Jump to content

Need the fixlist.txt file


Jithin

Recommended Posts

Hi Jithin :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after. 

Link to post
Share on other sites

Good! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/17/18
Scan Time: 12:13 AM
Log File: 25e7c948-faed-11e7-bb3e-a81e84462216.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3709
License: Trial

-System Information-
OS: Windows 10 (Build 14393.187)
CPU: x64
File System: NTFS
User: LAPTOP-NLPUVLTR\JITHIN JOHNSON

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308118
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 3 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER, Quarantined, [18], [428246],1.0.3709
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-77407843-3395518398-570394071-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5008], [425124],1.0.3709
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-77407843-3395518398-570394071-1001\CONSOLE\TASKENG.EXE, Quarantined, [5008], [425125],1.0.3709

Registry Value: 7
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|IMAGEPATH, Quarantined, [18], [428246],1.0.3709
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-77407843-3395518398-570394071-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5008], [425124],1.0.3709
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-77407843-3395518398-570394071-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5008], [425126],1.0.3709
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-77407843-3395518398-570394071-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5008], [425125],1.0.3709
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [207], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [207], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-77407843-3395518398-570394071-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Quarantined, [207], [259988],1.0.3709

Registry Data: 4
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-77407843-3395518398-570394071-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replaced, [207], [293485],1.0.3709
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-77407843-3395518398-570394071-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replaced, [207], [293485],1.0.3709
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-77407843-3395518398-570394071-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replaced, [207], [293485],1.0.3709
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-77407843-3395518398-570394071-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replaced, [207], [293486],1.0.3709

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [496], [391425],1.0.3709

File: 10
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [496], [391431],1.0.3709
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [496], [391425],1.0.3709
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [496], [391425],1.0.3709
PUP.Optional.Linkury.ACMB1, C:\USERS\JITHIN JOHNSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ESWQ7ZP.DEFAULT\PREFS.JS, Replaced, [207], [302805],1.0.3709
PUP.Optional.YeaWindows.ShrtCln, C:\USERS\JITHIN JOHNSON\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES, Replaced, [14866], [475778],1.0.3709
PUP.Optional.SystemHealer, C:\USERS\JITHIN JOHNSON\APPDATA\LOCAL\TEMP\IS-8KAMI.TMP\PRWJZA.DLL, Quarantined, [763], [323145],1.0.3709
PUP.Optional.SystemHealer, C:\USERS\JITHIN JOHNSON\APPDATA\LOCAL\TEMP\IS-BAL7F.TMP\PRWJZA.DLL, Quarantined, [763], [323145],1.0.3709
PUP.Optional.LogicHandler, C:\USERS\JITHIN JOHNSON\APPDATA\LOCAL\TEMP\RARSFX0\LOGICHANDLER.EXE, Quarantined, [3437], [24306],1.0.3709
PUP.Optional.Linkury.Generic, C:\USERS\JITHIN JOHNSON\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [1857], [454805],1.0.3709
PUP.Optional.Linkury.Generic, C:\USERS\JITHIN JOHNSON\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1857], [454805],1.0.3709

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Good! Now let's do a sweep with AdwCleaner and RogueKiller.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

Link to post
Share on other sites

25 minutes ago, Jithin said:

# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 19:00:25 2018
# Updated on 2017/21/12 by Malwarebytes 
# Database: 01-15-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Assistant, Plugin found: Amazon Assistant for Firefox - Amazon


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [8300 B] - [2018/1/16 16:35:20]
C:/AdwCleaner/AdwCleaner[C1].txt - [3661 B] - [2018/1/16 16:59:40]
C:/AdwCleaner/AdwCleaner[C2].txt - [1468 B] - [2018/1/16 17:5:18]
C:/AdwCleaner/AdwCleaner[C3].txt - [2266 B] - [2018/1/16 18:0:57]
C:/AdwCleaner/AdwCleaner[S0].txt - [9522 B] - [2018/1/16 16:33:49]
C:/AdwCleaner/AdwCleaner[S1].txt - [3961 B] - [2018/1/16 16:59:14]
C:/AdwCleaner/AdwCleaner[S2].txt - [1302 B] - [2018/1/16 17:4:45]
C:/AdwCleaner/AdwCleaner[S3].txt - [2231 B] - [2018/1/16 17:59:32]


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

Link to post
Share on other sites

10 minutes ago, Aura said:

Good! Now let's do a sweep with AdwCleaner and RogueKiller.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

 

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

 

# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 19:00:48 2018
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

Plugin deleted: Amazon Assistant for Firefox - Amazon


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [8300 B] - [2018/1/16 16:35:20]
C:/AdwCleaner/AdwCleaner[C1].txt - [3661 B] - [2018/1/16 16:59:40]
C:/AdwCleaner/AdwCleaner[C2].txt - [1468 B] - [2018/1/16 17:5:18]
C:/AdwCleaner/AdwCleaner[C3].txt - [2266 B] - [2018/1/16 18:0:57]
C:/AdwCleaner/AdwCleaner[S0].txt - [9522 B] - [2018/1/16 16:33:49]
C:/AdwCleaner/AdwCleaner[S1].txt - [3961 B] - [2018/1/16 16:59:14]
C:/AdwCleaner/AdwCleaner[S2].txt - [1302 B] - [2018/1/16 17:4:45]
C:/AdwCleaner/AdwCleaner[S3].txt - [2231 B] - [2018/1/16 17:59:32]
C:/AdwCleaner/AdwCleaner[S4].txt - [1534 B] - [2018/1/16 19:0:25]


