Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop keeps downloading viruses


  • This topic is locked This topic is locked
15 replies to this topic

#1 aayanpk

aayanpk

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 05:48 AM

For the past week my laptop is acting extremely weird. All my antivirus are getting deleted and random browsers are appearing everyday such as browserair , amigo , one is called hotmail [not the real one] , one simply called search. then there are rouges like avast and yes it is called avast its just a rip off, then awg rip off of avg. then there are browser hijackers, Mozzila and chrome have mail.ru and searching .com. then finally my laptop shows  a window named initializing your installation which downloads random files even task manager dosent work
 

 

  •  
    •  

    •  
    •  


BC AdBot (Login to Remove)

 


#2 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 05:57 AM

result of farbar scan Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2017

Ran by Aayan (05-07-2017 03:56:24)
Running from C:\Users\Aayan\Downloads
Windows 10 Pro Version 1703 (X64) (2017-05-24 07:23:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Aayan (S-1-5-21-1987830725-3782434280-15376247-1000 - Administrator - Enabled) => C:\Users\Aayan
Administrator (S-1-5-21-1987830725-3782434280-15376247-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1987830725-3782434280-15376247-503 - Limited - Disabled)
Guest (S-1-5-21-1987830725-3782434280-15376247-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amigo (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\Amigo) (Version: 56.0.2924.197 - Mail.Ru) <==== ATTENTION
BrowserAir (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\BrowserAir) (Version: 48.0.0.0 - BrowserAir) <==== ATTENTION
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
CSGO WaRzOnE Launcher (HKLM-x32\...\{FF04C93C-3EF1-4F59-B94F-720D9BA84B88}) (Version: 1.0 - Warzone) Hidden
CSGO WaRzOnE Launcher (HKLM-x32\...\CSGO WaRzOnE Launcher 1.0) (Version: 1.0 - Warzone)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Isminer 19 (HKLM-x32\...\isMiner) (Version: 19 - isMiner inc ) <==== ATTENTION
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
kceidjgdigbhildogdafgekneemgibfe (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\kceidjgdigbhildogdafgekneemgibfe) (Version:  - ) <==== ATTENTION
Maskit (HKLM-x32\...\{2EBC22A2-B875-456D-B63E-6023C99A32C1}_is1) (Version: 1.0.0.0 - Star Line)
Microsoft OneDrive (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Oracle VM VirtualBox 5.1.22 (HKLM\...\{8D5E4D4D-5E0C-4448-B018-5DDEF1E208D9}) (Version: 5.1.22 - Oracle Corporation)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.6.6 - Reimage) <==== ATTENTION
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
Super Mario Bros. (HKLM-x32\...\Super Mario Bros._is1) (Version:  - GameFabrique)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
TSearch (HKLM-x32\...\6E727987-C8EA-44DA-8749-310C0FBE3C3E) (Version: 2.0.0.267 - Company Inc.) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
WinRAR 5.50 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.3 - win.rar GmbH)
Wondershare Filmora(Build 8.2.5) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1987830725-3782434280-15376247-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-05-23] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-05-23] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2B8175C4-4779-4AF4-B59F-822D400393DB} - System32\Tasks\IBUpd2 => C:\Users\Aayan\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== ATTENTION
Task: {353370F4-AC7E-4714-AD12-277E1CAFDE2E} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-05-14] (Reimage®) <==== ATTENTION
Task: {503E337D-DD25-4099-809B-2F4A451153B9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\VideErroroReporting => C:\\ProgramData\\WindowsVideoErrorReporting\\wvermgr.exe <==== ATTENTION
Task: {650946C8-0DFF-4305-AD4F-CA1D054CEE31} - System32\Tasks\MaskitAutorun => C:\Program Files (x86)\Maskit\Maskit.exe [2017-04-21] (Digital Action Consulting LTD)
Task: {B4F6049E-AD50-4911-A4F2-B45036072D55} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Windows\Manager.exe [2017-06-21] ()
Task: {CB7864C1-8867-4357-BDCB-4A2F3D8EC9A8} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-07-03] (Reimage ltd.) <==== ATTENTION
Task: {EF8D0A8A-024A-4794-9B6C-1EA18B8B012F} - System32\Tasks\IBUpd => C:\Users\Aayan\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Aayan\Desktop\Hotmail.lnk -> C:\Users\Aayan\AppData\Local\BrowserAir\Application\BrowserAir.exe () -> hxxp://live.com
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --app-id=blpabnnnpcfijmjhhdihdglfhecjoknn <==== Cyrillic
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --app-id=jbhbhflenehimkngcjnpeleogniobpnn <==== Cyrillic
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo Apps\Амиго.Музыка.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) ->  --profile-directory=Default --app-id=mbipmajmbfjakbcfnjdldckninlnmhoe
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo Apps\ВКонтакте.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) ->  --profile-directory=Default --app-id=blpabnnnpcfijmjhhdihdglfhecjoknn
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo Apps\Мини-игры Mail.Ru.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) ->  --profile-directory=Default --app-id=eelhkjeciikfclbijaplfgdlnmnpamgk
