Jump to content

Recommended Posts

Hello virusesarebad and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

When you`ve downloaded FRST64.exe, rename it to FRST64English.exe...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin..
Link to post
Share on other sites

Thank you for the code. This is what I received from the (FRST.txt) doc 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Saqib (administrator) on DESKTOP-22N9VEP (Hewlett-Packard HP ProDesk 600 G1 SFF) (12-07-2020 17:08:07)
Running from C:\Users\Saqib\Downloads
Loaded Profiles: Saqib
Platform: Windows 10 Pro Version 1903 18362.900 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] [File is in use] C:\temps\is-8AMKI.tmp\Verzuz.exe
() [File not signed] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <3>
() [File not signed] C:\ProgramData\FlexGridService\FlexGridService.exe
() [File not signed] C:\temps\is-MC1M9.tmp\Verzuz.tmp
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Alexey Nicolaychuk -> ) E:\ARKSurvivalEvolved\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) E:\ARKSurvivalEvolved\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) E:\ARKSurvivalEvolved\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DTShellHlp.exe
(AVG Technologies CZ, s.r.o. -> AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\190.7.0\ToolbarUpdater.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Saqib\AppData\Roaming\uTorrent\helper\helper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Saqib\AppData\Roaming\uTorrent\updates\3.5.5_45704\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Saqib\AppData\Roaming\uTorrent\uTorrent.exe
(Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Saqib\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Saqib\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Discord Inc. -> Discord Inc.) C:\Users\Saqib\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
(Discord Inc. -> Discord Inc.) C:\Users\Saqib\AppData\Local\DiscordPTB\app-0.0.52\DiscordPTB.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Saqib\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <33>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Saqib\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe
(Opera Software AS -> Opera Software) C:\Users\Saqib\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) E:\program files\txgameassistant\appmarket\AppMarket.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) E:\program files\txgameassistant\appmarket\QMEmulatorService.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) E:\program files\txgameassistant\appmarket\TBSWebRenderer.exe <2>
(TunnelBear -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-06-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [656976 2019-09-09] (Urban Cyber Security Inc. -> )
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353776 2020-06-30] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-04-18] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2019-10-19] (AVG Technologies CZ, s.r.o. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [kissq] => C:\temps\kissq.exe***************** [385024 2020-07-11] () [File not signed]
HKLM\...\RunOnce: [irt2j2twkbu] => C:\Program Files (x86)\AOwp\656692455.exe [297984 2020-07-11] (MorningAlarm) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32350096 2020-07-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Opera Browser Assistant] => C:\Users\Saqib\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2318936 2019-05-08] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [DAEMON Tools Ultra Automount] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [458608 2019-05-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [458608 2019-05-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [f.lux] => C:\Users\Saqib\AppData\Local\FluxSoftware\Flux\flux.exe [1469968 2020-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Discord] => C:\Users\Saqib\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [911752 2019-06-19] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [uTorrent] => C:\Users\Saqib\AppData\Roaming\uTorrent\uTorrent.exe [2078952 2020-06-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Chromium] => "c:\users\saqib\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [GoogleChromeAutoLaunch_13806387836529D1F0C87EF8E1D0EDD0] => "C:\Users\Saqib\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [2389448 2019-06-20] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [GameCenter] => C:\Users\Saqib\AppData\Local\GameCenter\GameCenter.exe [10317920 2020-03-02] (Mail.Ru LLC -> )
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Dashlane] => C:\Users\Saqib\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-04-06] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [DashlanePlugin] => C:\Users\Saqib\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-04-06] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Resilio Sync] => C:\Users\Saqib\AppData\Roaming\Resilio Sync\Resilio Sync.exe [23230984 2020-01-17] (Resilio, Inc -> Resilio, Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Windows Updates Service] => C:\Users\Saqib\AppData\Roaming\Windows Updates Files\Windows Updates Service.vbe [997 2020-04-19] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Salad] => C:\Users\Saqib\AppData\Local\Programs\Salad\Salad.exe [104659208 2020-01-16] (SALAD TECHNOLOGIES, INC. -> Salad Technologies)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [DiscordPTB] => C:\Users\Saqib\AppData\Local\DiscordPTB\app-0.0.52\DiscordPTB.exe [90950968 2020-04-01] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Spotify] => C:\Users\Saqib\AppData\Roaming\Spotify\Spotify.exe [23220456 2020-07-01] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [BD216F70645AEA5F4130117A0C7DF4040C54C431._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [Gaijin.Net Updater] => C:\Users\Saqib\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2361600 2019-11-28] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\Run: [3073419] => C:\temps\is-8AMKI.tmp\Verzuz.exe [2373872 2020-07-11] () [File not signed] [File is in use]