########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt ##########

Link to post
Share on other sites

RogueKiller V12.12.0.0 (x64) [Jan 15 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : JITHIN JOHNSON [Administrator]
Started from : C:\Users\JITHIN JOHNSON\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 01/17/2018 00:36:39 (Duration : 00:25:04)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-77407843-3395518398-570394071-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer17win10.msn.com/?pc=ACTE  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-77407843-3395518398-570394071-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer17win10.msn.com/?pc=ACTE  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-77407843-3395518398-570394071-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-77407843-3395518398-570394071-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[Adw.Eszjuxuan] (X64) HKEY_USERS\S-1-5-21-77407843-3395518398-570394071-1001\Control Panel\Desktop | SCRNSAVE.EXE : C:\ProgramData\DreamScreen\DreamCompress.scr [x] -> Replaced (C:\Windows\system32\logon.scr)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Deleted
[PUP.EpicNet][Folder] C:\Users\JITHIN JOHNSON\AppData\Local\Temp\csrss -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 0eswq7zp.default : user_pref("browser.startup.homepage", "https://encrypted.google.com"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] a76192043a1e80d7ed736a6e138b84e8
[BSP] f3320876f1443a046fb86d026f4e2677 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 133527 MB
3 - Basic data partition | Offset (sectors): 273702912 | Size: 204800 MB
4 - Basic data partition | Offset (sectors): 693133312 | Size: 204800 MB
5 - Basic data partition | Offset (sectors): 1112563712 | Size: 409600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951426560 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
Ran by JITHIN JOHNSON (administrator) on LAPTOP-NLPUVLTR (17-01-2018 01:10:36)
Running from C:\Users\JITHIN JOHNSON\Desktop
Loaded Profiles: JITHIN JOHNSON (Available Profiles: defaultuser0 & JITHIN JOHNSON & Administrator)
Platform: Windows 10 Home Version 1607 14393.187 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki118675.inf_amd64_5fed7e0c7bdc160b\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki118675.inf_amd64_5fed7e0c7bdc160b\IntelCpHDCPSvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki118675.inf_amd64_5fed7e0c7bdc160b\IntelCpHeciSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki118675.inf_amd64_5fed7e0c7bdc160b\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki118675.inf_amd64_5fed7e0c7bdc160b\igfxext.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(acer) C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\OEM\Preload\FubTool\FubTool.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
() C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16695816 2016-08-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [SERVICE] => [X]
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-02-13] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\Run: [RemoteFilesTrayIcon] => C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe [2153760 2017-09-28] (acer)
HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2437920 2017-10-02] (Acer)
HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [56368 2017-10-30] (Locktime Software)
HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\MountPoints2: {28c06390-e58d-11e7-ac88-a81e84462216} - "J:\Setup.exe" 
HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\MountPoints2: {bc9e8a32-cac6-11e7-ac7b-3ca0676cb10e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-77407843-3395518398-570394071-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\logon.scr
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{0ec0c4f7-7d08-42e2-bb1b-857fb54c19d9}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0ec0c4f7-7d08-42e2-bb1b-857fb54c19d9}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{72e82473-218c-482d-b813-f3afc20a6bfd}: [DhcpNameServer] 40.32.1.55