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo Apps\Мой Мир.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) ->  --profile-directory=Default --app-id=oplpkihnjdodepplnehakffakpgfcpji
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo Apps\Одноклассники.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) ->  --profile-directory=Default --app-id=jbhbhflenehimkngcjnpeleogniobpnn
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo Apps\Почта Mail.Ru.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) ->  --profile-directory=Default --app-id=pgkcjlfddldjbjedihplepchglcpamne
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012"
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --app-id=blpabnnnpcfijmjhhdihdglfhecjoknn <==== Cyrillic
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk -> C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --app-id=jbhbhflenehimkngcjnpeleogniobpnn <==== Cyrillic
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,"
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search (2).lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epe&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=h74zamobl7428xn/abu,aaad787f-accd-44c9-9c09-addc87d69b51,
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-21 06:01 - 2017-06-21 06:05 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 06:01 - 2017-06-21 06:05 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 06:01 - 2017-06-21 06:10 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 06:01 - 2017-06-21 06:05 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-25 12:10 - 2017-05-25 12:12 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 02:57 - 2017-06-22 02:58 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 02:57 - 2017-06-22 02:58 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 02:57 - 2017-06-22 02:58 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-01 03:02 - 2017-06-01 03:06 - 23661056 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-06-01 03:02 - 2017-06-01 03:05 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 04:03 - 2017-05-26 04:08 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-23 02:29 - 2017-06-23 02:36 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-23 02:29 - 2017-06-23 02:35 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 00047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-06-03 07:01 - 2017-05-19 22:59 - 02328576 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 02836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2017-07-02 03:46 - 2017-06-22 20:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-02 03:46 - 2017-06-22 20:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 14:03 - 2017-06-21 13:25 - 00001146 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Aayan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{ef244cba-fea9-4e22-ae0e-def04f1ecf69}.jpg
DNS Servers: 39.39.39.39 - 182.176.100.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{41461FD1-11BC-4933-8B55-A337696C924D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{52FC00C4-D951-4DD5-B26F-EE4A9C7294EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3D9EF437-94D5-42A1-81E0-D7351FC17628}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{12684F2A-62D0-4048-A327-811558F8C89C}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{481DC7CB-AC8D-412D-BBAF-6303667D58FC}C:\users\aayan\desktop\secondlifeviewer\slvoice.exe] => (Allow) C:\users\aayan\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{1491D13C-FFE8-4E1E-BB9F-E1CB2D23E69A}C:\users\aayan\desktop\secondlifeviewer\slvoice.exe] => (Allow) C:\users\aayan\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [{16F24938-D33B-4CBE-912B-5A93CFF71D30}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{6B967188-8AAE-48EB-812B-2C21B019721D}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{C49BC8A5-1271-4F6F-8EFF-7FE6FD265202}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{5265F45E-95E9-4AD4-9D73-C63E55424B6A}] => (Allow) C:\Games\Counter Strike Global Offensive Warzone\csgo_launcher.exe
FirewallRules: [TCP Query User{92DC732E-C23C-4E55-BF4D-CF78EF84534C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D0B5F029-BCDF-45FB-BE31-335C74924E0C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4A6E7135-CDAF-427C-8247-45E23749B374}] => (Allow) C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{1FCC203C-8928-4C6F-A0C7-706D5E0AFC39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{73CE233C-7484-44A4-AA08-58737633D1C1}] => (Allow) C:\Users\Aayan\AppData\Local\BrowserAir\Application\BrowserairExec.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/05/2017 01:59:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x595adaa6
Faulting module name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x595adaa6
Exception code: 0xc0000005
Fault offset: 0x0001a776
Faulting process id: 0x4d0
Faulting application start time: 0x01d2f56c73a5ffef
Faulting application path: C:\Users\Aayan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Faulting module path: C:\Users\Aayan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Report Id: f68c8529-bc8c-4e58-9df0-56f312519ba7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/05/2017 01:59:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: linker.exe, version: 1.0.0.1, time stamp: 0x5939595b
