Jump to content

Im affected, what to do


bikesh

Recommended Posts

Hi bikesh :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2018
Ran by Deoju (administrator) on DEOJU-PC (02-01-2018 12:20:02)
Running from C:\Users\Deoju\Downloads
Loaded Profiles: Deoju (Available Profiles: Deoju)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FortiClient System Helper) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BitTorrent Inc.) C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(BitTorrent Inc.) C:\Users\Deoju\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(BitTorrent Inc.) C:\Users\Deoju\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8916488 2017-09-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-02] (Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\Run: [uTorrent] => C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170872 2017-09-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2017-09-13] (NVIDIA Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{594A38D6-1300-4FE0-984C-F48392EE3C0A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{73DC59FE-8A2E-41EA-A106-3F69C12F1C54}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{90A1F769-C9AC-4D3A-A78D-3E5D245E7E2F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{90A1F769-C9AC-4D3A-A78D-3E5D245E7E2F}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{D6FC89FB-AF90-4280-9859-4D3AD50BC31A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F3D87FE8-8D76-4FCF-98C5-FCC8A9395908}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F9BED216-CC4A-4158-B0AF-83FF5E552CE9}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: f8k0iw6o.default-1511337893198
FF ProfilePath: C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198 [2018-01-02]
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198\Extensions\browsec@browsec.com.xpi [2017-11-23]
FF Extension: (Adblock Plus) - C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF Extension: (Disable Crash Auto Submit) - C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198\features\{a9cae43a-ff83-45c8-b27d-1ebe58154d70}\disable-crash-autosubmit@mozilla.org.xpi [2017-12-31] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2017-06-15] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2017-06-15] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2017-06-15] (Fortinet Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch"
CHR Profile: C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default [2017-11-05]
CHR Extension: (Slides) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (Docs) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-14]
CHR Extension: (YouTube) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-05]
CHR Extension: (Sheets) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Tables) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-14]
CHR Extension: (Quick Searcher) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-10-24]
CHR Extension: (Gmail) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-24]
CHR HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [127296 2017-06-15] (Fortinet Inc.)
R2 httpSocketSvc_4186786; C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe [1628672 2017-10-24] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172152 2016-08-12] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [324560 2017-09-15] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-09-15] ()