Internet Explorer:
==================
HKU\S-1-5-21-77407843-3395518398-570394071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gfe_rd=cr&dcr=0&ei=ZaVQWsK2J4qjX_3SmpAN&gws_rd=ssl
HKU\S-1-5-21-77407843-3395518398-570394071-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-13] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-13] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0eswq7zp.default
FF ProfilePath: C:\Users\JITHIN JOHNSON\AppData\Roaming\Mozilla\Firefox\Profiles\0eswq7zp.default [2018-01-17]
FF Extension: (English (US) Language Pack) - C:\Users\JITHIN JOHNSON\AppData\Roaming\Mozilla\Firefox\Profiles\0eswq7zp.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-11-16] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\JITHIN JOHNSON\AppData\Roaming\Mozilla\Firefox\Profiles\0eswq7zp.default\Extensions\partnerdefaults@mozilla.com [2017-11-16] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-02-13] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-02-13] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-02-13] [Legacy]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default [2018-01-17]
CHR Extension: (Slides) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-17]
CHR Extension: (Docs) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-17]
CHR Extension: (Google Drive) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-17]
CHR Extension: (YouTube) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-17]
CHR Extension: (Sheets) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-17]
CHR Extension: (Gmail) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-17]
CHR Extension: (Chrome Media Router) - C:\Users\JITHIN JOHNSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-21] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Corporation)
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26608 2016-07-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [332848 2017-10-30] (Locktime Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-05-25] (Microsoft Corporation) [File not signed]
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2016-11-12] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2016-11-12] (Acer Incorporated)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-28] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [217688 2016-08-17] (ELAN Microelectronic Corp.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-11-12] (Acer Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-01-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-01-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-01-17] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R0 nldrv; C:\Windows\System32\drivers\nldrv.sys [178544 2017-10-30] (Locktime Software)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_ad2f6d0758baeff1\nvlddmkm.sys [14249408 2016-10-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-11-12] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-08-04] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 hbqfdftn; \??\C:\Windows\system32\drivers\hbqfdftn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-17 01:10 - 2018-01-17 01:11 - 000018560 _____ C:\Users\JITHIN JOHNSON\Desktop\FRST.txt
2018-01-17 00:36 - 2018-01-17 00:36 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-17 00:34 - 2018-01-17 01:10 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-17 00:28 - 2018-01-17 00:29 - 026907720 _____ (Adlice Software) C:\Users\JITHIN JOHNSON\Desktop\RogueKiller_portable64.exe
2018-01-17 00:11 - 2018-01-17 00:33 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-17 00:11 - 2018-01-17 00:33 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-17 00:11 - 2018-01-17 00:33 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-17 00:11 - 2018-01-17 00:11 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-17 00:11 - 2018-01-17 00:11 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-17 00:11 - 2018-01-17 00:11 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-17 00:11 - 2018-01-17 00:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-17 00:11 - 2018-01-17 00:11 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-17 00:11 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-17 00:08 - 2018-01-17 00:11 - 082263712 _____ (Malwarebytes ) C:\Users\JITHIN JOHNSON\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3699.exe
2018-01-16 23:39 - 2018-01-17 00:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-16 23:39 - 2018-01-16 23:39 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5751740B.sys
2018-01-16 23:38 - 2018-01-17 00:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-16 23:38 - 2018-01-16 23:57 - 000000000 ____D C:\Users\JITHIN JOHNSON\Desktop\mbar
2018-01-16 23:36 - 2018-01-16 23:37 - 014161479 _____ C:\Users\JITHIN JOHNSON\Downloads\mbar-1.10.3.1001-nr.exe
2018-01-16 23:28 - 2018-01-16 23:28 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-16 22:47 - 2018-01-17 01:10 - 000000000 ____D C:\FRST
2018-01-16 22:46 - 2018-01-16 22:47 - 002393088 _____ (Farbar) C:\Users\JITHIN JOHNSON\Desktop\FRST64.exe
2018-01-16 22:44 - 2018-01-16 22:49 - 000056276 _____ C:\Users\JITHIN JOHNSON\Downloads\Addition.txt
2018-01-16 22:41 - 2018-01-16 22:49 - 000042226 _____ C:\Users\JITHIN JOHNSON\Downloads\FRST.txt
2018-01-16 22:09 - 2018-01-16 22:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-01-16 22:01 - 2018-01-17 00:30 - 000000000 ____D C:\AdwCleaner
2018-01-16 21:48 - 2018-01-16 22:13 - 008198432 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_7.0.6.0.exe
2018-01-16 21:47 - 2018-01-16 21:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\CareCenter