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xa82cc161
Exception code: 0xc0000028
Fault offset: 0x000a3889
Faulting process id: 0x24cc
Faulting application start time: 0x01d2f56ce7f4cd47
Faulting application path: C:\Users\Aayan\AppData\Local\Temp\linker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e33a0c5f-0727-485a-bf11-ecea912de726
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/05/2017 01:59:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: linker.exe, version: 1.0.0.1, time stamp: 0x5939595b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x00450e2a
Faulting process id: 0x24cc
Faulting application start time: 0x01d2f56ce7f4cd47
Faulting application path: C:\Users\Aayan\AppData\Local\Temp\linker.exe
Faulting module path: unknown
Report Id: f47dd987-f4a2-413e-9483-dcb637915644
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/05/2017 01:58:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: linker.exe, version: 1.0.0.1, time stamp: 0x5939595b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x00450e2a
Faulting process id: 0x24cc
Faulting application start time: 0x01d2f56ce7f4cd47
Faulting application path: C:\Users\Aayan\AppData\Local\Temp\linker.exe
Faulting module path: unknown
Report Id: c06ba272-b2cd-4e71-8808-3da69ebff603
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/04/2017 05:50:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x595adaa6
Faulting module name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x595adaa6
Exception code: 0xc0000005
Fault offset: 0x0001a776
Faulting process id: 0x2730
Faulting application start time: 0x01d2f4c31c077b34
Faulting application path: C:\Users\Aayan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Faulting module path: C:\Users\Aayan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Report Id: 1dd11275-6b4f-49a2-b4ac-8ee2a4ab4b2b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/04/2017 05:43:35 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (07/04/2017 05:43:30 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (07/04/2017 01:28:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x595adaa6
Faulting module name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x595adaa6
Exception code: 0xc0000005
Fault offset: 0x0001a776
Faulting process id: 0x15c4
Faulting application start time: 0x01d2f49ea47eaa3a
Faulting application path: C:\Users\Aayan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Faulting module path: C:\Users\Aayan\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Report Id: 8bbc1dff-9b85-4411-84ab-d0ed4512e16f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/04/2017 01:13:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: linker.exe, version: 1.0.0.1, time stamp: 0x5939595b
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xa82cc161
Exception code: 0xc0000028
Fault offset: 0x000a3889
Faulting process id: 0xd88
Faulting application start time: 0x01d2f49d660c3004
Faulting application path: C:\Users\Aayan\AppData\Local\Temp\linker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 035f95a6-998d-469b-a5b5-474a67cfea62
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/04/2017 01:13:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: linker.exe, version: 1.0.0.1, time stamp: 0x5939595b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x02c30e2a
Faulting process id: 0xd88
Faulting application start time: 0x01d2f49d660c3004
Faulting application path: C:\Users\Aayan\AppData\Local\Temp\linker.exe
Faulting module path: unknown
Report Id: bb17ea2b-a951-4777-b834-8c495fe46786
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/05/2017 03:34:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 03:34:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 03:26:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 02:43:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 02:36:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 01:55:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 01:55:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 01:55:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/04/2017 11:06:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/04/2017 10:10:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-02 02:58:55.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-02 02:37:18.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-02 02:36:43.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-02 02:36:42.984
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-27 08:13:41.360
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-27 08:13:41.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:37:42.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:37:04.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:37:03.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:30:04.419
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8057.44 MB
Available physical RAM: 4693.5 MB
Total Virtual: 9337.44 MB
Available Virtual: 5747.01 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.7 GB) (Free:15.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 1017AC84)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#3 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 06:34 AM

