bikesh Posted December 26, 2017 ID:1194600 Share Posted December 26, 2017 Hi, When I open my Internet Browser, it opens numerous tabs. Currently I am using AdwareBlockPlus to block it. But I would definitely need a help on this, thanks. Link to post Share on other sites More sharing options...
Aura Posted December 29, 2017 ID:1195360 Share Posted December 29, 2017 Hi bikesh My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content. https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
bikesh Posted January 2, 2018 Author ID:1195832 Share Posted January 2, 2018 FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2018 Ran by Deoju (administrator) on DEOJU-PC (02-01-2018 12:20:02) Running from C:\Users\Deoju\Downloads Loaded Profiles: Deoju (Available Profiles: Deoju) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (FortiClient System Helper) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (BitTorrent Inc.) C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (BitTorrent Inc.) C:\Users\Deoju\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe (BitTorrent Inc.) C:\Users\Deoju\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8916488 2017-09-15] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-02] (Adobe Systems Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\Run: [uTorrent] => C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.) HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.) HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170872 2017-09-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2017-09-13] (NVIDIA Corporation) GroupPolicy: Restriction - Chrome <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{594A38D6-1300-4FE0-984C-F48392EE3C0A}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{73DC59FE-8A2E-41EA-A106-3F69C12F1C54}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{90A1F769-C9AC-4D3A-A78D-3E5D245E7E2F}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{90A1F769-C9AC-4D3A-A78D-3E5D245E7E2F}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{D6FC89FB-AF90-4280-9859-4D3AD50BC31A}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{F3D87FE8-8D76-4FCF-98C5-FCC8A9395908}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{F9BED216-CC4A-4158-B0AF-83FF5E552CE9}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-15] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-15] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: f8k0iw6o.default-1511337893198 FF ProfilePath: C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198 [2018-01-02] FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198\Extensions\browsec@browsec.com.xpi [2017-11-23] FF Extension: (Adblock Plus) - C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14] FF Extension: (Disable Crash Auto Submit) - C:\Users\Deoju\AppData\Roaming\Mozilla\Firefox\Profiles\f8k0iw6o.default-1511337893198\features\{a9cae43a-ff83-45c8-b27d-1ebe58154d70}\disable-crash-autosubmit@mozilla.org.xpi [2017-12-31] [Legacy] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-15] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2017-06-15] (Fortinet Inc.) FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2017-06-15] (Fortinet Inc.) FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2017-06-15] (Fortinet Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-02] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch" CHR Profile: C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default [2017-11-05] CHR Extension: (Slides) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24] CHR Extension: (Docs) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24] CHR Extension: (Google Drive) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-14] CHR Extension: (YouTube) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-14] CHR Extension: (Adobe Acrobat) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-05] CHR Extension: (Sheets) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24] CHR Extension: (Tables) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-10-24] CHR Extension: (Google Docs Offline) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-14] CHR Extension: (Quick Searcher) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-10-24] CHR Extension: (Gmail) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-14] CHR Extension: (Chrome Media Router) - C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-24] CHR HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel) R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [127296 2017-06-15] (Fortinet Inc.) R2 httpSocketSvc_4186786; C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe [1628672 2017-10-24] () [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172152 2016-08-12] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [324560 2017-09-15] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] () R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed] R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] () S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-09-15] () R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87528 2015-10-13] (Motorola Solutions, Inc.