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87528 2015-10-13] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-27] (Motorola Solutions, Inc.)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2017-06-15] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2014-12-11] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2017-06-15] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2017-06-15] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [72272 2017-06-15] (Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [85072 2017-06-15] (Fortinet Inc)
R3 ftsvnic; C:\Windows\System32\DRIVERS\ftsvnic.sys [66600 2017-04-24] (Fortinet Inc.)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-20] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [357648 2016-07-13] (Intel Corporation)
S3 mdareDriver_62; C:\Users\Deoju\AppData\Local\Temp\FCPreScan\mdare64_62.sys [105344 2017-10-24] (Fortinet Inc.) <==== ATTENTION
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw04.sys [3498248 2016-08-25] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-09-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-09-13] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-09-13] (NVIDIA Corporation)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-02 12:19 - 2018-01-02 12:19 - 000000000 ____D C:\Users\Deoju\Downloads\FRST-OlderVersion
2018-01-02 12:18 - 2018-01-02 12:18 - 025301304 _____ C:\Users\Deoju\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe.part
2018-01-02 12:18 - 2018-01-02 12:18 - 000000000 _____ C:\Users\Deoju\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-31 13:10 - 2018-01-02 12:18 - 000000000 ____D C:\Users\Deoju\Downloads\Daniel Tiger's Neighborhood (PBS Kids) Season 1, Episodes 28-34 [Nanto]
2017-12-31 13:09 - 2018-01-02 12:20 - 000000000 ____D C:\Users\Deoju\Downloads\Daniel Tiger's Neighborhood (PBS Kids) Season 1, Episodes 11-20 [Nanto]
2017-12-31 13:08 - 2018-01-02 12:15 - 000000000 ____D C:\Users\Deoju\Downloads\Daniel Tiger's Neighborhood - Season 1, Episodes 01-10
2017-12-31 13:07 - 2017-12-31 13:07 - 000000000 ____D C:\Users\Deoju\Downloads\Enemy.2013.LIMITED.1080p.BluRay.x264.anoXmous
2017-12-31 12:59 - 2017-12-31 12:59 - 000000000 ____D C:\Users\Deoju\Downloads\Lucy.2014.1080p.BluRay.H264.ACC.5.1.BADASSMEDIA
2017-12-31 12:57 - 2017-12-31 12:57 - 000000000 ____D C:\Users\Deoju\Downloads\Embrace.of.the.Serpent.2015.LIMITED.720p.BluRay.x264-DEPTH
2017-12-31 09:10 - 2017-12-31 10:04 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E06.HDTV.x264-KILLERS[ettv]
2017-12-31 09:10 - 2017-12-31 09:37 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E07.HDTV.x264-KILLERS[ettv]
2017-12-31 09:10 - 2017-12-31 09:16 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E09.HDTV.x264-KILLERS[rarbg]
2017-12-31 09:10 - 2017-12-31 09:15 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E08.HDTV.x264-KILLERS[ettv]
2017-12-28 14:07 - 2017-12-28 14:07 - 000000000 ____D C:\Users\Deoju\Downloads\Calvin Harris - Feels (feat. Pharrell Williams, Katy Perry & Big Sean) Single (2017)
2017-12-26 22:40 - 2017-12-26 22:40 - 000037719 _____ C:\Users\Deoju\Desktop\Compaction Tester Roster - 22 12 17 - Rev3.xlsx