my computer is getting screwed up i need help



#4 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 06:37 AM

another rogue got installed called reimage



#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,766 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:52 AM

Posted 05 July 2017 - 06:42 AM

Hi ,

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being asked.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage.
 
  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Amigo
    • BrowserAir
    • Isminer 19
    • kceidjgdigbhildogdafgekneemgibfe
    • Reimage Repair
    • Search module
    • TSearch
 
  • Step #2 Scan with Zemana Anti-malware
    Download and install Zemana anti-malware from here.
    • Double-click to run the software;
    • Click on the gear-icon on the top right portion to navigate to Settings.
      • Click on Scan > put a tick on Create System Restore
      • Click on Advanced > put a tick on Check for Suspicious (root CA) Certificates
    • Click the home icon on top left and click on Scan
    • After scan finishes click on the report tab on the top right corner;
    • Choose the latest report by clicking on it and click on Open Report afterward.
    • Copy and Paste the contents of the report in your next reply.
 
  • Step #3 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Option and put a tick mark on everything;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.
 

Re-run FRST and give me a fresh set of scan logs.

 
  • Required Log(s):
    • Zemana Scan Log
    • Adwcleaner Log
    • New FRST logs (FRST.txt and Addition.txt)
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#6 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 09:22 AM

zemana log 

 

Zemana AntiMalware 2.74.2.76 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017-7-5
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-3320M CPU @ 2.60GHz
BIOS Mode              : Legacy
CUID                   : 129F816AE35939147E5BD8
Scan Type              : System Scan
Duration               : 1m 56s
Scanned Objects        : 63705
Detected Objects       : 79
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Edge Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Edge Shortcut
 
Internet Explorer Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut
 
Internet Explorer Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut
 
Internet Explorer Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut
 
Internet Explorer Search
Status             : Scanned
Object             : Поиск@Mail.Ru - http://go.mail.ru
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search
 
Internet Explorer Search
Status             : Scanned
Object             : Searching - http://www-searching.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Search
 
Firefox Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Shortcut
 
Firefox Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Shortcut
 
Firefox Search
Status             : Scanned
Object             : Search Module - http://www-searching.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search
 
Firefox Newtab
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Newtab
 
Firefox Homepage
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Homepage
 
Chrome Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Homepage
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Homepage
 
TSearch
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\features\{d29dbc80-e8b5-4116-ab62-ecd8ed032a33}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - TSearch
 
Fast search
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\eeo1y8hc.default\extensions\amcontextmenu@loucypher
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Fast search
 
Search Module Plus v2
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Search Module Plus v2
 
cloudnet.exe
Status             : Scanned
Object             : %appdata%\epicnet inc\cloudnet\cloudnet.exe
MD5                : 33678078D980F61E709F644FBACA0C73
Publisher          : -
Size               : 635392
Version            : 7.2.1.1
Detection          : Trojan:Win32/Vorniac.A!Trak
Cleaning Action    : Quarantine
Related Objects    :
                File - %appdata%\epicnet inc\cloudnet\cloudnet.exe
                Reference - C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cloudnet.lnk
 
amigo.exe
Status             : Scanned
Object             : %localappdata%\amigo\application\amigo.exe
MD5                : 08A11EDAAEEE48301222E5DEE381B12F
Publisher          : LLC Mail.Ru
Size               : 930280
Version            : 56.0.2924.197
Detection          : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\amigo\application\amigo.exe
                Reference - C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk
                Reference - C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk
                Reference - C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Amigo.lnk
 
smu.exe
Status             : Scanned
Object             : %commonprogramw6432%\noobzo\gnupdate\smu.exe
MD5                : 954A1E2E6841B6B54090D628975EFE50
Publisher          : -
Size               : 2989056
Version            : 2.6.8.7860
Detection          : Adware:Win32/ShopperPro!Sig
Cleaning Action    : Quarantine
Related Objects    :
                File - %commonprogramw6432%\noobzo\gnupdate\smu.exe
                Process - 6424 - C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\SMUpd\ImagePath = C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service
 
smci64.dll
Status             : Scanned
Object             : %commonprogramw6432%\noobzo\gnupdate\smci64.dll
MD5                : 7AD20D1020DF2191CDDD72EEE7B08984
Publisher          : -
Size               : 2564608
Version            : 2.6.8.7860
Detection          : Adware:Win32/ShopperPro!Sig
Cleaning Action    : Quarantine
Related Objects    :
                File - %commonprogramw6432%\noobzo\gnupdate\smci64.dll
                DLL - 6604 - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
ReiGuard.exe
Status             : Scanned
Object             : %programw6432%\reimage\reimage protector\reiguard.exe
MD5                : 1283D0E726A546D58650070BE76DFA7C
Publisher          : Reimage Limited
Size               : 8515952
Version            : 2.0.2.0
Detection          : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programw6432%\reimage\reimage protector\reiguard.exe
                Process - 10256 - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\ReimageRealTimeProtector\ImagePath = C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
                Scheduled Task - C:\WINDOWS\System32\Tasks\ReimageUpdater
 
ReiSystem.exe
Status             : Scanned
Object             : %programw6432%\reimage\reimage protector\reisystem.exe
MD5                : 264C5475A0EAB94B00EA3138152D15E9
Publisher          : Reimage Limited
Size               : 8062832
Version            : 2.0.2.0
Detection          : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programw6432%\reimage\reimage protector\reisystem.exe
                Process - 3464 - C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
 