2018-01-16 21:46 - 2018-01-16 21:46 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2018-01-16 21:45 - 2018-01-16 21:45 - 000002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-16 21:45 - 2018-01-16 21:45 - 000001329 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2018-01-16 21:45 - 2018-01-16 21:45 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-01-16 21:45 - 2018-01-16 21:45 - 000000000 ____D C:\Users\Administrator\PicStream
2018-01-16 21:45 - 2018-01-16 21:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\clear.fi
2018-01-16 21:45 - 2018-01-16 21:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-01-16 21:45 - 2018-01-16 21:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2018-01-16 21:44 - 2018-01-16 23:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\bx2bz0vmmpe
2018-01-16 21:44 - 2018-01-16 21:46 - 000002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2018-01-16 21:44 - 2018-01-16 21:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-01-16 21:44 - 2018-01-16 21:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-01-16 21:44 - 2018-01-16 21:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\AOP SDK
2018-01-16 21:43 - 2018-01-16 22:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-01-16 21:43 - 2018-01-16 22:06 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-01-16 21:43 - 2018-01-16 22:05 - 000000000 ____D C:\Users\Administrator
2018-01-16 21:43 - 2018-01-16 22:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-01-16 21:43 - 2018-01-16 21:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2018-01-16 21:43 - 2018-01-16 21:43 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-01-16 21:43 - 2018-01-16 21:43 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-01-16 21:43 - 2018-01-16 21:43 - 000000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2018-01-16 21:43 - 2018-01-16 21:43 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2018-01-16 21:35 - 2018-01-16 21:35 - 000001034 _____ C:\Users\JITHIN JOHNSON\Downloads\Remove_local_expired_v2.ps1
2018-01-16 21:27 - 2018-01-16 22:09 - 008198432 _____ (Malwarebytes) C:\Users\JITHIN JOHNSON\Desktop\adwcleaner_7.0.6.0.exe
2018-01-16 19:47 - 2018-01-16 19:47 - 000003254 _____ C:\Windows\System32\Tasks\{335E8D58-89AD-4F71-83CB-52F46E9ED501}
2018-01-16 19:02 - 2018-01-16 23:57 - 000000000 ____D C:\Program Files (x86)\tools
2018-01-16 19:02 - 2018-01-16 19:02 - 000000000 ____D C:\ProgramData\System Native
2018-01-16 19:01 - 2018-01-16 19:01 - 001895384 _____ C:\Users\JITHIN JOHNSON\AppData\Local\Quadlam.bin
2018-01-16 19:00 - 2018-01-16 21:14 - 000000000 ____D C:\Disk
2018-01-16 19:00 - 2018-01-16 19:00 - 000000000 ____D C:\Windat
2018-01-16 18:58 - 2018-01-16 18:58 - 000140800 _____ C:\Users\JITHIN JOHNSON\AppData\Local\installer.dat
2018-01-16 18:58 - 2018-01-16 18:58 - 000003784 _____ C:\Windows\System32\Tasks\updater
2018-01-16 18:58 - 2018-01-16 18:58 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Roaming\System Native
2018-01-16 18:58 - 2018-01-16 18:58 - 000000000 ____D C:\Program Files (x86)\System Native
2018-01-16 18:57 - 2018-01-16 23:57 - 000000000 ____D C:\WinSys
2018-01-16 18:57 - 2018-01-16 21:13 - 000000000 ____D C:\Applications
2018-01-16 18:56 - 2018-01-16 23:31 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-01-16 18:56 - 2018-01-16 18:56 - 000016836 _____ C:\Windows\System32\Tasks\Space Cyber Frame
2018-01-16 18:49 - 2018-01-16 19:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2018-01-16 18:28 - 2018-01-16 18:28 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2018-01-15 19:36 - 2018-01-15 19:36 - 000051617 _____ C:\Windows\uninstaller.dat
2018-01-15 07:38 - 2018-01-15 07:38 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\MediaShow
2018-01-15 07:37 - 2018-01-15 07:38 - 000000000 ____D C:\Users\JITHIN JOHNSON\Documents\CyberLink
2018-01-15 07:37 - 2018-01-15 07:37 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Roaming\CyberLink
2018-01-15 07:37 - 2018-01-15 07:37 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\CyberLink
2018-01-09 17:49 - 2018-01-09 17:49 - 000180145 _____ C:\Users\JITHIN JOHNSON\Downloads\download (4).htm
2018-01-09 17:49 - 2018-01-09 17:49 - 000180145 _____ C:\Users\JITHIN JOHNSON\Downloads\download (3).htm
2018-01-09 17:49 - 2018-01-09 17:49 - 000180145 _____ C:\Users\JITHIN JOHNSON\Downloads\download (2).htm
2018-01-09 17:49 - 2018-01-09 17:49 - 000180145 _____ C:\Users\JITHIN JOHNSON\Downloads\download (1).htm
2018-01-04 22:31 - 2018-01-04 22:31 - 004176494 _____ C:\Users\JITHIN JOHNSON\Documents\TRAIN TICKET.pdf
2018-01-04 19:47 - 2018-01-04 19:47 - 000001026 _____ C:\Users\JITHIN JOHNSON\Desktop\Odin.lnk
2018-01-04 17:43 - 2018-01-04 17:43 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2018-01-04 07:52 - 2014-12-03 07:31 - 001490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2018-01-04 07:52 - 2014-12-03 07:31 - 000708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2018-01-04 07:52 - 2014-12-03 07:31 - 000206104 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2018-01-04 07:52 - 2014-12-03 07:31 - 000110488 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2018-01-04 07:51 - 2018-01-04 07:51 - 000000000 ____D C:\ProgramData\Samsung
2018-01-04 07:51 - 2018-01-04 07:51 - 000000000 ____D C:\Program Files\SAMSUNG
2017-12-31 19:28 - 2018-01-16 19:03 - 000001295 _____ C:\Users\JITHIN JOHNSON\Desktop\Internet Explorer.lnk
2017-12-31 19:27 - 2018-01-17 00:06 - 000004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3DEB940F-4DAE-49FC-805F-D730F8312158}
2017-12-25 18:35 - 2017-12-25 18:35 - 000000000 ____D C:\Users\Public\OEM
2017-12-19 08:14 - 2017-12-19 08:14 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\LocalLow\Adobe