2017-12-23 09:39 - 2017-12-23 09:39 - 000000000 ____D C:\Users\Deoju\Downloads\Shubh.Mangal.Saavdhan.2017.Hindi.720p.HDRip.x264.AC3.-.Hon3y
2017-12-16 13:52 - 2017-12-16 13:52 - 000000000 ____D C:\Users\Deoju\AppData\Local\ElevatedDiagnostics
2017-12-16 13:48 - 2017-12-16 13:48 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2017-12-16 13:48 - 2017-12-16 13:48 - 000000000 ____D C:\Users\Deoju\Documents\My Received Files
2017-12-16 13:46 - 2017-12-16 13:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2017-12-16 13:45 - 2017-12-16 13:45 - 000000267 _____ C:\Users\Deoju\BullseyeCoverageError.txt
2017-12-16 13:45 - 2016-07-07 11:26 - 000584392 _____ C:\Windows\system32\Drivers\370c1206001a260f00.sfi
2017-12-16 13:45 - 2016-07-07 11:26 - 000584392 _____ C:\Windows\system32\Drivers\020c000600441b1000.sfi
2017-12-16 13:45 - 2016-07-07 11:26 - 000554968 _____ C:\Windows\system32\Drivers\000c000600441b1000.sfi
2017-12-16 13:45 - 2016-07-07 11:26 - 000030192 _____ C:\Windows\system32\Drivers\ffffffffffffffff00.sfi
2017-12-16 13:45 - 2016-07-07 11:18 - 000586268 _____ C:\Windows\system32\Drivers\370b12060002340e00.sfi
2017-12-16 13:45 - 2016-07-07 11:18 - 000009504 _____ C:\Windows\system32\Drivers\370b12060002340e00_selftest.sfi
2017-12-16 13:45 - 2016-07-07 11:15 - 000601758 _____ C:\Windows\system32\Drivers\370c1206001a260f00.bseq
2017-12-16 13:45 - 2016-07-07 11:15 - 000601758 _____ C:\Windows\system32\Drivers\020c000600441b1000.bseq
2017-12-16 13:45 - 2016-07-07 11:15 - 000571420 _____ C:\Windows\system32\Drivers\000c000600441b1000.bseq
2017-12-16 13:45 - 2016-07-07 11:15 - 000000121 _____ C:\Windows\system32\Drivers\ffffffffffffffff00.bseq
2017-12-16 13:45 - 2016-07-07 11:15 - 000000022 _____ C:\Windows\system32\Drivers\370c122301441b1000.bseq
2017-12-16 13:45 - 2016-07-07 11:15 - 000000018 _____ C:\Windows\system32\Drivers\370c122301441b1000_Android.bseq
2017-12-16 13:45 - 2016-07-07 11:15 - 000000017 _____ C:\Windows\system32\Drivers\020c002301441b1000.bseq
2017-12-16 13:45 - 2016-07-07 11:15 - 000000017 _____ C:\Windows\system32\Drivers\000c002301441b1000.bseq
2017-12-16 13:45 - 2016-07-07 11:06 - 000603689 _____ C:\Windows\system32\Drivers\370b12060002340e00.bseq
2017-12-16 13:45 - 2016-07-07 11:06 - 000009121 _____ C:\Windows\system32\Drivers\370b12060002340e00_selftest.bseq
2017-12-16 13:45 - 2016-07-07 11:06 - 000000057 _____ C:\Windows\system32\Drivers\370b122300261b1000.bseq
2017-12-16 13:45 - 2016-07-07 11:06 - 000000053 _____ C:\Windows\system32\Drivers\370b122300261b1000_Android.bseq
2017-12-16 13:44 - 2017-12-16 13:55 - 223899480 _____ C:\Users\Deoju\Downloads\AW-NB182_BluetoothDriver_Win7_V801356_20170405.zip
2017-12-16 13:44 - 2017-12-16 13:44 - 000000000 ____D C:\Users\Deoju\Downloads\Intel7265-l8260_BluetoothDriver_V1901603630_20170405
2017-12-16 13:42 - 2017-12-16 13:44 - 096600485 _____ C:\Users\Deoju\Downloads\Intel7265-l8260_BluetoothDriver_V1901603630_20170405.zip
2017-12-16 13:35 - 2017-12-16 13:36 - 012644232 _____ (Microsoft Corporation) C:\Users\Deoju\Downloads\drvupdate-x86.exe
2017-12-16 13:25 - 2017-12-16 13:25 - 000000000 ____D C:\Users\Deoju\Downloads\The.Mountain.Between.Us.2017.BRRip.XviD.AC3-EVO
2017-12-10 19:31 - 2017-12-10 19:32 - 048863232 _____ C:\Users\Deoju\Downloads\MiFlashSetup_eng.msi
2017-12-10 19:09 - 2018-01-02 12:15 - 000000000 ____D C:\Users\Deoju\AppData\LocalLow\uTorrent