SUPER_MARIO_BROS.EXE
Status             : Scanned
Object             : %userprofile%\downloads\super_mario_bros.exe
MD5                : 4E3C55C4878F3A7F5D2902A20804F843
Publisher          : Setup Alpha ((New Media Holdings Ltd)
Size               : 1233280
Version            : 0.0.0.0
Detection          : Adware:Win32/FriedMedia!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\super_mario_bros.exe
 
noobzo
Status             : Scanned
Object             : NE->c:\program files\common files\noobzo
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Goobzo.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
smci32.dll
Status             : Scanned
Object             : NE->c:\program files\common files\noobzo\gnupdate\smci32.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Goobzo.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
smci64.dll
Status             : Scanned
Object             : NE->c:\program files\common files\noobzo\gnupdate\smci64.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Goobzo.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
smci64.dll.-1147413932
Status             : Scanned
Object             : NE->c:\program files\common files\noobzo\gnupdate\smci64.dll.-1147413932
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Goobzo.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
smu.exe
Status             : Scanned
Object             : NE->c:\program files\common files\noobzo\gnupdate\smu.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Goobzo.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimage
Status             : Scanned
Object             : NE->c:\program files\reimage
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
mail.ru
Status             : Scanned
Object             : NE->c:\programdata\mail.ru
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Mail.Ru.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimage repair
Status             : Scanned
Object             : NE->c:\programdata\microsoft\windows\start menu\programs\reimage repair
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimage protector
Status             : Scanned
Object             : NE->c:\programdata\reimage protector
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
searchmodule
Status             : Scanned
Object             : NE->c:\programdata\searchmodule
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Goobzo.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
smp2.exe
Status             : Scanned
Object             : NE->c:\programdata\smp2.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Goobzo.E!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
rei
Status             : Scanned
Object             : NE->c:\rei
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.E!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
amigo
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\amigo
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
browserair
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
chrome.dll
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\chrome.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
chrome_child.dll
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\chrome_child.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
chrome_elf.dll
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\chrome_elf.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
chrome_watcher.dll
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\chrome_watcher.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
delegate_execute.exe
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\delegate_execute.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
setup.exe
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\installer\setup.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
metro_driver.dll
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\metro_driver.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
nacl64.exe
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\nacl64.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
widevinecdmadapter.dll
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\48.0.0.0\widevinecdmadapter.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Shopper!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
browserairexec.exe
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\browserairexec.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/BrowserAir!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
widevinecdmadapter.dll
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\browserair\application\widevinecdm\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Shopper!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
installationconfiguration.xml
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\installationconfiguration.xml
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Linkury.AB!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
mail.ru
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\mail.ru
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Mail.Ru.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\gta\grand theft auto v\setup.exe
MD5                : 580DB15A4FBA1FE58498185D8DEA3687
Publisher          : -
Size               : 3433984
Version            : 1.0.0.0
Detection          : RiskTool:Win32/BitCoinMiner
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\gta\grand theft auto v\setup.exe
 
nscpucnminer32.exe
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\temp\126a.tmp\nscpucnminer32.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Trojan:Win32/CPUMiner.Generic.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimage.log
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\temp\reimage.log
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.H!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimagepackage.exe
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\local\temp\reimagepackage.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.I!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
gplyra
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\gplyra
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Gplyra Miner.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
isminer
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\isminer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/isMiner.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
amigo apps
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo apps
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
амиго.музыка.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo apps\амиго.музыка.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
вконтакте.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo apps\вконтакте.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
мини-игры mail.ru.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo apps\мини-игры mail.ru.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
мой мир.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo apps\мой мир.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
одноклассники.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo apps\одноклассники.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
почта mail.ru.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo apps\почта mail.ru.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
amigo.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\amigo.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
вконтакте.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\вконтакте.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
одноклассники.lnk
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\microsoft\windows\start menu\programs\одноклассники.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Amigo.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
ucchannel
Status             : Scanned
Object             : NE->c:\users\aayan\appdata\roaming\ucchannel
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/UCBrowser.J!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
mail.ru агент - используй для общения!.url
Status             : Scanned
Object             : NE->c:\users\aayan\favorites\mail.ru агент - используй для общения!.url
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Mail.Ru.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
mail.ru.url
Status             : Scanned
Object             : NE->c:\users\aayan\favorites\mail.ru.url
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Mail.Ru.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimage.ini
Status             : Scanned
Object             : NE->c:\windows\reimage.ini
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimage reminder
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\reimage reminder
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.G!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
reimageupdater
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\reimageupdater
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Reimage.G!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
g90a0.tmp.exe
Status             : Scanned
Object             : NE->c:\windows\temp\g90a0.tmp.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Malware:Win32/Generic.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
gb4b6.tmp.exe
Status             : Scanned
Object             : NE->c:\windows\temp\gb4b6.tmp.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Malware:Win32/Generic.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
DB.Browser.for.SQLite-3.9.1-win64.exe.part
Status             : Cancelled
Object             : %userprofile%\downloads\db.browser.for.sqlite-3.9.1-win64.exe.part
MD5                : 0C2BF13AB5963CAB4C1F8547B5CE9E16
Publisher          : -
Size               : 748087
Version            : -
Detection          : 
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\db.browser.for.sqlite-3.9.1-win64.exe.part
 