2017-12-19 08:10 - 2017-12-19 08:10 - 000001256 _____ C:\Users\JITHIN JOHNSON\Desktop\Photoshop.lnk
2017-12-19 07:34 - 2017-12-19 07:34 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Roaming\NVIDIA
2017-12-19 07:33 - 2017-12-19 07:33 - 000003670 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-NLPUVLTR-JITHIN JOHNSON
2017-12-19 07:32 - 2017-12-19 07:32 - 000000805 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2017-12-19 07:32 - 2017-12-19 07:32 - 000000000 ____D C:\Users\JITHIN JOHNSON\Documents\Adobe
2017-12-19 07:32 - 2017-12-19 07:32 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-19 07:29 - 2017-12-19 07:29 - 000001615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-12-19 07:28 - 2017-12-19 07:32 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-12-19 07:25 - 2017-12-20 07:59 - 000000000 ____D C:\ProgramData\Adobe
2017-12-19 07:25 - 2017-12-19 07:25 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Roaming\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-17 00:39 - 2017-02-13 09:10 - 001418766 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-17 00:36 - 2017-11-17 17:45 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\CrashDumps
2018-01-17 00:34 - 2017-02-13 10:11 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-17 00:33 - 2017-11-16 17:44 - 000000000 __SHD C:\Users\JITHIN JOHNSON\IntelGraphicsProfiles
2018-01-17 00:33 - 2017-02-13 08:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-17 00:32 - 2016-07-16 11:34 - 000262144 _____ C:\Windows\system32\config\BBI
2018-01-17 00:01 - 2016-07-16 11:34 - 000000000 ____D C:\Program Files\Space Cyber Frame
2018-01-16 23:49 - 2016-07-16 17:06 - 000000000 ____D C:\Windows\CbsTemp
2018-01-16 23:24 - 2017-12-14 19:16 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\Adobe
2018-01-16 22:15 - 2017-12-16 21:59 - 000004212 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-01-16 22:05 - 2017-11-17 15:14 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-16 22:05 - 2017-02-13 10:37 - 000001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-16 22:05 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\AppReadiness
2018-01-16 22:03 - 2016-07-16 17:15 - 000000000 ____D C:\Windows\INF
2018-01-16 21:44 - 2017-02-13 09:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-16 21:21 - 2017-11-17 21:10 - 000000000 ___HD C:\ProgramData\{72725B64-F17C-4EB1-9CF0-3729C6F52EB5}
2018-01-16 21:21 - 2017-11-17 21:09 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\IIIQF
2018-01-16 21:06 - 2017-11-16 19:27 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\Google
2018-01-16 21:04 - 2017-11-16 18:05 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\LocalLow\Mozilla
2018-01-16 19:41 - 2017-11-16 17:42 - 000000000 ____D C:\Users\JITHIN JOHNSON
2018-01-16 19:05 - 2017-12-11 17:11 - 000000000 ____D C:\Windows\Minidump
2018-01-16 18:56 - 2016-07-16 17:17 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-16 18:34 - 2017-02-13 08:54 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-16 17:20 - 2017-11-16 17:44 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\Packages
2018-01-15 07:38 - 2017-02-13 10:41 - 000000000 ____D C:\ProgramData\CyberLink
2018-01-13 13:48 - 2017-11-26 10:06 - 000000000 ____D C:\Users\JITHIN JOHNSON\Documents\GTA San Andreas User Files
2018-01-11 21:03 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\system32\NDF
2018-01-09 18:18 - 2017-02-13 10:11 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-09 07:26 - 2017-12-11 19:07 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-12-11 19:07 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-12-11 19:07 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-01-09 07:26 - 2017-12-11 19:06 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-12-11 19:06 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-12-11 19:06 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-12-11 19:06 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-12-11 19:06 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-12-11 19:06 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-09 07:26 - 2017-02-13 10:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-09 07:26 - 2017-02-13 10:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-04 22:32 - 2017-12-12 17:15 - 000360448 _____ C:\Users\JITHIN JOHNSON\Documents\Database1.accdb
2018-01-04 19:17 - 2017-12-13 20:56 - 000000187 _____ C:\Users\JITHIN JOHNSON\AppData\Local\msmathematics.qat.JITHIN JOHNSON
2018-01-03 21:12 - 2017-11-23 13:42 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\ElevatedDiagnostics
2017-12-28 15:03 - 2017-12-04 14:38 - 000000000 ____D C:\Users\Public\Documents\GTA Vice City User Files
2017-12-25 18:35 - 2017-11-16 17:46 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Local\clear.fi
2017-12-19 23:13 - 2017-12-17 20:04 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Roaming\Audacity
2017-12-19 07:34 - 2017-11-16 17:45 - 000000000 ____D C:\Users\JITHIN JOHNSON\AppData\Roaming\Adobe
2017-12-19 07:31 - 2017-02-13 09:32 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2018-01-16 18:58 - 2018-01-16 18:58 - 000140800 _____ () C:\Users\JITHIN JOHNSON\AppData\Local\installer.dat
2017-12-13 20:56 - 2018-01-04 19:17 - 000000187 _____ () C:\Users\JITHIN JOHNSON\AppData\Local\msmathematics.qat.JITHIN JOHNSON
2018-01-16 19:01 - 2018-01-16 19:01 - 001895384 _____ () C:\Users\JITHIN JOHNSON\AppData\Local\Quadlam.bin
2017-12-08 21:30 - 2017-12-16 22:06 - 000007609 _____ () C:\Users\JITHIN JOHNSON\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-01-17 00:34 - 2017-02-13 08:20 - 001883784 _____ (Microsoft Corporation) C:\Users\JITHIN JOHNSON\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-30 15:38