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --disable-quic --flag-switches-end --enable-audio-service-sandbox --restore-last-session -- hxxps://www.spotify.com/s (the data entry has 70 more characters).
HKLM\...\Windows x64\Print Processors\hpcpp140: C:\Windows\System32\spool\prtprocs\x64\hpcpp140.DLL [559616 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\...\AppCompatFlags\Custom\DSLauncher.exe: [{ce631682-6f11-466e-b922-933fb1cf0f3f}.sdb] -> GOG.com Medal of Honor Pacific Assault
HKLM\Software\...\AppCompatFlags\Custom\mohpa.exe: [{ce631682-6f11-466e-b922-933fb1cf0f3f}.sdb] -> GOG.com Medal of Honor Pacific Assault
HKLM\Software\...\AppCompatFlags\Custom\mohpa_server.exe: [{ce631682-6f11-466e-b922-933fb1cf0f3f}.sdb] -> GOG.com Medal of Honor Pacific Assault
HKLM\Software\...\AppCompatFlags\Custom\mohpa_setup.exe: [{ce631682-6f11-466e-b922-933fb1cf0f3f}.sdb] -> GOG.com Medal of Honor Pacific Assault
HKLM\Software\...\AppCompatFlags\InstalledSDB\{ce631682-6f11-466e-b922-933fb1cf0f3f}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{ce631682-6f11-466e-b922-933fb1cf0f3f}.sdb [2016-11-08]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2020-06-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.1844\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)
Startup: C:\Users\Saqib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reallusion Hub.lnk [2019-10-13]
ShortcutTarget: Reallusion Hub.lnk -> C:\Program Files (x86)\Common Files\Reallusion\LiveUpdate\Reallusion Hub.exe (Reallusion Inc. -> Reallusion Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07B138FA-AC7E-4C03-A8B8-0EF795554236} - System32\Tasks\Origin => C:\Users\Saqib\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {148B32F8-3EA1-4C71-A030-4AEF37521AD9} - System32\Tasks\Opera scheduled Autoupdate 1555827736 => C:\Users\Saqib\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {61F526C9-B98A-4784-AB54-49D3888C86B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {64AFEBBE-15F1-4137-8091-1B6E0E05D8A1} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [752136 2020-06-18] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {6C10AD5F-CB87-412C-88F5-401A85C7FA7F} - System32\Tasks\Microsoft\Windows\Wininet\SystemC => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION
Task: {6E618BF8-BC67-495F-8869-8B1FC4BA5F2D} - System32\Tasks\Driver Booster SkipUAC (Saqib) => C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe [7614224 2019-06-11] (IObit Information Technology -> IObit)
Task: {82F0316A-C6CC-426D-A342-7901D5FEF2A1} - System32\Tasks\ByteFence => c:\program files\bytefence\ByteFence.exe [3916104 2019-07-03] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {91EB04D3-858A-49FB-BBCA-7B738130F2D2} - System32\Tasks\RTSS => E:\ARKSurvivalEvolved\RivaTuner Statistics Server\RTSS.exe [414864 2020-05-07] (Alexey Nicolaychuk -> )
Task: {A6ECFD04-4582-4915-B52C-48F83074FD3A} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\6.5.0\Scheduler.exe [149776 2019-06-11] (IObit Information Technology -> IObit)
Task: {AAC29A71-F460-4F04-9EF8-0F88A1120E9E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AC47580C-B868-46E9-A9C6-F16DF2FC55F1} - System32\Tasks\GoogleUpdateTaskMachineCore1d5227b4cd81de3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [1145344 2020-07-03] () [File not signed]
Task: {B4F71FD4-BFB0-4AD2-B653-C98EC6FDC5AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [1145344 2020-07-03] () [File not signed]
Task: {CD621D23-D5C4-4A4A-93FC-7ACCFCD7E5A9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F71252A0-33EC-4932-B85E-295A1AE529A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Chrome Cleanup Tool post reboot run.job => c:\users\saqib\appdata\local\temp\chromecleaner_0_20368_14166\eb2222c0-9c0d-4b7f-889e-f5f3f8617ba9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0AD07BF-BC25-4BF5-A7C3-4E333C0E390D}.job => C:\Windows\system32\msfeedssync.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{057059a1-294f-460d-9ff2-4856ce156d9e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3312664b-c769-4963-b4b6-cac034223a2a}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{a1225e14-2ccb-4310-8e6b-ab2682cd02bf}: [DhcpNameServer] 8.8.8.8 1.1.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGkwCj4xZIvGOVWgmE8z9QhiMWW5fNJabyzZOonZHO4B1P2iDH5giQSNqOdyFB5I7P06TeuqY5v9MuOjp7aZrTMPYBV9yNT-JaFeqVJCb1rwcuVqBUhsEBS8Z3hZju5vn2wJAByO-7bHjqo0iTbLhkeSPtIWeMrGpyUVcjDLFw,,&q={searchTerms}
HKU\S-1-5-21-938089271-1026118289-2776031529-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.ru/cnt/10445?gp=834423
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGkwCj4xZIvGOVWgmE8z9QhiMWW5fNJabyzZOonZHO4B1P2iDH5giQSNqOdyFB5I7P06TeuqY5v9MuOjp7aZrTMPYBV9yNT-JaFeqVJCb1rwcuVqBUhsEBS8Z3hZju5vn2wJAByO-7bHjqo0iTbLhkeSPtIWeMrGpyUVcjDLFw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-938089271-1026118289-2776031529-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-938089271-1026118289-2776031529-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-938089271-1026118289-2776031529-1002 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
SearchScopes: HKU\S-1-5-21-938089271-1026118289-2776031529-1002 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BA41719D3-BFA1-42C0-86D3-01C434CC5E24%7D&gp=811610
SearchScopes: HKU\S-1-5-21-938089271-1026118289-2776031529-1002 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGkwCj4xZIvGOVWgmE8z9QhiMWW5fNJabyzZOonZHO4B1P2iDH5giQSNqOdyFB5I7P06TeuqY5v9MuOjp7aZrTMPYBV9yNT-JaFeqVJCb1rwcuVqBUhsEBS8Z3hZju5vn2wJAByO-7bHjqo0iTbLhkeSPtIWeMrGpyUVcjDLFw,,&q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0_20\bin\jp2ssv.dll [2019-06-15] (Sun Microsystems, Inc.) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2020-06-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Saqib\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-06-02] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\190.7.0\ViProtocol.dll [2019-10-19] (AVG Technologies CZ, s.r.o. -> AVG Secure Search)