Beehind.exe
Status             : Scanned
Object             : %userprofile%\downloads\compressed\beehindbeta_v0.5-1f02db583f13e8b103dfd7e50ff95ca1d356225a\beehind.exe
MD5                : 4D20E8D7A75306D5F6DF8EE8CF8487AD
Publisher          : -
Size               : 25312256
Version            : 1.0.0.0
Detection          : Heur.Malicious!Pc
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\compressed\beehindbeta_v0.5-1f02db583f13e8b103dfd7e50ff95ca1d356225a\beehind.exe
 
smw.sys
Status             : Scanned
Object             : %commonprogramw6432%\noobzo\gnupdate\smw.sys
MD5                : 6A956BD593FDCE0820A5516950AE82A5
Publisher          : GOOBZO LTD
Size               : 52992
Version            : -
Detection          : Adware:Win32/Goobzo!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %commonprogramw6432%\noobzo\gnupdate\smw.sys
                Registry Entry - HKLM\System\CurrentControlSet\Services\SMUpdd\ImagePath = \??\C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys
 
REI_Axcontrol.dll
Status             : Scanned
Object             : %programw6432%\reimage\reimage repair\rei_axcontrol.dll
MD5                : 61D3698650D388536006B35970ACBC0E
Publisher          : Reimage Limited
Size               : 480616
Version            : 1.8.6.6
Detection          : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programw6432%\reimage\reimage repair\rei_axcontrol.dll
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}\@ = C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32\@ = C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32\@ = C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll
 
tpobCUC.dll
Status             : Cancelled
Object             : %programfiles%\mediaserchie\tpobcuc.dll
MD5                : FA6D5FCED959CC0DE9EA0B4D542F26EF
Publisher          : -
Size               : 799222
Version            : -
Detection          : 
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\mediaserchie\tpobcuc.dll
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B3A986DC-C2DD-40A0-8C0C-FEF66B783511}\@ = C:\Program Files (x86)\MediaSerchIE\tpobCUC.dll
 
ReimageReminder.exe
Status             : Scanned
Object             : %programw6432%\reimage\reimage repair\reimagereminder.exe
MD5                : BCEBD6BF9B68B6EF9A79C016739E309F
Publisher          : Reimage Limited
Size               : 4478312
Version            : 2.0.2.0
Detection          : Scareware:Win32/NonBeneficialOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %programw6432%\reimage\reimage repair\reimagereminder.exe
                Scheduled Task - C:\WINDOWS\System32\Tasks\Reimage Reminder
 
kQwPA7Cm.dll
Status             : Cancelled
Object             : %programfiles%\mediaserchie\kqwpa7cm.dll
MD5                : 8141718E6EE37E57ED16AAE02E04277A
Publisher          : -
Size               : 535064
Version            : -
Detection          : 
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\mediaserchie\kqwpa7cm.dll
                Registry Entry - HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions\{17FE002F-FCF8-4B85-BEA7-5E551B7D4010}\ClsidExtension = C:\Program Files (x86)\MediaSerchIE\kQwPA7Cm.dll
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 79
Reported as safe      : 0
Failed                : 0


#7 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 09:31 AM

adwcleaner log

 

# AdwCleaner v6.047 - Logfile created 05/07/2017 at 07:26:04
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-04.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Aayan - AAYAN-PC
# Running from : C:\Users\Aayan\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: ReimageRealTimeProtector
[-] Service deleted: SMUpd
[-] Service deleted: SMUpdd
[-] Service deleted: MaskitService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Aayan\AppData\Roaming\Amigo
[-] Folder deleted: C:\Users\Aayan\AppData\Roaming\MailRu
[-] Folder deleted: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
[#] Folder deleted on reboot: C:\Program Files\Common Files\Noobzo
[-] Folder deleted: C:\ProgramData\WindowsVideoErrorReporting
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WindowsVideoErrorReporting
[-] Folder deleted: C:\Program Files (x86)\Maskit
[#] Folder deleted on reboot: C:\Program Files (x86)\AVBoost
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File deleted: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] File deleted: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[#] File deleted: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MAIL.RU.LNK
[-] File deleted: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BrowserAir.lnk
[-] File deleted: C:\Users\Aayan\Desktop\BrowserAir.lnk
[-] File deleted: C:\WINDOWS\SysNative\bi3.exe
[-] File deleted: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[-] File deleted: C:\WINDOWS\rsrcs.dll
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[!] Shortcut not deleted: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: IBUpd2
[-] Task deleted: MaskitAutorun
[-] Task deleted: Microsoft\Windows\Multimedia\Manager
[-] Task deleted: Microsoft\Windows\Windows Error Reporting\VideErroroReporting
 