==================== End of FRST.txt ============================

 

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
Ran by JITHIN JOHNSON (17-01-2018 01:11:31)
Running from C:\Users\JITHIN JOHNSON\Desktop
Windows 10 Home Version 1607 14393.187 (X64) (2017-11-16 12:08:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-77407843-3395518398-570394071-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-77407843-3395518398-570394071-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-77407843-3395518398-570394071-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-77407843-3395518398-570394071-501 - Limited - Disabled)
JITHIN JOHNSON (S-1-5-21-77407843-3395518398-570394071-1001 - Administrator - Enabled) => C:\Users\JITHIN JOHNSON

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3006 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3009 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
eBay Weblink (HKLM-x32\...\{7F3596EF-B661-43EE-A321-AD3C3EB9B525}) (Version: 1.16.0726 - Acer)
ELAN HIDI2C Filter Driver X64 13.6.7.2_WHQL (HKLM\...\Elantech) (Version: 13.6.7.2 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Main Services (HKLM-x32\...\{7C10D314-58A5-4CB6-9E3C-1ADDA652ED0C}) (Version: 1.2.10 - System Native) Hidden <==== ATTENTION
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2053 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
NetLimiter 4 (HKLM\...\{CCEBB3FF-7941-42D6-875C-5321AA54963F}) (Version: 4.0.33.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.33.0) (Version: 4.0.33.0 - Locktime Software)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-02] (Acer Incorporated)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki118675.inf_amd64_5fed7e0c7bdc160b\igfxDTCM.dll [2016-10-06] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-10-02] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {080718AD-2A0A-4E8E-8878-72A02E0B99CE} - System32\Tasks\AmazonAssistantHelper => C:\ProgramData\OEM\Transactional\amazonx@hermes\AmazonX.exe [2017-08-02] ()
Task: {09C70887-71D3-4437-A497-CBC5E07D499F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-17] (Google Inc.)
Task: {11C8FEEC-D55A-42B7-BF1C-9532BDA2A7F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-13] (Microsoft Corporation)
Task: {16382419-F42B-483E-9852-71E8A288EE48} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {226B8EAC-91E1-423B-BBE4-88230A2FC524} - System32\Tasks\Space Cyber Frame => C:\Windows\system32\rundll32.exe "C:\Program Files\Space Cyber Frame\Space Cyber Frame.dll",OzKuRISA <==== ATTENTION
Task: {22E35179-5A31-4B2D-B030-4B0A5AF62763} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
Task: {29890761-C009-4149-8E72-20477AC14E74} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-11-12] (Acer Incorporated)
Task: {2CC6C0A7-C2D2-48B0-BE35-358785BEC011} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {3B204BD4-DC26-4EE5-9A61-4CABACF6AC05} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-11-12] (Acer Incorporated)
Task: {3CEE2FD8-F766-45A7-96DD-FA211ED86606} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {4192A81C-04C2-4957-B19B-764334DF33AF} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-06-25] ()
Task: {492A1407-AD36-41D3-BBDF-2EEC4035BF5A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {51183F53-721B-4FD9-A381-935922306666} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-NLPUVLTR-JITHIN JOHNSON => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {5C29000A-EC4C-4F54-B5C0-0D84652AD0BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-17] (Google Inc.)
Task: {5CAFE2B3-4281-4FA1-BEAA-92EF49ACF6C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
Task: {5F31842C-D3CA-4107-9562-207BEC5E8CEC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {60CCD870-D441-40AB-8421-CE43077495DD} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [2017-03-02] (Acer Incorporated)
Task: {6B31725E-436D-4853-B6A5-93961F195378} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {6E63009A-77D5-4891-AA7E-317663FEA343} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {76A14122-3EB1-436A-95B9-ACD56BA0D849} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-06-25] ()
Task: {7DA3BA5F-FEFA-4828-A741-C119A7DB97CB} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-06-25] ()
Task: {9357A178-46FD-4D31-BF3D-15FE56BA87F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {A7CD48BC-F9B0-4DEB-BAFA-0263E78B7EE2} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [2017-03-02] ()
Task: {A805B48D-D674-4719-9DFF-E6E8E94A1064} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
Task: {A839804F-D42C-463A-B694-34B256130B9D} - System32\Tasks\{335E8D58-89AD-4F71-83CB-52F46E9ED501} => C:\Windows\system32\pcalua.exe -a C:\Windows\rss\csrss.exe -c -uninstall
Task: {A868F6CA-1E03-45D8-ABA5-FBFB23B1B047} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
Task: {B5691DB8-B2D1-4014-95A6-9B240D1B9F42} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {B94A7801-3B03-409D-ABE4-8DFA175F86E5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {BFE705EE-2FE4-4B4D-BCD0-86831D9D0E50} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {C180E859-0AA5-4BD4-87F4-7C3EB83821C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {C8B4A2A5-155E-48DD-93F6-E8399974B354} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {C95F4389-C98F-4C67-A4F0-0A2FFDF78B83} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {CA3A6A24-A3D4-4190-8082-131F094D245A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {D523A4EF-CF81-41EA-AAA8-2C25150307E4} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
Task: {DE8BA6F1-3A1F-4659-BF4B-00C3C00E4578} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {ECED0C2F-9CAD-462E-B21E-550613A497AF} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {F697A5F0-8FD3-4C49-8294-E7E4C09EB134} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-11-12] (Acer Incorporated)
Task: {F77D660A-0269-4FAD-9C50-7CBDD65FBEBE} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-27] (Intel(R) Corporation)
Task: {FCBEC205-12A3-4924-AD82-D343FD2A3719} - System32\Tasks\updater => C:\Program Files (x86)\System Native\Main Services\updater.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\JITHIN JOHNSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxima\Configure default LISP for Maxima.lnk -> C:\maxima-5.38.1\bin\lispselector.bat (No File)
Shortcut: C:\Users\JITHIN JOHNSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxima\Maxima (command line).lnk -> C:\maxima-5.38.1\bin\maxima.bat (No File)
Shortcut: C:\Users\JITHIN JOHNSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxima\XMaxima (simple GUI).lnk -> C:\maxima-5.38.1\bin\xmaxima.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 17:12 - 2016-07-16 17:12 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-02-13 08:19 - 2017-02-13 08:19 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-02-13 10:11 - 2016-10-02 01:23 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 10:25 - 2016-07-13 10:25 - 001299952 _____ () C:\Windows\system32\IntelSSTAPO\ParameterService\libxml2.dll
2017-11-16 19:50 - 2014-08-20 12:57 - 000242256 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2017-12-11 19:06 - 2017-11-16 07:11 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-17 00:11 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-17 00:11 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-02-13 09:10 - 2017-02-13 09:10 - 008919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 000130048 _____ () C:\Windows\SYSTEM32\CHARTV.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 009760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 001401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 002438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-13 08:20 - 2017-02-13 08:20 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-01-13 07:39 - 2018-01-03 14:50 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-13 07:39 - 2018-01-03 14:50 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-02-13 11:30 - 2015-05-14 12:40 - 000030976 _____ () C:\OEM\Preload\FubTool\FubTool.exe
2016-06-25 08:24 - 2016-06-25 08:24 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-03-02 19:18 - 2017-03-02 19:18 - 000479024 _____ () C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
2017-12-11 19:06 - 2017-11-16 07:11 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-12 21:04 - 2017-12-12 21:04 - 000102088 _____ () C:\Users\JITHIN JOHNSON\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-09-28 17:09 - 2017-09-28 17:09 - 000202456 _____ () C:\Program Files (x86)\Acer\abFiles\curllib.dll
2017-09-28 17:09 - 2017-09-28 17:09 - 000119000 _____ () C:\Program Files (x86)\Acer\abFiles\OpenLDAP.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-08-30 13:49 - 2016-08-30 13:49 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-11-17 15:15 - 2017-11-17 15:15 - 000015136 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 12:35 - 2017-09-26 12:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 12:34 - 2017-09-26 12:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 17:17 - 2018-01-16 20:13 - 000013970 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
127.0.0.1    gf.tools.avast.com
127.0.0.1    pair.ff.avast.com
127.0.0.1    ipm-provider.ff.avast.com
127.0.0.1    ipm-provider.ff.avast.com
127.0.0.1    ipm-provider.ff.avast.com
127.0.0.1    id.avast.com
127.0.0.1    v4618535.iavs9x.u.avast.com
127.0.0.1    v4618535.ivps9x.u.avast.com
127.0.0.1    v4618535.ivps9tiny.u.avast.com
127.0.0.1    v4618535.vpsnitro.u.avast.com
127.0.0.1    v4618535.vpsnitrotiny.u.avast.com
127.0.0.1    v4618535.iavs5x.u.avast.com
127.0.0.1    v7.stats.avast.com