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-06]
Edge HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGkwCj4xZIvGOVWgmE8z9QhiMWW5fNJabyzZOonZHO4B1P2iDH5giQSNqOdyFB5I7P06TeuqY5v9MuOjvParXNlL5OBFvUmpOApbeZrN9O-37sWOYmjYSznPDKjDZVTwwPK6f1La63DGjgeW7NmOnArA0XRyxPgVr0ms_9yA2g,,
Edge DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> sse
Edge DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
Edge Extension: (Poki) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ajdcdldijnddfkjdikgbemhnjopehfof [2020-06-08]
Edge Extension: (Honey) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2020-06-08]
Edge Extension: (MEGA) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-07-02]
Edge Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2020-06-08]
Edge Extension: (ByteFence Secure Browsing) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blngdeeenccpfjbkolalandfmiinhkak [2020-06-08]
Edge Extension: (Microsoft Protect) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2020-07-03]
Edge Extension: (Dashlane - Password Manager) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-06-25]
Edge Extension: (Stylish - Custom themes for any website) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2020-06-08]
Edge Extension: (EditThisCookie) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-06-08]
Edge Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-06-08]
Edge Extension: (Website AdBlocker+ ) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcppmipbaefnnhdlokjkochjknkdodip [2020-06-08]
Edge Extension: (Tab box) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdjpmadendfpnaknhdgkeliilkanpnnj [2020-06-08]
Edge Extension: (Onepage) - C:\Users\Saqib\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pljpepknjlkhhhnheilglnnileomjcml [2020-06-08]

FireFox:
========
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\190.7.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-06-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-06-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default [2020-07-12]
CHR Notifications: Default -> hxxps://forum.cheatbuddy.pro; hxxps://www1a.delmarmora.pro; hxxps://www1a.rudyvalencia.pro; hxxps://www1p.rudyvalencia.pro; hxxps://www1p.samcunningham.pro
CHR HomePage: Default -> search.swagbucks.com
CHR StartupUrls: Default -> "hxxps://mail.ru/cnt/10445?gp=811570"
CHR NewTab: Default ->  Not-active:"chrome-extension://nnegnghjbbaaojdkcdgmdehpakckeekb/redirect.html"
CHR Extension: (Slides) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-16]
CHR Extension: (Docs) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-16]
CHR Extension: (Google Drive) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-16]
CHR Extension: (MEGA) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-07-08]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-06-30]
CHR Extension: (YouTube) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-16]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-07-11]
CHR Extension: (Sheets) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-16]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-05-02]
CHR Extension: (Website AdBlocker+ ) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppmipbaefnnhdlokjkochjknkdodip [2019-06-30]
CHR Extension: (BeFrugal: Automatic Coupons and Cash Back) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\logldmlncddmdfcjaaljjjkajcnacigc [2020-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Swagbucks Search) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnegnghjbbaaojdkcdgmdehpakckeekb [2020-07-08]
CHR Extension: (Tab box) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjpmadendfpnaknhdgkeliilkanpnnj [2019-09-10]
CHR Extension: (Gmail) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-28]
CHR Extension: (Onepage) - C:\Users\Saqib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljpepknjlkhhhnheilglnnileomjcml [2019-12-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

 

 

 

I Have Also attached the Addition.txt to this reply.

 

Addition.txt

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.