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-27] (Motorola Solutions, Inc.) S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2017-06-15] (Fortinet Inc) R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2014-12-11] (Fortinet Inc) S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2017-06-15] (Fortinet Inc) S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2017-06-15] (Fortinet Inc) R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [72272 2017-06-15] (Fortinet Inc) S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [85072 2017-06-15] (Fortinet Inc) R3 ftsvnic; C:\Windows\System32\DRIVERS\ftsvnic.sys [66600 2017-04-24] (Fortinet Inc.) R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-20] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [357648 2016-07-13] (Intel Corporation) S3 mdareDriver_62; C:\Users\Deoju\AppData\Local\Temp\FCPreScan\mdare64_62.sys [105344 2017-10-24] (Fortinet Inc.) <==== ATTENTION R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2016-09-06] (Intel Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw04.sys [3498248 2016-08-25] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-09-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-09-13] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-09-13] (NVIDIA Corporation) R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [54344 2016-03-29] (Fortinet Inc.) R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-02 12:19 - 2018-01-02 12:19 - 000000000 ____D C:\Users\Deoju\Downloads\FRST-OlderVersion 2018-01-02 12:18 - 2018-01-02 12:18 - 025301304 _____ C:\Users\Deoju\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe.part 2018-01-02 12:18 - 2018-01-02 12:18 - 000000000 _____ C:\Users\Deoju\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe 2017-12-31 13:10 - 2018-01-02 12:18 - 000000000 ____D C:\Users\Deoju\Downloads\Daniel Tiger's Neighborhood (PBS Kids) Season 1, Episodes 28-34 [Nanto] 2017-12-31 13:09 - 2018-01-02 12:20 - 000000000 ____D C:\Users\Deoju\Downloads\Daniel Tiger's Neighborhood (PBS Kids) Season 1, Episodes 11-20 [Nanto] 2017-12-31 13:08 - 2018-01-02 12:15 - 000000000 ____D C:\Users\Deoju\Downloads\Daniel Tiger's Neighborhood - Season 1, Episodes 01-10 2017-12-31 13:07 - 2017-12-31 13:07 - 000000000 ____D C:\Users\Deoju\Downloads\Enemy.2013.LIMITED.1080p.BluRay.x264.anoXmous 2017-12-31 12:59 - 2017-12-31 12:59 - 000000000 ____D C:\Users\Deoju\Downloads\Lucy.2014.1080p.BluRay.H264.ACC.5.1.BADASSMEDIA 2017-12-31 12:57 - 2017-12-31 12:57 - 000000000 ____D C:\Users\Deoju\Downloads\Embrace.of.the.Serpent.2015.LIMITED.720p.BluRay.x264-DEPTH 2017-12-31 09:10 - 2017-12-31 10:04 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E06.HDTV.x264-KILLERS[ettv] 2017-12-31 09:10 - 2017-12-31 09:37 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E07.HDTV.x264-KILLERS[ettv] 2017-12-31 09:10 - 2017-12-31 09:16 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E09.HDTV.x264-KILLERS[rarbg] 2017-12-31 09:10 - 2017-12-31 09:15 - 000000000 ____D C:\Users\Deoju\Downloads\Prison.Break.S05E08.HDTV.x264-KILLERS[ettv] 2017-12-28 14:07 - 2017-12-28 14:07 - 000000000 ____D C:\Users\Deoju\Downloads\Calvin Harris - Feels (feat. Pharrell Williams, Katy Perry & Big Sean) Single (2017) 2017-12-26 22:40 - 2017-12-26 22:40 - 000037719 _____ C:\Users\Deoju\Desktop\Compaction Tester Roster - 22 12 17 - Rev3.xlsx 2017-12-23 09:39 - 2017-12-23 09:39 - 000000000 ____D C:\Users\Deoju\Downloads\Shubh.Mangal.Saavdhan.2017.Hindi.720p.HDRip.x264.AC3.