There are 349 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-77407843-3395518398-570394071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JITHIN JOHNSON\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a2777978-fbc0-46f9-aca2-ac5594f2ce97}.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-77407843-3395518398-570394071-1001\...\StartupApproved\Run: => "NetLimiter"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ED549741-B610-4CD0-AD35-2817D20072C9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3D0F10C2-8EFD-4033-B2D8-14FF92D1F6C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0CBD7A9-D3A8-4A82-84A5-CAD92C784696}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD93FB38-5B8A-4C39-8CFF-EE1FC6C44C61}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B0F71CE2-9F05-4618-8607-C8ACC9998155}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{66DF227F-B1C2-44C5-97DA-66571B287CF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{D57BEA61-7D1F-43B8-B51E-92ABD132D2DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{33B44182-6DAD-4C38-AEB5-40D6FF8F3C8E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{AD7B0A47-0716-4C6C-AC8D-3F4E176F273E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A487AC15-8991-437A-A0F9-62B959B4C3A9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{E9FC8BB4-EE8B-4502-9077-978579F3C9D4}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{1ABD6DCE-79E5-48AF-B943-AAE43D19BD2A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{DA1DCCF9-3048-44AF-B669-EAB243C4FE3D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{8DABF1FC-C3CA-40AE-BFA4-82AB8AB80C2D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5EED685F-A6D2-4910-91A3-2206F432D3FE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{69AC9F14-0557-43AF-B0BD-BC880773B2CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E4AC9EAD-9293-4D0C-9966-606DECC61221}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{63A77E00-9771-4CAA-A4A3-82632A487A2E}G:\counter strike\czero.exe] => (Block) G:\counter strike\czero.exe
FirewallRules: [UDP Query User{FF21F03A-4921-40A6-88EE-5F36CC1CE822}G:\counter strike\czero.exe] => (Block) G:\counter strike\czero.exe
FirewallRules: [TCP Query User{05861E1A-F53C-410F-8A1C-C1AC273D6833}G:\cs strike\czero.exe] => (Allow) G:\cs strike\czero.exe
FirewallRules: [UDP Query User{8B4D14D8-09C3-4E84-82BE-25DB577EEE51}G:\cs strike\czero.exe] => (Allow) G:\cs strike\czero.exe
FirewallRules: [{2431BCFD-84B9-4096-B558-E247F8C4D3DD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{192F6975-3CC6-4B31-BCFC-BF9B51AE0DBE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{18F92C54-A8F8-4F84-BCB8-B8624C7EF853}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F3667D3E-5C0F-4737-8F1E-CA354D43416F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FAA3E5F4-91A9-40D6-A038-FE7B082CA2F3}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{EBD14C52-C040-49DF-82FF-103574536243}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{4A376D36-0DB2-4BD6-8B70-ADD0E54395CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FAF698C9-9EA9-4700-8AB2-EBFBF07F83FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{956F683B-8963-4DFD-BAA6-7D6DAF70108B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{066DDD7F-CD09-4442-85CA-D813ED701322}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{ED09600C-671B-4E88-A860-2DEEA547DB44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{49ED1BDA-C987-4AEB-B7CB-91BD8B160CBC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7D1AF9A2-4221-4EA5-872F-0C46AC7DB1D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6646D54D-705F-4F77-BF3C-662319E71AB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EA63EFEC-4A7C-4DFA-A591-CC89F4726D60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8259E87-5543-4BA3-9057-C7943CF8CA80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{926E34B0-1B26-4371-9AD8-43C272331E8E}] => (Allow) G:\Photoshop\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{EDFA19EA-8F9F-418B-9C34-8BEBE9F0D1D4}] => (Allow) G:\Photoshop\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{4A26BEAE-6150-4242-81F9-4530DAF66BD6}] => (Allow) G:\Photoshop\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{5C75B962-73A3-44EF-93F4-0A8EB7B53AB9}] => (Allow) G:\Photoshop\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{0B141955-10AE-4C10-A2DB-9D1A5EC2868F}] => (Allow) G:\Photoshop\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{BFE7F2BA-3B0E-4F07-8F16-1D317F6AED51}] => (Allow) G:\Photoshop\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{80D0986B-F7D2-43B9-872A-DDBE8CAF7B45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{988725A7-A7FF-4306-9299-95F6CB3FC5E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AF76D71D-68E1-4327-8B64-B6A35E989520}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{431F4B12-4761-4E45-A4B7-A682F6A84E7E}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{6A446A3D-E4EA-4267-B5FD-ADD57CEC2C0F}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{BA6543EC-9C78-4FCC-AD0C-5D0085834F7F}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{C079AAF3-686A-4471-83E7-26F80EF19073}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

19-12-2017 07:30:59 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-01-2018 21:21:25 Scheduled Checkpoint
16-01-2018 19:53:20 Removed Online Application

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2018 01:01:40 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/17/2018 01:01:40 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/17/2018 01:01:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: NetEventPacketCapture.dll, version: 10.0.14393.0, time stamp: 0x57899b0f
Exception code: 0xc0000005
Fault offset: 0x00000000000161e3
Faulting process id: 0x1568
Faulting application start time: 0x01d38efcba1c7d18
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\system32\wbem\NetEventPacketCapture.dll
Report Id: 1765da95-0f2b-4d6f-8d5b-b54033c357a2
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/17/2018 01:01:20 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/17/2018 01:01:20 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/17/2018 12:36:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LaunchUWPService.exe, version: 1.1.3001.0, time stamp: 0x582c63b6
Faulting module name: KERNELBASE.dll, version: 10.0.14393.187, time stamp: 0x57cf98b1
Exception code: 0xe0434352
Fault offset: 0x000d96c2
Faulting process id: 0x2698
Faulting application start time: 0x01d38efd27b9bf01
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\LaunchUWPService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: e1f3541f-0db2-4ea5-a943-6d313f80fca3
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/17/2018 12:36:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LaunchUWPService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.Windows.Threading.Dispatcher.VerifyAccess()
   at System.Windows.Window.Close()
   at LaunchUWPService.MainWindow+<CallService>d__3.MoveNext()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at LaunchUWPService.MainWindow+<<-ctor>b__1_0>d.MoveNext()

Exception Info: System.AggregateException
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean)
   at System.Threading.Tasks.Task.Wait(Int32, System.Threading.CancellationToken)
   at LaunchUWPService.MainWindow..ctor()

Exception Info: System.Windows.Markup.XamlParseException
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at LaunchUWPService.App.Main()