2017-12-05 19:51 - 2017-12-05 19:51 - 000000000 ____D C:\Users\Deoju\AppData\Roaming\Xiaomi
2017-12-04 17:57 - 2017-12-04 17:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-12-04 17:50 - 2017-12-04 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2017-12-04 17:50 - 2017-12-04 17:50 - 000000000 ____D C:\Program Files (x86)\Minimal ADB and Fastboot
2017-12-04 17:49 - 2017-12-04 17:49 - 000952635 _____ (Sam Rodberg ) C:\Users\Deoju\Downloads\minimal_adb_fastboot_v1.4.2_setup.exe
2017-12-04 17:44 - 2017-12-05 19:41 - 000000000 ____D C:\Users\Deoju\.android
2017-12-04 17:43 - 2017-12-10 19:33 - 000002559 _____ C:\Users\Public\Desktop\XiaoMiFlash.exe.lnk
2017-12-04 17:43 - 2017-12-10 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash
2017-12-04 17:43 - 2017-12-04 17:43 - 000000000 ____D C:\XiaoMi
2017-12-04 17:38 - 2017-12-04 17:42 - 032540672 _____ C:\Users\Deoju\Downloads\MiFlashSetup.msi
2017-12-04 17:37 - 2017-12-04 17:37 - 001381582 _____ (Igor Pavlov) C:\Users\Deoju\Downloads\7z1604-x64.exe
2017-12-04 17:34 - 2017-12-10 19:31 - 000000000 ____D C:\Users\Deoju\Downloads\mi5
2017-12-04 17:18 - 2017-12-04 17:18 - 000000000 ____D C:\Users\Deoju\Downloads\The.Foreigner.2017.1080p.HC.HDRip.X264.AC3-EVO[EtHD]
2017-12-04 10:15 - 2017-12-04 10:46 - 1301782192 _____ C:\Users\Deoju\Downloads\miui_MI5Global_V9.1.1.0.NAAMIEI_c91be5fdc5_7.0.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-02 12:20 - 2017-11-29 20:17 - 000021683 _____ C:\Users\Deoju\Downloads\FRST.txt
2018-01-02 12:20 - 2017-11-29 20:14 - 000000000 ____D C:\FRST
2018-01-02 12:20 - 2017-10-24 08:04 - 000000000 _____ C:\ProgramData\srtf.dat
2018-01-02 12:20 - 2017-09-15 06:58 - 000000000 ____D C:\Users\Deoju\AppData\Roaming\uTorrent
2018-01-02 12:19 - 2017-11-29 20:12 - 002393088 _____ (Farbar) C:\Users\Deoju\Downloads\FRST64.exe
2018-01-02 12:19 - 2017-10-24 08:09 - 000000176 _____ C:\ProgramData\sxk.3zya
2018-01-02 12:19 - 2009-07-14 16:13 - 000783598 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-02 12:19 - 2009-07-14 14:20 - 000000000 ____D C:\Windows\inf
2018-01-02 12:16 - 2017-09-15 07:20 - 000000000 ____D C:\Users\Deoju\AppData\LocalLow\Mozilla
2018-01-02 12:15 - 2017-10-24 12:36 - 000000000 ____D C:\Users\Deoju\AppData\Roaming\Skype
2018-01-02 12:15 - 2017-09-15 06:50 - 000000000 __SHD C:\Users\Deoju\IntelGraphicsProfiles
2018-01-02 12:15 - 2009-07-14 15:45 - 000023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-02 12:15 - 2009-07-14 15:45 - 000023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-02 12:14 - 2009-07-14 16:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-02 12:13 - 2017-11-22 19:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-02 12:13 - 2017-11-22 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-02 12:13 - 2017-09-15 07:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-31 11:17 - 2017-11-22 19:15 - 000000000 ____D C:\Users\Deoju\Downloads\American.Assassin.2017.1080p.WEB-DL.DD5.1.H264-FGT
2017-12-31 09:07 - 2017-09-14 07:07 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-12-16 13:45 - 2017-09-14 06:54 - 000000000 ____D C:\Program Files (x86)\Intel
2017-12-16 13:45 - 2017-09-14 06:50 - 000000000 ____D C:\Users\Deoju
2017-12-04 17:06 - 2017-11-07 15:21 - 000000000 ____D C:\Users\Deoju\Desktop\Photos

==================== Files in the root of some directories =======

2017-10-24 08:04 - 2018-01-02 12:20 - 000000000 _____ () C:\ProgramData\srtf.dat
2017-10-24 08:06 - 2017-10-24 08:06 - 001895382 _____ () C:\Users\Deoju\AppData\Local\Donbam.bin
2017-10-24 08:04 - 2017-10-24 08:04 - 000140800 _____ () C:\Users\Deoju\AppData\Local\installer.dat
2017-10-24 08:05 - 2017-10-24 08:05 - 000278510 _____ () C:\Users\Deoju\AppData\Local\Kon-Dom.bin

Some files in TEMP:
====================
2017-10-24 08:04 - 2017-10-24 08:04 - 004029848 _____ (Easeware                                                    ) C:\Users\Deoju\AppData\Local\Temp\274F.tmp.exe
2017-10-24 11:02 - 2017-10-24 11:02 - 000391680 _____ () C:\Users\Deoju\AppData\Local\Temp\BAE5.tmp.exe
2017-12-16 13:45 - 2017-12-16 13:45 - 000007224 _____ () C:\Users\Deoju\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-10-24 07:41 - 2017-10-24 07:41 - 000020480 _____ (Company SR aSRONIMICAL) C:\Users\Deoju\AppData\Local\Temp\capi.exe
2017-10-24 07:50 - 2017-10-24 07:50 - 000016384 _____ (LPD Corporation Vegas) C:\Users\Deoju\AppData\Local\Temp\cuinsta.exe
2017-10-24 08:06 - 2017-10-24 08:06 - 001527488 _____ (Microsoft Corporation) C:\Users\Deoju\AppData\Local\Temp\dbghelp.dll
2017-10-24 08:04 - 2017-10-24 08:04 - 000097280 _____ () C:\Users\Deoju\AppData\Local\Temp\DriverEasySetup.exe
2017-10-24 07:13 - 2017-10-24 07:13 - 010990912 _____ (Fortinet Inc.) C:\Users\Deoju\AppData\Local\Temp\FortiClientOfflineVirusCleaner.exe
2017-10-24 07:41 - 2017-10-24 07:41 - 002765211 _____ () C:\Users\Deoju\AppData\Local\Temp\golm.exe
2017-10-24 08:04 - 2017-10-24 08:04 - 000651753 _____ (kavMdBE1a6acV7fo1YTR                                        ) C:\Users\Deoju\AppData\Local\Temp\installer.exe
2017-09-20 20:21 - 2017-09-20 20:21 - 000707872 _____ (IT Genius) C:\Users\Deoju\AppData\Local\Temp\lTrVNMN5-prog.exe
2017-10-24 08:04 - 2017-10-24 08:04 - 001628672 _____ () C:\Users\Deoju\AppData\Local\Temp\mstools.exe
2017-10-24 08:04 - 2017-10-24 08:04 - 004369560 _____ (OneSystemCare                                               ) C:\Users\Deoju\AppData\Local\Temp\OneSystemCare.exe
2017-10-24 07:40 - 2017-10-24 10:59 - 001792071 _____ () C:\Users\Deoju\AppData\Local\Temp\pi.exe
2017-10-24 08:03 - 2017-10-24 08:04 - 000853504 _____ () C:\Users\Deoju\AppData\Local\Temp\Setup.exe
2017-10-24 08:06 - 2017-10-24 08:06 - 000167616 _____ (Microsoft Corporation) C:\Users\Deoju\AppData\Local\Temp\symsrv.dll
2017-10-24 12:01 - 2017-10-24 12:01 - 000046924 _____ () C:\Users\Deoju\AppData\Local\Temp\tu17p84.exe
2017-10-24 08:04 - 2017-10-24 08:04 - 001199825 _____ () C:\Users\Deoju\AppData\Local\Temp\unins000.exe
2017-10-24 08:04 - 2017-10-24 08:04 - 000770629 _____ (VideoBox                                                    ) C:\Users\Deoju\AppData\Local\Temp\vbd.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2017-12-31 09:41

==================== End of FRST.txt ============================

 