-.Hon3y 2017-12-16 13:52 - 2017-12-16 13:52 - 000000000 ____D C:\Users\Deoju\AppData\Local\ElevatedDiagnostics 2017-12-16 13:48 - 2017-12-16 13:48 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf 2017-12-16 13:48 - 2017-12-16 13:48 - 000000000 ____D C:\Users\Deoju\Documents\My Received Files 2017-12-16 13:46 - 2017-12-16 13:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf 2017-12-16 13:45 - 2017-12-16 13:45 - 000000267 _____ C:\Users\Deoju\BullseyeCoverageError.txt 2017-12-16 13:45 - 2016-07-07 11:26 - 000584392 _____ C:\Windows\system32\Drivers\370c1206001a260f00.sfi 2017-12-16 13:45 - 2016-07-07 11:26 - 000584392 _____ C:\Windows\system32\Drivers\020c000600441b1000.sfi 2017-12-16 13:45 - 2016-07-07 11:26 - 000554968 _____ C:\Windows\system32\Drivers\000c000600441b1000.sfi 2017-12-16 13:45 - 2016-07-07 11:26 - 000030192 _____ C:\Windows\system32\Drivers\ffffffffffffffff00.sfi 2017-12-16 13:45 - 2016-07-07 11:18 - 000586268 _____ C:\Windows\system32\Drivers\370b12060002340e00.sfi 2017-12-16 13:45 - 2016-07-07 11:18 - 000009504 _____ C:\Windows\system32\Drivers\370b12060002340e00_selftest.sfi 2017-12-16 13:45 - 2016-07-07 11:15 - 000601758 _____ C:\Windows\system32\Drivers\370c1206001a260f00.bseq 2017-12-16 13:45 - 2016-07-07 11:15 - 000601758 _____ C:\Windows\system32\Drivers\020c000600441b1000.bseq 2017-12-16 13:45 - 2016-07-07 11:15 - 000571420 _____ C:\Windows\system32\Drivers\000c000600441b1000.bseq 2017-12-16 13:45 - 2016-07-07 11:15 - 000000121 _____ C:\Windows\system32\Drivers\ffffffffffffffff00.bseq 2017-12-16 13:45 - 2016-07-07 11:15 - 000000022 _____ C:\Windows\system32\Drivers\370c122301441b1000.bseq 2017-12-16 13:45 - 2016-07-07 11:15 - 000000018 _____ C:\Windows\system32\Drivers\370c122301441b1000_Android.bseq 2017-12-16 13:45 - 2016-07-07 11:15 - 000000017 _____ C:\Windows\system32\Drivers\020c002301441b1000.bseq 2017-12-16 13:45 - 2016-07-07 11:15 - 000000017 _____ C:\Windows\system32\Drivers\000c002301441b1000.bseq 2017-12-16 13:45 - 2016-07-07 11:06 - 000603689 _____ C:\Windows\system32\Drivers\370b12060002340e00.bseq 2017-12-16 13:45 - 2016-07-07 11:06 - 000009121 _____ C:\Windows\system32\Drivers\370b12060002340e00_selftest.bseq 2017-12-16 13:45 - 2016-07-07 11:06 - 000000057 _____ C:\Windows\system32\Drivers\370b122300261b1000.bseq 2017-12-16 13:45 - 2016-07-07 11:06 - 000000053 _____ C:\Windows\system32\Drivers\370b122300261b1000_Android.bseq 2017-12-16 13:44 - 2017-12-16 13:55 - 223899480 _____ C:\Users\Deoju\Downloads\AW-NB182_BluetoothDriver_Win7_V801356_20170405.zip 2017-12-16 13:44 - 2017-12-16 13:44 - 000000000 ____D C:\Users\Deoju\Downloads\Intel7265-l8260_BluetoothDriver_V1901603630_20170405 2017-12-16 13:42 - 2017-12-16 13:44 - 096600485 _____ C:\Users\Deoju\Downloads\Intel7265-l8260_BluetoothDriver_V1901603630_20170405.zip 2017-12-16 13:35 - 2017-12-16 13:36 - 012644232 _____ (Microsoft Corporation) C:\Users\Deoju\Downloads\drvupdate-x86.exe 2017-12-16 13:25 - 2017-12-16 13:25 - 000000000 ____D C:\Users\Deoju\Downloads\The.Mountain.Between.Us.2017.BRRip.XviD.AC3-EVO 2017-12-10 19:31 - 2017-12-10 19:32 - 048863232 _____ C:\Users\Deoju\Downloads\MiFlashSetup_eng.msi 2017-12-10 19:09 - 2018-01-02 12:15 - 000000000 ____D C:\Users\Deoju\AppData\LocalLow\uTorrent 2017-12-05 19:51 - 2017-12-05 19:51 - 000000000 ____D C:\Users\Deoju\AppData\Roaming\Xiaomi 2017-12-04 17:57 - 2017-12-04 17:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2017-12-04 17:50 - 2017-12-04 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot 2017-12-04 17:50 - 2017-12-04 17:50 - 000000000 ____D C:\Program Files (x86)\Minimal ADB and Fastboot 2017-12-04 17:49 - 2017-12-04 17:49 - 000952635 _____ (Sam Rodberg ) C:\Users\Deoju\Downloads\minimal_adb_fastboot_v1.4.2_setup.exe 2017-12-04 17:44 - 2017-12-05 19:41 - 000000000 ____D C:\Users\Deoju\.android 2017-12-04 17:43 - 2017-12-10 19:33 - 000002559 _____ C:\Users\Public\Desktop\XiaoMiFlash.exe.lnk 2017-12-04 17:43 - 2017-12-10 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash 2017-12-04 17:43 - 2017-12-04 17:43 - 000000000 ____D C:\XiaoMi 2017-12-04 17:38 - 2017-12-04 17:42 - 032540672 _____ C:\Users\Deoju\Downloads\MiFlashSetup.msi 2017-12-04 17:37 - 2017-12-04 17:37 - 001381582 _____ (Igor Pavlov) C:\Users\Deoju\Downloads\7z1604-x64.exe 2017-12-04 17:34 - 2017-12-10 19:31 - 000000000 ____D C:\Users\Deoju\Downloads\mi5 2017-12-04 17:18 - 2017-12-04 17:18 - 000000000 ____D C:\Users\Deoju\Downloads\The.Foreigner.2017.1080p.HC.HDRip.X264.AC3-EVO[EtHD] 2017-12-04 10:15 - 2017-12-04 10:46 - 1301782192 _____ C:\Users\Deoju\Downloads\miui_MI5Global_V9.1.1.0.NAAMIEI_c91be5fdc5_7.0.