Error: (01/17/2018 12:36:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 15.2.0.1020, time stamp: 0x57d81123
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x043e4d85
Faulting process id: 0xf04
Faulting application start time: 0x01d38efcf9a70982
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 42da99c9-ae42-4776-adac-59c22345fee5
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/17/2018 12:36:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__12_0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/17/2018 12:23:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LaunchUWPService.exe, version: 1.1.3001.0, time stamp: 0x582c63b6
Faulting module name: KERNELBASE.dll, version: 10.0.14393.187, time stamp: 0x57cf98b1
Exception code: 0xe0434352
Fault offset: 0x000d96c2
Faulting process id: 0x1ca8
Faulting application start time: 0x01d38efb4efd977f
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\LaunchUWPService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: d8d70781-64fa-4bc2-b49a-66cfff82db2d
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (01/17/2018 12:36:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2018 12:33:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/17/2018 12:30:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Experience Improvement Program service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2018 12:30:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2018 12:30:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Quick Access Local Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2018 12:30:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Quick Access Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2018 12:30:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2018 12:30:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/17/2018 12:30:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2018 12:30:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The خدمة "التشغيل الفوري" من Microsoft Office service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2018-01-17 00:11:51.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-16 19:21:12.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\d763a3b411ae49e9c3b3e8229aa0bd4a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-16 19:21:10.322
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\d763a3b411ae49e9c3b3e8229aa0bd4a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-16 18:50:40.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\d763a3b411ae49e9c3b3e8229aa0bd4a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-16 18:50:38.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\d763a3b411ae49e9c3b3e8229aa0bd4a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-22 12:02:13.621
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_ad2f6d0758baeff1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-18 18:18:59.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_ad2f6d0758baeff1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-16 17:33:28.544
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_ad2f6d0758baeff1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-16 08:16:22.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_ad2f6d0758baeff1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-13 21:24:37.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_ad2f6d0758baeff1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 8060.22 MB
Available physical RAM: 4083.52 MB
Total Virtual: 16764.22 MB
Available Virtual: 13785.65 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:130.4 GB) (Free:90.32 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:200 GB) (Free:175.44 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:200 GB) (Free:182.39 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:400 GB) (Free:391.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CD8CDFF6)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

How's your system behaving now? Are there any other issues to address?

fixlist.txt

  • Like 1
Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
Ran by JITHIN JOHNSON (17-01-2018 01:30:54) Run:1
Running from C:\Users\JITHIN JOHNSON\Desktop
Loaded Profiles: JITHIN JOHNSON (Available Profiles: defaultuser0 & JITHIN JOHNSON & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [SERVICE] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION

S1 hbqfdftn; \??\C:\Windows\system32\drivers\hbqfdftn.sys [X]

Task: {226B8EAC-91E1-423B-BBE4-88230A2FC524} - System32\Tasks\Space Cyber Frame => C:\Windows\system32\rundll32.exe "C:\Program Files\Space Cyber Frame\Space Cyber Frame.dll",OzKuRISA <==== ATTENTION
Task: {FCBEC205-12A3-4924-AD82-D343FD2A3719} - System32\Tasks\updater => C:\Program Files (x86)\System Native\Main Services\updater.exe <==== ATTENTION

C:\Applications
C:\Disk
C:\Windat
C:\WinSys
C:\Program Files\Space Cyber Frame
C:\Program Files (x86)\Microsoft Toolkit Final
C:\Program Files (x86)\System Native
C:\Program Files (x86)\tools
C:\ProgramData\System Native
C:\ProgramData\ntuser.pol
C:\Users\JITHIN JOHNSON\AppData\Local\installer.dat
C:\Users\Administrator\AppData\Roaming\bx2bz0vmmpe
C:\Users\JITHIN JOHNSON\AppData\Roaming\System Native
C:\Windows\SECOH-QAD.dll
C:\Windows\uninstaller.dat

Hosts:
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SERVICE" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\hbqfdftn" => removed successfully
hbqfdftn => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{226B8EAC-91E1-423B-BBE4-88230A2FC524} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{226B8EAC-91E1-423B-BBE4-88230A2FC524}" => removed successfully
C:\Windows\System32\Tasks\Space Cyber Frame => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Space Cyber Frame" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCBEC205-12A3-4924-AD82-D343FD2A3719}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCBEC205-12A3-4924-AD82-D343FD2A3719}" => removed successfully
C:\Windows\System32\Tasks\updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updater" => removed successfully
C:\Applications => moved successfully
C:\Disk => moved successfully
C:\Windat => moved successfully
C:\WinSys => moved successfully
C:\Program Files\Space Cyber Frame => moved successfully
C:\Program Files (x86)\Microsoft Toolkit Final => moved successfully
C:\Program Files (x86)\System Native => moved successfully
C:\Program Files (x86)\tools => moved successfully
C:\ProgramData\System Native => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\Users\JITHIN JOHNSON\AppData\Local\installer.dat => moved successfully
C:\Users\Administrator\AppData\Roaming\bx2bz0vmmpe => moved successfully
C:\Users\JITHIN JOHNSON\AppData\Roaming\System Native => moved successfully
C:\Windows\SECOH-QAD.dll => moved successfully
C:\Windows\uninstaller.dat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 110292 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47750033 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 1562890 B
Edge => 14559 B
Chrome => 93410867 B
Firefox => 4627252 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 50054 B
systemprofile32 => 128 B
LocalService => 5742 B
NetworkService => 128 B
defaultuser0 => 272487 B
JITHIN JOHNSON => 17470231 B
Administrator => 48504722 B

RecycleBin => 8711377 B
EmptyTemp: => 212.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:31:33 ====

Link to post
Share on other sites

Glad to see that everything's working on your end Jithin, and no problem, you're welcome :)

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

  • j1Bynr2.pngMalwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

# DelFix v1.013 - Logfile created 17/01/2018 at 07:37:52
# Updated 17/04/2016 by Xplode
# Username : JITHIN JOHNSON - LAPTOP-NLPUVLTR
# Operating System : Windows 10 Home  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\JITHIN JOHNSON\Desktop\mbar
Deleted : C:\Users\JITHIN JOHNSON\Desktop\Addition.txt
Deleted : C:\Users\JITHIN JOHNSON\Desktop\adwcleaner_7.0.6.0.exe
Deleted : C:\Users\JITHIN JOHNSON\Desktop\Fixlog.txt
Deleted : C:\Users\JITHIN JOHNSON\Desktop\FRST.txt
Deleted : C:\Users\JITHIN JOHNSON\Desktop\FRST64.exe
Deleted : C:\Users\JITHIN JOHNSON\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\JITHIN JOHNSON\Downloads\Addition.txt
Deleted : C:\Users\JITHIN JOHNSON\Downloads\FRST.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #8 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 | 12/19/2017 02:00:59]
Deleted : RP #9 [Scheduled Checkpoint | 01/03/2018 15:51:25]
Deleted : RP #10 [Removed Online Application | 01/16/2018 14:23:20]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.