Addition Logs:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.01.2018
Ran by Deoju (02-01-2018 12:20:51)
Running from C:\Users\Deoju\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-09-13 19:50:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4011747869-3376587157-4062081269-500 - Administrator - Disabled)
Deoju (S-1-5-21-4011747869-3376587157-4062081269-1000 - Administrator - Enabled) => C:\Users\Deoju
Guest (S-1-5-21-4011747869-3376587157-4062081269-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
FLAC To MP3 V4.0.4 (HKLM-x32\...\FLAC To MP3_is1) (Version:  - FLAC To MP3, Inc.)
FortiClient (HKLM\...\{D31863C4-DE3E-4430-92F6-9BC6B296E9BF}) (Version: 5.6.0.1075 - Fortinet Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4508 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 19.1.1627.3533) (HKLM\...\{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0630 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{25779f5d-6b0a-4e11-89e8-441b93c6ce2b}) (Version: 19.10.0 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KMSpico v9.3.3 (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: 9.3.2 - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
Mozilla Firefox 57.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.3 (x64 en-US)) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.67 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.67 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.2.1 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.2 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7950 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files (x86)\Fortinet\FortiClient\FortiCliSh64.Dll [2017-06-15] (Fortinet Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-09-15] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-01-16] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [FortiClient] -> {1935F098-AF3C-4AFC-ADA2-12C74B452DF1} => C:\Program Files (x86)\Fortinet\FortiClient\FortiCliSh64.Dll [2017-06-15] (Fortinet Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15ABFA99-D441-425C-BCE7-C0034CF6B6C1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {32EDBD0C-CF52-4576-8320-F5CE93918269} - System32\Tasks\{EC5447B8-DA5F-4237-9187-70C493B3610D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {5B06634C-3AEF-4823-8211-ECC02B73FB36} - System32\Tasks\AutoPico Daily Restart => C:\Users\Deoju\Downloads\KMSpico [Argument = v9.3.3 Activator For Windows and Office Full\KMSpico v9.3.3 Activator For Windows and Office Full\KMSpico Portable\AutoPico.exe /silent]
Task: {7DFC5036-FB09-4C0E-9B34-06A9CDDDB0D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B1E02293-6204-4A50-919F-E451D6B95723} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => C:\\Users\\Deoju\\AppData\\Roaming\\ReportErr\\mgrerr.exe
Task: {CFCD3CDD-5A81-45B9-A028-445D156F0D83} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {FF3FDBA4-22F0-4833-85F5-85F09561A9D5} - System32\Tasks\DICOM Lass Rebuilder => C:\Windows\system32\rundll32.exe "C:\Program Files\DICOM Lass Rebuilder\DICOM Lass Rebuilder.dll",JGOQpAfxWu <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk -> C:\Users\Deoju\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk -> C:\Users\Deoju\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2017-09-15 07:05 - 2017-09-13 15:38 - 000018880 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-09-15 07:08 - 2017-01-16 10:55 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-10-24 08:04 - 2017-10-24 08:04 - 001628672 _____ () C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe
2017-03-07 20:04 - 2017-03-07 20:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-09-14 07:07 - 2017-03-07 20:15 - 000824592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-09-14 07:07 - 2017-03-07 20:18 - 001981712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-09-14 07:07 - 2017-03-07 20:10 - 000248080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-09-14 07:07 - 2017-03-07 20:09 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-09-14 07:07 - 2017-03-07 20:10 - 000175376 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-09-14 07:07 - 2017-03-07 20:09 - 000204048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-09-14 07:07 - 2017-03-07 20:08 - 000337680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-09-14 07:07 - 2017-03-07 20:05 - 000148240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-09-14 07:07 - 2017-03-07 20:05 - 000178448 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_acdc_setting_input.dll
2017-09-14 07:07 - 2017-03-07 20:10 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-09-14 07:07 - 2017-03-07 20:06 - 000229648 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-09-14 07:07 - 2017-03-07 20:07 - 000225040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-09-14 07:07 - 2017-03-07 20:05 - 000212752 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-09-14 07:07 - 2017-03-07 20:07 - 000220432 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2017-06-15 12:46 - 2017-06-15 12:46 - 000557376 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2017-09-15 07:05 - 2017-09-13 15:38 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2016-09-14 21:25 - 2016-09-14 21:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2017-10-24 08:04 - 000001832 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 bratitlamio.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 wizzmonetize.com
127.0.0.1 laserveradedomaina.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deoju\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C076DA85-7A24-4C0A-AF44-678C92240809}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D682DB54-A487-48A2-B3B9-E08331EC442C}] => (Allow) C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{787D9BC3-4EEE-48BB-8BF4-A3629D9E1A46}] => (Allow) C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD825649-4843-437D-B946-9E85FAB5A275}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B59E314A-0D13-4963-BE54-8F6AA24FBEC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{15A7B24A-35A9-4C0C-8136-86F754D83CF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{93B19E7A-4CB0-463D-88F2-DE9C615DC4D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF996484-2EAA-4EC1-B1EA-A8CCDB0B8FE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0C8A7297-18A0-4D62-A5A8-2140D47D2AF7}] => (Allow) C:\Program Files\Windows KMS Activator Ultimate 2017 v3.4\Windows KMS Activator Ultimate 2017 v3.4.exe
FirewallRules: [{7E9E7592-367F-4C12-AA6C-F0641465933C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E78074C6-D136-4417-A401-563FB0A50612}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{D53919CA-1878-4741-A567-8228414EEDC9}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{9918655E-4532-4A9D-BC95-51DCF87CD6D4}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{D6EFB608-8B40-4103-87B0-CAB88CC8E6E0}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{3DF15BBB-6201-453A-A999-606A0D4C6FA6}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe
FirewallRules: [{D0024770-407E-4BBF-8B6F-D54A6A654786}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{05D8F623-586C-4475-BB5D-F83ED2DA2B76}] => (Allow) C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{FBBBDFDC-5C13-4D8A-82A0-AA64A87AD91E}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{BDA73EC1-01C5-485B-B046-0BEC70F1FFF2}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{E587A62A-1795-4544-B3D0-2F5224F3455C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{797AE4B0-CF98-4C7F-B920-4AD92D14F60C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{9A550C34-BBE4-434A-85A3-0C930B40A92A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EFE161B5-3FC6-4673-B620-18D17E733B61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CE8D959D-4D54-4BEF-AFBF-12FED461069F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FCA13E2C-7D1C-4201-A5A7-2E0E373E84D4}] => (Allow) LPort=1688
FirewallRules: [{F4B8F1A8-31E8-4B39-9397-C2435EC444AB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{42360ACE-1D03-44B4-B2D7-646B5468E188}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