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-02 12:20 - 2017-11-29 20:17 - 000021683 _____ C:\Users\Deoju\Downloads\FRST.txt 2018-01-02 12:20 - 2017-11-29 20:14 - 000000000 ____D C:\FRST 2018-01-02 12:20 - 2017-10-24 08:04 - 000000000 _____ C:\ProgramData\srtf.dat 2018-01-02 12:20 - 2017-09-15 06:58 - 000000000 ____D C:\Users\Deoju\AppData\Roaming\uTorrent 2018-01-02 12:19 - 2017-11-29 20:12 - 002393088 _____ (Farbar) C:\Users\Deoju\Downloads\FRST64.exe 2018-01-02 12:19 - 2017-10-24 08:09 - 000000176 _____ C:\ProgramData\sxk.3zya 2018-01-02 12:19 - 2009-07-14 16:13 - 000783598 _____ C:\Windows\system32\PerfStringBackup.INI 2018-01-02 12:19 - 2009-07-14 14:20 - 000000000 ____D C:\Windows\inf 2018-01-02 12:16 - 2017-09-15 07:20 - 000000000 ____D C:\Users\Deoju\AppData\LocalLow\Mozilla 2018-01-02 12:15 - 2017-10-24 12:36 - 000000000 ____D C:\Users\Deoju\AppData\Roaming\Skype 2018-01-02 12:15 - 2017-09-15 06:50 - 000000000 __SHD C:\Users\Deoju\IntelGraphicsProfiles 2018-01-02 12:15 - 2009-07-14 15:45 - 000023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-01-02 12:15 - 2009-07-14 15:45 - 000023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-01-02 12:14 - 2009-07-14 16:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-02 12:13 - 2017-11-22 19:04 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-01-02 12:13 - 2017-11-22 19:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-01-02 12:13 - 2017-09-15 07:08 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-31 11:17 - 2017-11-22 19:15 - 000000000 ____D C:\Users\Deoju\Downloads\American.Assassin.2017.1080p.WEB-DL.DD5.1.H264-FGT 2017-12-31 09:07 - 2017-09-14 07:07 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility 2017-12-16 13:45 - 2017-09-14 06:54 - 000000000 ____D C:\Program Files (x86)\Intel 2017-12-16 13:45 - 2017-09-14 06:50 - 000000000 ____D C:\Users\Deoju 2017-12-04 17:06 - 2017-11-07 15:21 - 000000000 ____D C:\Users\Deoju\Desktop\Photos ==================== Files in the root of some directories ======= 2017-10-24 08:04 - 2018-01-02 12:20 - 000000000 _____ () C:\ProgramData\srtf.dat 2017-10-24 08:06 - 2017-10-24 08:06 - 001895382 _____ () C:\Users\Deoju\AppData\Local\Donbam.bin 2017-10-24 08:04 - 2017-10-24 08:04 - 000140800 _____ () C:\Users\Deoju\AppData\Local\installer.dat 2017-10-24 08:05 - 2017-10-24 08:05 - 000278510 _____ () C:\Users\Deoju\AppData\Local\Kon-Dom.bin Some files in TEMP: ==================== 2017-10-24 08:04 - 2017-10-24 08:04 - 004029848 _____ (Easeware ) C:\Users\Deoju\AppData\Local\Temp\274F.tmp.exe 2017-10-24 11:02 - 2017-10-24 11:02 - 000391680 _____ () C:\Users\Deoju\AppData\Local\Temp\BAE5.tmp.exe 2017-12-16 13:45 - 2017-12-16 13:45 - 000007224 _____ () C:\Users\Deoju\AppData\Local\Temp\BullseyeCoverage-2-x86.dll 2017-10-24 07:41 - 2017-10-24 07:41 - 000020480 _____ (Company SR aSRONIMICAL) C:\Users\Deoju\AppData\Local\Temp\capi.exe 2017-10-24 07:50 - 2017-10-24 07:50 - 000016384 _____ (LPD Corporation Vegas) C:\Users\Deoju\AppData\Local\Temp\cuinsta.exe 2017-10-24 08:06 - 2017-10-24 08:06 - 001527488 _____ (Microsoft Corporation) C:\Users\Deoju\AppData\Local\Temp\dbghelp.dll 2017-10-24 08:04 - 2017-10-24 08:04 - 000097280 _____ () C:\Users\Deoju\AppData\Local\Temp\DriverEasySetup.exe 2017-10-24 07:13 - 2017-10-24 07:13 - 010990912 _____ (Fortinet Inc.) C:\Users\Deoju\AppData\Local\Temp\FortiClientOfflineVirusCleaner.exe 2017-10-24 07:41 - 2017-10-24 07:41 - 002765211 _____ () C:\Users\Deoju\AppData\Local\Temp\golm.exe 2017-10-24 08:04 - 2017-10-24 08:04 - 000651753 _____ (kavMdBE1a6acV7fo1YTR ) C:\Users\Deoju\AppData\Local\Temp\installer.exe 2017-09-20 20:21 - 2017-09-20 20:21 - 000707872 _____ (IT Genius) C:\Users\Deoju\AppData\Local\Temp\lTrVNMN5-prog.exe 2017-10-24 08:04 - 2017-10-24 08:04 - 001628672 _____ () C:\Users\Deoju\AppData\Local\Temp\mstools.exe 2017-10-24 08:04 - 2017-10-24 08:04 - 004369560 _____ (OneSystemCare ) C:\Users\Deoju\AppData\Local\Temp\OneSystemCare.exe 2017-10-24 07:40 - 2017-10-24 10:59 - 001792071 _____ () C:\Users\Deoju\AppData\Local\Temp\pi.exe 2017-10-24 08:03 - 2017-10-24 08:04 - 000853504 _____ () C:\Users\Deoju\AppData\Local\Temp\Setup.exe 2017-10-24 08:06 - 2017-10-24 08:06 - 000167616 _____ (Microsoft Corporation) C:\Users\Deoju\AppData\Local\Temp\symsrv.dll 2017-10-24 12:01 - 2017-10-24 12:01 - 000046924 _____ () C:\Users\Deoju\AppData\Local\Temp\tu17p84.exe 2017-10-24 08:04 - 2017-10-24 08:04 - 001199825 _____ () C:\Users\Deoju\AppData\Local\Temp\unins000.exe 2017-10-24 08:04 - 2017-10-24 08:04 - 000770629 _____ (VideoBox ) C:\Users\Deoju\AppData\Local\Temp\vbd.