 
***** [ Registry ] *****
 
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\reimagerealtimeprotector
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\smupd
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\smupdd
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\Installer
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\Mobogenie3
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\Mail.Ru
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\Amigo
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\MICROSOFT\wewewe
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\VideoBox
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\YeaDesktop
[-] Key deleted: HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\Mobogenie3
[#] Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Key deleted on reboot: HKCU\Software\Mail.Ru
[#] Key deleted on reboot: HKCU\Software\Amigo
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKCU\Software\VideoBox
[#] Key deleted on reboot: HKCU\Software\YeaDesktop
[-] Key deleted: HKLM\SOFTWARE\BrowserAir
[-] Key deleted: HKLM\SOFTWARE\SearchModule
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\Mobogenie3
[#] Key deleted on reboot: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Key deleted on reboot: [x64] HKCU\Software\Mail.Ru
[#] Key deleted on reboot: [x64] HKCU\Software\Amigo
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: [x64] HKCU\Software\VideoBox
[#] Key deleted on reboot: [x64] HKCU\Software\YeaDesktop
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\DMunversion
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gplyra
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gplyra]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key deleted: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserairExec.exe
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\BrowserairExec.exe
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [YeaDesktop.exe]
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: "keyword.URL" -  "hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h74zamobl7428xn"
[-] [C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jlcgehabolcakkjhgmgpkagpolbjlhfa
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [7478 Bytes] - [05/07/2017 07:26:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [7243 Bytes] - [05/07/2017 07:25:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7624 Bytes] ##########


#8 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 09:36 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2017
Ran by Aayan (05-07-2017 07:33:50)
Running from C:\Users\Aayan\Downloads
Windows 10 Pro Version 1703 (X64) (2017-05-24 07:23:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Aayan (S-1-5-21-1987830725-3782434280-15376247-1000 - Administrator - Enabled) => C:\Users\Aayan
Administrator (S-1-5-21-1987830725-3782434280-15376247-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1987830725-3782434280-15376247-503 - Limited - Disabled)
Guest (S-1-5-21-1987830725-3782434280-15376247-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
CSGO WaRzOnE Launcher (HKLM-x32\...\{FF04C93C-3EF1-4F59-B94F-720D9BA84B88}) (Version: 1.0 - Warzone) Hidden
CSGO WaRzOnE Launcher (HKLM-x32\...\CSGO WaRzOnE Launcher 1.0) (Version: 1.0 - Warzone)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
kceidjgdigbhildogdafgekneemgibfe (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\kceidjgdigbhildogdafgekneemgibfe) (Version:  - ) <==== ATTENTION
Maskit (HKLM-x32\...\{2EBC22A2-B875-456D-B63E-6023C99A32C1}_is1) (Version: 1.0.0.0 - Star Line)
Microsoft OneDrive (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Oracle VM VirtualBox 5.1.22 (HKLM\...\{8D5E4D4D-5E0C-4448-B018-5DDEF1E208D9}) (Version: 5.1.22 - Oracle Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
Super Mario Bros. (HKLM-x32\...\Super Mario Bros._is1) (Version:  - GameFabrique)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
TSearch (HKLM-x32\...\6E727987-C8EA-44DA-8749-310C0FBE3C3E) (Version: 2.0.0.267 - Company Inc.) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-1987830725-3782434280-15376247-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
WinRAR 5.50 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.3 - win.rar GmbH)
Wondershare Filmora(Build 8.2.5) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1987830725-3782434280-15376247-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-05] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-05-23] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-05] ()
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-05-23] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {CB7864C1-8867-4357-BDCB-4A2F3D8EC9A8} - \Reimage Reminder -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-21 06:01 - 2017-06-21 06:05 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 06:01 - 2017-06-21 06:05 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 06:01 - 2017-06-21 06:10 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 06:01 - 2017-06-21 06:05 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-02 03:46 - 2017-06-22 20:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-02 03:46 - 2017-06-22 20:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 14:03 - 2017-06-21 13:25 - 00001146 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1987830725-3782434280-15376247-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Aayan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{ef244cba-fea9-4e22-ae0e-def04f1ecf69}.jpg
DNS Servers: 39.39.39.39 - 182.176.100.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{41461FD1-11BC-4933-8B55-A337696C924D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{52FC00C4-D951-4DD5-B26F-EE4A9C7294EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3D9EF437-94D5-42A1-81E0-D7351FC17628}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{12684F2A-62D0-4048-A327-811558F8C89C}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{481DC7CB-AC8D-412D-BBAF-6303667D58FC}C:\users\aayan\desktop\secondlifeviewer\slvoice.exe] => (Allow) C:\users\aayan\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{1491D13C-FFE8-4E1E-BB9F-E1CB2D23E69A}C:\users\aayan\desktop\secondlifeviewer\slvoice.exe] => (Allow) C:\users\aayan\desktop\secondlifeviewer\slvoice.exe
FirewallRules: [{16F24938-D33B-4CBE-912B-5A93CFF71D30}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{6B967188-8AAE-48EB-812B-2C21B019721D}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{C49BC8A5-1271-4F6F-8EFF-7FE6FD265202}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{5265F45E-95E9-4AD4-9D73-C63E55424B6A}] => (Allow) C:\Games\Counter Strike Global Offensive Warzone\csgo_launcher.exe
FirewallRules: [TCP Query User{92DC732E-C23C-4E55-BF4D-CF78EF84534C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D0B5F029-BCDF-45FB-BE31-335C74924E0C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4A6E7135-CDAF-427C-8247-45E23749B374}] => (Allow) C:\Users\Aayan\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{1FCC203C-8928-4C6F-A0C7-706D5E0AFC39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{73CE233C-7484-44A4-AA08-58737633D1C1}] => (Allow) C:\Users\Aayan\AppData\Local\BrowserAir\Application\BrowserairExec.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/05/2017 07:26:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Aayan-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 07:26:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Aayan-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 07:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: Mso20Imm.dll, version: 16.0.8201.1018, time stamp: 0x594164ff
Exception code: 0x0071d20c
Fault offset: 0x0000000000145363
Faulting process id: 0x1c38
Faulting application start time: 0x01d2f59aae94627b
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Mso20Imm.dll
Report Id: 4decc5a2-2acf-4077-86ec-54f98b3623ac
Faulting package full name: microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: microsoft.windowslive.mail
 
