst we cleanup, this can complicate the process, making cleaning impossible.
• With malware it can be impossible to determine the outcome, and whilst we will work to a positive result we strongly recommend you backup all your personal files and folders before we begin.
• As we proceed with disinfecting it may appear as if your computer is back to normal, but please stay with me till I give you the all clear. In return I will do the same for you.
• Do remember the fixes used to clean your machine are meant for your computer only, and the use on another computer may cause serious damage to that machine.
• When your machine has been cleaned we will remove all the tools used, and also give you some tips to keep your computer clean and safe in the future.
• Finally, please allow me a little time to analyse any logs I request from you, I know you want your computer cleaned yesterday but please remember we are all volunteers here and we do have a life that sometimes takes us away from computers. If your thread gets closed due to no response from you you can PM me or a staff member and have it reopened. Should you not hear from me within 48 hours please PM me.
• That's the last of the fine print so lets get under way:thumbsup:

Whilst I check your FRST logs can you please run this tool and post the log produced?

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Clean" button.

After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Clean log)

Please Copy and Paste the contents of the log file with your next reply.:thumbsup:

 

[Abhishek]

There is no file with the same name, the files present in the folder are Adwcleaner[C0] Adwcleaner[S0] Adwcleaner[S1]

 

[gus]

After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Clean log)

Hi again Abhishek, In your case the log required is [C0]

 

[Abhishek]

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 28 15:07:54 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [948 B] - [2017/9/28 15:6:4]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

[gus]

Hello Abhishek, Please apply the fix for FRST, instructions follow.

Also your logs indicate you have 2 antivirus programs running,McAfee and Defender. This is never advisable and can cause issues, please disable one of them.

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"

Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post

 

[Abhishek]

I lately found out the reason of that redirection,it was due to my ISP. I appreciate your effort to help me out with this thing. thanks a lot.

 

[gus]

Glad it's sorted, you can follow the instructions to remove the tools we used if you wish?

Please go HERE and download Delfix Save it to your desktop.
Right click the new Delfix desktop icon

and then click "run as administrator"
Place a tick in the following checkboxes

1. Remove disinfection tools
2. Create registry backup
3. Purge system restore
4. Then select "Run"

Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.