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION LastRegBack: 2017-12-31 09:41 ==================== End of FRST.txt ============================ Addition Logs: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.01.2018 Ran by Deoju (02-01-2018 12:20:51) Running from C:\Users\Deoju\Downloads Windows 7 Professional Service Pack 1 (X64) (2017-09-13 19:50:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4011747869-3376587157-4062081269-500 - Administrator - Disabled) Deoju (S-1-5-21-4011747869-3376587157-4062081269-1000 - Administrator - Enabled) => C:\Users\Deoju Guest (S-1-5-21-4011747869-3376587157-4062081269-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden . . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden µTorrent (HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology) Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project) FLAC To MP3 V4.0.4 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.) FortiClient (HKLM\...\{D31863C4-DE3E-4430-92F6-9BC6B296E9BF}) (Version: 5.6.0.1075 - Fortinet Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4508 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 19.1.1627.3533) (HKLM\...\{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0630 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{25779f5d-6b0a-4e11-89e8-441b93c6ce2b}) (Version: 19.10.0 - Intel Corporation) Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) KMSpico v9.3.3 (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: 9.3.2 - ) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg) Mozilla Firefox 57.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.3 (x64 en-US)) (Version: 57.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 376.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.67 - NVIDIA Corporation) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Graphics Driver 376.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.67 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.2 - NVIDIA Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7950 - Realtek Semiconductor Corp.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.2.49 - NVIDIA Corporation) Hidden Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files (x86)\Fortinet\FortiClient\FortiCliSh64.Dll [2017-06-15] (Fortinet Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-09-15] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-01-16] (NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [FortiClient] -> {1935F098-AF3C-4AFC-ADA2-12C74B452DF1} => C:\Program Files (x86)\Fortinet\FortiClient\FortiCliSh64.Dll [2017-06-15] (Fortinet Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {15ABFA99-D441-425C-BCE7-C0034CF6B6C1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {32EDBD0C-CF52-4576-8320-F5CE93918269} - System32\Tasks\{EC5447B8-DA5F-4237-9187-70C493B3610D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall Task: {5B06634C-3AEF-4823-8211-ECC02B73FB36} - System32\Tasks\AutoPico Daily Restart => C:\Users\Deoju\Downloads\KMSpico [Argument = v9.3.3 Activator For Windows and Office Full\KMSpico v9.3.3 Activator For Windows and Office Full\KMSpico Portable\AutoPico.exe /silent] Task: {7DFC5036-FB09-4C0E-9B34-06A9CDDDB0D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {B1E02293-6204-4A50-919F-E451D6B95723} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => C:\\Users\\Deoju\\AppData\\Roaming\\ReportErr\\mgrerr.exe Task: {CFCD3CDD-5A81-45B9-A028-445D156F0D83} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation) Task: {FF3FDBA4-22F0-4833-85F5-85F09561A9D5} - System32\Tasks\DICOM Lass Rebuilder => C:\Windows\system32\rundll32.exe "C:\Program Files\DICOM Lass Rebuilder\DICOM Lass Rebuilder.dll",JGOQpAfxWu <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk -> C:\Users\Deoju\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk -> C:\Users\Deoju\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2017-09-15 07:05 - 2017-09-13 15:38 - 000018880 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2017-09-15 07:08 - 2017-01-16 10:55 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-10-24 08:04 - 2017-10-24 08:04 - 001628672 _____ () C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe 2017-03-07 20:04 - 2017-03-07 20:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe 2017-09-14 07:07 - 2017-03-07 20:15 - 000824592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe 2017-09-14 07:07 - 2017-03-07 20:18 - 001981712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll 2017-09-14 07:07 - 2017-03-07 20:10 - 000248080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll 2017-09-14 07:07 - 2017-03-07 20:09 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll 2017-09-14 07:07 - 2017-03-07 20:10 - 000175376 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll 2017-09-14 07:07 - 2017-03-07 20:09 - 000204048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll 2017-09-14 07:07 - 2017-03-07 20:08 - 000337680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll 2017-09-14 07:07 - 2017-03-07 20:05 - 000148240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll 2017-09-14 07:07 - 2017-03-07 20:05 - 000178448 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_acdc_setting_input.dll 2017-09-14 07:07 - 2017-03-07 20:10 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll 2017-09-14 07:07 - 2017-03-07 20:06 - 000229648 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll 2017-09-14 07:07 - 2017-03-07 20:07 - 000225040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll 2017-09-14 07:07 - 2017-03-07 20:05 - 000212752 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll 2017-09-14 07:07 - 2017-03-07 20:07 - 000220432 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll 2017-06-15 12:46 - 2017-06-15 12:46 - 000557376 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll 2017-09-15 07:05 - 2017-09-13 15:38 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll 2016-09-14 21:25 - 2016-09-14 21:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 13:34 - 2017-10-24 08:04 - 000001832 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 wemsofts.com 127.0.0.1 bongadoom.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 internalcampaigntargets.com 127.0.0.1 bongadoom.com 127.0.0.1 getthefilenow.com 127.0.0.1 bigpicturepop.com 127.0.0.1 wizzcaster.com 127.0.0.1 bestoffersfortoday.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 csdimonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 titiaredh.com 127.0.0.1 wepcdisplaysystem.com 127.0.0.1 wepcanalyticsystem.com 127.0.0.1 healthydownload.com 127.0.0.1 leading2download.com 127.0.0.1 dwl0.wizzlabs.com 127.0.0.1 dwl1.wizzlabs.com 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 dl.smashdl.com 127.0.0.1 downloadmyhost.com 127.0.0.1 lapapahoster.com 127.0.0.1 bratitlamio.com 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.wizzuniquify.com 127.0.0.1 wizzmonetize.com 127.0.0.1 laserveradedomaina.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deoju\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{C076DA85-7A24-4C0A-AF44-678C92240809}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{D682DB54-A487-48A2-B3B9-E08331EC442C}] => (Allow) C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{787D9BC3-4EEE-48BB-8BF4-A3629D9E1A46}] => (Allow) C:\Users\Deoju\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DD825649-4843-437D-B946-9E85FAB5A275}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{B59E314A-0D13-4963-BE54-8F6AA24FBEC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{15A7B24A-35A9-4C0C-8136-86F754D83CF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{93B19E7A-4CB0-463D-88F2-DE9C615DC4D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CF996484-2EAA-4EC1-B1EA-A8CCDB0B8FE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0C8A7297-18A0-4D62-A5A8-2140D47D2AF7}] => (Allow) C:\Program Files\Windows KMS Activator Ultimate 2017 v3.4\Windows KMS Activator Ultimate 2017 v3.4.exe FirewallRules: [{7E9E7592-367F-4C12-AA6C-F0641465933C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E78074C6-D136-4417-A401-563FB0A50612}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe FirewallRules: [{D53919CA-1878-4741-A567-8228414EEDC9}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe FirewallRules: [{9918655E-4532-4A9D-BC95-51DCF87CD6D4}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe FirewallRules: [{D6EFB608-8B40-4103-87B0-CAB88CC8E6E0}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe FirewallRules: [{3DF15BBB-6201-453A-A999-606A0D4C6FA6}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe FirewallRules: [{D0024770-407E-4BBF-8B6F-D54A6A654786}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{05D8F623-586C-4475-BB5D-F83ED2DA2B76}] => (Allow) C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe FirewallRules: [{FBBBDFDC-5C13-4D8A-82A0-AA64A87AD91E}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{BDA73EC1-01C5-485B-B046-0BEC70F1FFF2}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{E587A62A-1795-4544-B3D0-2F5224F3455C}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{797AE4B0-CF98-4C7F-B920-4AD92D14F60C}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{9A550C34-BBE4-434A-85A3-0C930B40A92A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{EFE161B5-3FC6-4673-B620-18D17E733B61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{CE8D959D-4D54-4BEF-AFBF-12FED461069F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{FCA13E2C-7D1C-4201-A5A7-2E0E373E84D4}] => (Allow) LPort=1688 