Error: (07/05/2017 07:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.8241.4112, time stamp: 0x5953236c
Faulting module name: Mso20Imm.dll, version: 16.0.8201.1018, time stamp: 0x594164ff
Exception code: 0x0071d20c
Fault offset: 0x0000000000145363
Faulting process id: 0x277c
Faulting application start time: 0x01d2f59aae927a05
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Mso20Imm.dll
Report Id: 7ec38c64-9ddf-4899-82ed-4e7f9bf16f06
Faulting package full name: microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/05/2017 07:26:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)
 
Error: (07/05/2017 07:26:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)
 
Error: (07/05/2017 07:26:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)
 
Error: (07/05/2017 07:26:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/05/2017 07:26:25 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application
 
Details:
(HRESULT : 0x8e5e0408) (0x8e5e0408)
 
Error: (07/05/2017 07:26:25 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (9272) Windows: Error -1032 (0xfffffbf8) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.
 
 
System errors:
=============
Error: (07/05/2017 07:31:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 07:26:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 07:26:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 07:26:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/05/2017 07:26:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.
 
Error: (07/05/2017 07:26:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (07/05/2017 07:26:52 AM) (Source: Application Popup) (EventID: 876) (User: )
Description: Accelerometer.sys
 
Error: (07/05/2017 07:26:33 AM) (Source: DCOM) (EventID: 10005) (User: Aayan-PC)
Description: DCOM got error "1115" attempting to start the service tiledatamodelsvc with arguments "Unavailable" in order to run the server:
{4B6C85F1-A6D9-433A-9789-89EA153626ED}
 
Error: (07/05/2017 07:26:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/05/2017 07:26:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
The process cannot access the file because it is being used by another process.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-02 02:58:55.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-02 02:37:18.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-02 02:36:43.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-02 02:36:42.984
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-27 08:13:41.360
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-27 08:13:41.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:37:42.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:37:04.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:37:03.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-22 03:30:04.419
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 32%
Total physical RAM: 8057.44 MB
Available physical RAM: 5477.87 MB
Total Virtual: 8569.44 MB
Available Virtual: 5853.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.7 GB) (Free:16.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 1017AC84)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#9 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 09:38 AM

the `app with the random letters name still is not deleting



#10 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 09:49 AM

t search and maskit are still here too



#11 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 10:09 AM

virus now shows weird russian ads on chrome and mozzila which are unclosable even with task manager



#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,766 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:52 AM

Posted 05 July 2017 - 12:42 PM

You did not post the FRST.txt log. Please, post it for my perusal.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#13 aayanpk

aayanpk
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 05 July 2017 - 01:07 PM

i did



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 07 July 2017 - 11:11 AM

Hi aayanpk :)

Vali is currently away and he asked me to step in so you don't have to wait during your clean-up.

In reference to this post:

https://www.bleepingcomputer.com/forums/t/650807/my-laptop-keeps-downloading-viruses/#entry4276962

Only the Addition.txt content have been copy/pasted, so I'll need the FRST.txt as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 11 July 2017 - 07:35 AM

Hi aayanpk,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users