==================== Restore Points =========================

16-12-2017 13:45:23 Installed Intel(R) Wireless Bluetooth(R)
31-12-2017 09:48:56 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2018 12:15:04 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6VJVD
ACID=?
Detailed Error[?]

Error: (01/02/2018 12:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/31/2017 10:03:56 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/31/2017 09:16:46 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6VJVD
ACID=?
Detailed Error[?]

Error: (12/31/2017 09:06:50 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6VJVD
ACID=?
Detailed Error[?]

Error: (12/31/2017 09:06:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/28/2017 08:45:49 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6VJVD
ACID=?
Detailed Error[?]

Error: (12/28/2017 08:45:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/28/2017 02:03:25 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6VJVD
ACID=?
Detailed Error[?]

Error: (12/28/2017 01:53:39 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6VJVD
ACID=?
Detailed Error[?]


System errors:
=============
Error: (01/02/2018 12:16:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/31/2017 01:11:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (12/31/2017 12:47:57 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (12/31/2017 12:47:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/31/2017 12:47:55 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (12/31/2017 09:17:54 AM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (ac:c1:ee:12:52:9c) failed.

Error: (12/31/2017 09:09:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/28/2017 08:53:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.

Error: (12/28/2017 08:47:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/28/2017 08:47:40 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 8061.17 MB
Available physical RAM: 3937.89 MB
Total Virtual: 16120.53 MB
Available Virtual: 11806.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:373.11 GB) (Free:225.53 GB) NTFS
Drive d: () (Fixed) (Total:558.31 GB) (Free:544.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B02C5C56)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=373.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=558.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Alright, follow the instructions below.