FirewallRules: [{F4B8F1A8-31E8-4B39-9397-C2435EC444AB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{42360ACE-1D03-44B4-B2D7-646B5468E188}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ==================== Restore Points ========================= 16-12-2017 13:45:23 Installed Intel(R) Wireless Bluetooth(R) 31-12-2017 09:48:56 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/02/2018 12:15:04 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=6VJVD ACID=? Detailed Error[?] Error: (01/02/2018 12:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/31/2017 10:03:56 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (12/31/2017 09:16:46 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=6VJVD ACID=? Detailed Error[?] Error: (12/31/2017 09:06:50 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=6VJVD ACID=? Detailed Error[?] Error: (12/31/2017 09:06:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/28/2017 08:45:49 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=6VJVD ACID=? Detailed Error[?] Error: (12/28/2017 08:45:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/28/2017 02:03:25 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=6VJVD ACID=? Detailed Error[?] Error: (12/28/2017 01:53:39 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=6VJVD ACID=? Detailed Error[?] System errors: ============= Error: (01/02/2018 12:16:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (12/31/2017 01:11:26 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (12/31/2017 12:47:57 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk1\DR1, has a bad block. Error: (12/31/2017 12:47:55 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (12/31/2017 12:47:55 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk1\DR1, has a bad block. Error: (12/31/2017 09:17:54 AM) (Source: BTHUSB) (EventID: 16) (User: ) Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (ac:c1:ee:12:52:9c) failed. Error: (12/31/2017 09:09:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (12/28/2017 08:53:53 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout. Error: (12/28/2017 08:47:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (12/28/2017 08:47:40 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk1\DR1, has a bad block. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentage of memory in use: 51% Total physical RAM: 8061.17 MB Available physical RAM: 3937.89 MB Total Virtual: 16120.53 MB Available Virtual: 11806.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:373.11 GB) (Free:225.53 GB) NTFS Drive d: () (Fixed) (Total:558.31 GB) (Free:544.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B02C5C56) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=373.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=558.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted January 2, 2018 ID:1195963 Share Posted January 2, 2018 Alright, follow the instructions below. Google Chrome - Remove Extension/App In Google Chrome, enter chrome://extensions in the address bar and press on Enter In the Extensions page, uninstall these (by clicking on the little garbage can icon on their right)Quick Searcher If you don't see the extension listed, it means that it's installed as an App. So enter chrome://apps in the address bar and press on Enter From the Apps page, look for the app, right-click on it and select Remove from Chrome Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
bikesh Posted January 3, 2018 Author ID:1196156 Share Posted January 3, 2018 I couldnt find quick searcher, however here is the log: Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018 Ran by Deoju (03-01-2018 19:19:25) Run:1 Running from C:\Users\Deoju\Downloads Loaded Profiles: Deoju (Available Profiles: Deoju) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: DeleteKey: HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction - Chrome <==== ATTENTION SearchScopes: HKLM-x32 -> DefaultScope value is missing CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hanzbcnbl1bu,76111510-f8a4-4cb5-93ba-5ecf74544574,&vp=ch&prd=set_ch" R2 httpSocketSvc_4186786; C:\ProgramData\httpSocket\httpSocketSvc_4186786.exe [1628672 2017-10-24] () [File not signed] S3 mdareDriver_62; C:\Users\Deoju\AppData\Local\Temp\FCPreScan\mdare64_62.sys [105344 2017-10-24] (Fortinet