LdH4gmf.pngGoogle Chrome - Remove Extension/App

  • In Google Chrome, enter chrome://extensions in the address bar and press on Enter
  • In the Extensions page, uninstall these (by clicking on the little garbage can icon on their right)
    • Quick Searcher
  • If you don't see the extension listed, it means that it's installed as an App. So enter chrome://apps in the address bar and press on Enter
  • From the Apps page, look for the app, right-click on it and select Remove from Chrome

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

I couldnt find quick searcher, however here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Deoju (03-01-2018 19:19:25) Run:1
Running from C:\Users\Deoju\Downloads
Loaded Profiles: Deoju (Available Profiles: Deoju)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

DeleteKey: HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION

SearchScopes: HKLM-x32 -> DefaultScope value is missing

CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch"

R2 httpSocketSvc_4186786; C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe [1628672 2017-10-24] () [File not signed]
S3 mdareDriver_62; C:\Users\Deoju\AppData\Local\Temp\FCPreScan\mdare64_62.sys [105344 2017-10-24] (Fortinet Inc.) <==== ATTENTION

nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

Task: {32EDBD0C-CF52-4576-8320-F5CE93918269} - System32\Tasks\{EC5447B8-DA5F-4237-9187-70C493B3610D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {B1E02293-6204-4A50-919F-E451D6B95723} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => C:\\Users\\Deoju\\AppData\\Roaming\\ReportErr\\mgrerr.exe
Task: {FF3FDBA4-22F0-4833-85F5-85F09561A9D5} - System32\Tasks\DICOM Lass Rebuilder => C:\Windows\system32\rundll32.exe "C:\Program Files\DICOM Lass Rebuilder\DICOM Lass Rebuilder.dll",JGOQpAfxWu <==== ATTENTION

FirewallRules: [{05D8F623-586C-4475-BB5D-F83ED2DA2B76}] => (Allow) C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe

C:\Program Files\DICOM Lass Rebuilder
C:\ProgramData\httpSocket
C:\ProgramData\srtf.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk
C:\Users\Deoju\AppData\Local\Donbam.bin
C:\Users\Deoju\AppData\Local\installer.dat
C:\Users\Deoju\AppData\Local\Kon-Dom.bin
C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha
C:\Users\Deoju\AppData\Roaming\Browsers
C:\Users\Deoju\AppData\Roaming\EpicNet Inc
C:\Users\Deoju\AppData\Roaming\ReportErr

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\System\CurrentControlSet\Services\httpSocketSvc_4186786" => removed successfully
httpSocketSvc_4186786 => service removed successfully
"HKLM\System\CurrentControlSet\Services\mdareDriver_62" => removed successfully
mdareDriver_62 => service removed successfully

=========================  bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32EDBD0C-CF52-4576-8320-F5CE93918269} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32EDBD0C-CF52-4576-8320-F5CE93918269}" => removed successfully
C:\Windows\System32\Tasks\{EC5447B8-DA5F-4237-9187-70C493B3610D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC5447B8-DA5F-4237-9187-70C493B3610D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1E02293-6204-4A50-919F-E451D6B95723}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1E02293-6204-4A50-919F-E451D6B95723}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ReportErr" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FF3FDBA4-22F0-4833-85F5-85F09561A9D5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF3FDBA4-22F0-4833-85F5-85F09561A9D5}" => removed successfully
C:\Windows\System32\Tasks\DICOM Lass Rebuilder => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DICOM Lass Rebuilder" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05D8F623-586C-4475-BB5D-F83ED2DA2B76}" => removed successfully
C:\Program Files\DICOM Lass Rebuilder => moved successfully
C:\ProgramData\httpSocket => moved successfully
C:\ProgramData\srtf.dat => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk => moved successfully
C:\Users\Deoju\AppData\Local\Donbam.bin => moved successfully
C:\Users\Deoju\AppData\Local\installer.dat => moved successfully
C:\Users\Deoju\AppData\Local\Kon-Dom.bin => moved successfully
C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha => moved successfully
"C:\Users\Deoju\AppData\Roaming\Browsers" => not found
"C:\Users\Deoju\AppData\Roaming\EpicNet Inc" => not found
C:\Users\Deoju\AppData\Roaming\ReportErr => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69744947 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 85414744 B
Edge => 0 B
Chrome => 34675411 B
Firefox => 27465348 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 65960 B
LocalService => 132244 B
NetworkService => 95610 B
Deoju => 935046183 B

RecycleBin => 3286912220 B
EmptyTemp: => 4.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:20:32 ====

 

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.