Inc.) <==== ATTENTION nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION Task: {32EDBD0C-CF52-4576-8320-F5CE93918269} - System32\Tasks\{EC5447B8-DA5F-4237-9187-70C493B3610D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall Task: {B1E02293-6204-4A50-919F-E451D6B95723} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => C:\\Users\\Deoju\\AppData\\Roaming\\ReportErr\\mgrerr.exe Task: {FF3FDBA4-22F0-4833-85F5-85F09561A9D5} - System32\Tasks\DICOM Lass Rebuilder => C:\Windows\system32\rundll32.exe "C:\Program Files\DICOM Lass Rebuilder\DICOM Lass Rebuilder.dll",JGOQpAfxWu <==== ATTENTION FirewallRules: [{05D8F623-586C-4475-BB5D-F83ED2DA2B76}] => (Allow) C:\Users\Deoju\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe C:\Program Files\DICOM Lass Rebuilder C:\ProgramData\httpSocket C:\ProgramData\srtf.dat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk C:\Users\Deoju\AppData\Local\Donbam.bin C:\Users\Deoju\AppData\Local\installer.dat C:\Users\Deoju\AppData\Local\Kon-Dom.bin C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha C:\Users\Deoju\AppData\Roaming\Browsers C:\Users\Deoju\AppData\Roaming\EpicNet Inc C:\Users\Deoju\AppData\Roaming\ReportErr EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKU\S-1-5-21-4011747869-3376587157-4062081269-1000\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "Chrome HomePage" => removed successfully "Chrome StartupUrls" => removed successfully "HKLM\System\CurrentControlSet\Services\httpSocketSvc_4186786" => removed successfully httpSocketSvc_4186786 => service removed successfully "HKLM\System\CurrentControlSet\Services\mdareDriver_62" => removed successfully mdareDriver_62 => service removed successfully ========================= bcdedit ======================== The operation completed successfully. ========= End of bcdedit ========= HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32EDBD0C-CF52-4576-8320-F5CE93918269} => could not remove key. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32EDBD0C-CF52-4576-8320-F5CE93918269}" => removed successfully C:\Windows\System32\Tasks\{EC5447B8-DA5F-4237-9187-70C493B3610D} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC5447B8-DA5F-4237-9187-70C493B3610D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1E02293-6204-4A50-919F-E451D6B95723}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1E02293-6204-4A50-919F-E451D6B95723}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ReportErr" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FF3FDBA4-22F0-4833-85F5-85F09561A9D5}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF3FDBA4-22F0-4833-85F5-85F09561A9D5}" => removed successfully C:\Windows\System32\Tasks\DICOM Lass Rebuilder => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DICOM Lass Rebuilder" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05D8F623-586C-4475-BB5D-F83ED2DA2B76}" => removed successfully C:\Program Files\DICOM Lass Rebuilder => moved successfully C:\ProgramData\httpSocket => moved successfully C:\ProgramData\srtf.dat => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefoх.lnk => moved successfully C:\Users\Deoju\AppData\Local\Donbam.bin => moved successfully C:\Users\Deoju\AppData\Local\installer.dat => moved successfully C:\Users\Deoju\AppData\Local\Kon-Dom.bin => moved successfully C:\Users\Deoju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha => moved successfully "C:\Users\Deoju\AppData\Roaming\Browsers" => not found "C:\Users\Deoju\AppData\Roaming\EpicNet Inc" => not found C:\Users\Deoju\AppData\Roaming\ReportErr => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69744947 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 85414744 B Edge => 0 B Chrome => 34675411 B Firefox => 27465348 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 66228 B systemprofile32 => 65960 B LocalService => 132244 B NetworkService => 95610 B Deoju => 935046183 B RecycleBin => 3286912220 B EmptyTemp: => 4.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:20:32 ==== Link to post Share on other sites More sharing options...
Aura Posted January 3, 2018 ID:1196207 Share Posted January 3, 2018 Can you run a new scan with FRST and provide me the FRST.txt log? Link to post Share on other sites More sharing options...
Aura Posted January 6, 2018 ID:1197287 Share Posted January 6, 2018 Hi bikesh, Are you still with me? Link to post Share on other sites More sharing options...
Aura Posted January 8, 2018 ID:1197982 Share Posted January 8, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts