Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

go.deliverymodo adware


  • Please log in to reply
11 replies to this topic

#1 lohisir

lohisir

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 02 August 2017 - 12:15 PM

My computer is infected with an adware. On certain websites, a new tabs opens with <go.deliverymodo.***> which then re-directs to other websites. I'm using google chrome. I have tried running adware removing software and deleted extensions from google chrome but to no avail. I've now added a adblocker but its a temporary solution.

 

Some of the websites on which I was consistently facing trouble were: indianexpress.com and livemint.com. 

 

I searched for this adware on this forum but there wasn't a complete solution. I am digitally handicapped and will be very grateful for your help! Also, thanks for taking out the time to respond to my query! 

 

Farbar FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by HP (administrator) on SIRSIKAR (02-08-2017 22:05:51)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\ChgService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Idea Net Setter\OnlineUpdate\ouc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
() C:\Program Files (x86)\Airtel 4G\Driver\LaunchAssistant.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Airtel 4G] => C:\Program Files (x86)\Airtel 4G\Driver\LaunchAssistant.exe [311296 2015-06-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\Run: [Dropbox Update] => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\MountPoints2: G - "G:\AutoRun.exe" 
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\MountPoints2: {61c31946-2d19-11e7-beae-1458d00cfb72} - "G:\.\Airtel_4G.exe" 
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\MountPoints2: {aa71254c-ebe4-11e4-be7b-1458d00cfb72} - "G:\AutoRun.exe" 
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\MountPoints2: {aa712796-ebe4-11e4-be7b-1458d00cfb72} - "G:\AutoRun.exe" 
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\MountPoints2: {d26640f2-8143-11e6-bea2-1458d00cfb72} - "G:\AutoRun.exe" 
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-04-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 87.117.234.36 8.8.8.8
Tcpip\..\Interfaces\{5C299C5A-2069-447D-918E-8958E8279054}: [DhcpNameServer] 87.117.234.36 8.8.8.8
Tcpip\..\Interfaces\{964C5674-1127-456F-86FD-B5914C86D2FC}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2014-02-08] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: (Symantec Vulnerability Protection) - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014-10-14] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-832398117-1466902750-3213826024-1001: SkypePlugin -> C:\Users\HP\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-832398117-1466902750-3213826024-1001: SkypePlugin64 -> C:\Users\HP\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-08-02]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02]
CHR Extension: (AdBlock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-02]
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2015-04-22] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S2 Idea Net Setter. RunOuc; C:\Program Files (x86)\Idea Net Setter\UpdateDog\ouc.exe [218624 2015-05-10] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2014-02-08] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2014-02-08] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2014-02-08] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20170724.001\BHDrvx64.sys [1862784 2017-07-05] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2014-02-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-07-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-07-10] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20170801.011\IDSvia64.sys [1012864 2017-05-29] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 mmx_cmnxnet; C:\Windows\system32\DRIVERS\mmx_cmnxnet.sys [161792 2015-04-22] (Wireless Data Device)
S3 mmx_cmnxusbser; C:\Windows\system32\DRIVERS\mmx_cmnxusbser.sys [126208 2015-04-22] (Wireless Data Device)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20170802.002\ENG64.SYS [138880 2017-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20170802.002\EX64.SYS [2152064 2017-05-25] (Symantec Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-12] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2014-02-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2014-02-08] (Symantec Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2014-02-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2014-02-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2014-02-08] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SymELAM.sys [23568 2014-02-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2014-02-08] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2014-02-08] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-10-14] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [89896 2014-02-08] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-02 22:05 - 2017-08-02 22:06 - 000014462 _____ C:\Users\HP\Desktop\FRST.txt
2017-08-02 22:05 - 2017-08-02 22:05 - 000000000 ____D C:\FRST
2017-08-02 22:00 - 2017-08-02 22:00 - 002381312 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2017-08-02 21:30 - 2017-08-02 21:30 - 000154376 _____ C:\Windows\ntbtlog.txt
2017-08-02 18:29 - 2017-08-02 18:29 - 000000000 ____D C:\Users\HP\AppData\Roaming\Google
2017-08-02 16:48 - 2017-08-02 16:48 - 000001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-08-02 16:48 - 2017-08-02 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-08-02 16:46 - 2017-08-02 16:48 - 000000000 ____D C:\Program Files\iTunes
2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\Program Files\iPod
2017-08-02 14:37 - 2017-08-02 14:37 - 008185288 _____ (Malwarebytes) C:\Users\HP\Downloads\adwcleaner_7.0.1.0.exe
2017-07-28 07:21 - 2017-08-02 14:41 - 000000000 ____D C:\AdwCleaner
2017-07-28 07:20 - 2017-07-28 07:21 - 008162248 _____ (Malwarebytes) C:\Users\HP\Downloads\adwcleaner_7.0.0.0.exe
2017-07-21 00:31 - 2017-07-21 00:31 - 000146240 _____ C:\Users\HP\Downloads\Redline - WG Engagement Letter.pdf
2017-07-21 00:22 - 2017-07-21 00:22 - 000106557 _____ C:\Users\HP\Downloads\Team Profile.pdf
2017-07-20 00:28 - 2017-07-20 00:28 - 000500633 _____ C:\Users\HP\Downloads\Baxter Award Winner_Respondent.pdf
2017-07-13 21:24 - 2017-07-13 21:24 - 000000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-11 17:48 - 2017-07-11 17:48 - 001677790 _____ C:\Users\HP\Downloads\CM-0003-2012.pdf
2017-07-10 22:17 - 2017-07-10 22:17 - 000380151 _____ C:\Users\HP\Downloads\105741053-20170701.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-02 21:48 - 2012-07-26 12:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-02 21:17 - 2015-06-22 20:13 - 000000924 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-832398117-1466902750-3213826024-1001UA.job
2017-08-02 20:17 - 2015-06-22 20:13 - 000000872 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-832398117-1466902750-3213826024-1001Core.job
2017-07-29 02:47 - 2012-07-26 10:56 - 000000167 _____ C:\Windows\win.ini
2017-07-28 07:29 - 2012-07-26 10:56 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-07-28 07:09 - 2012-07-26 10:56 - 000262144 ___SH C:\Windows\system32\config\ELAM
2017-07-22 03:30 - 2012-07-26 11:07 - 000000000 ____D C:\Windows\Inf
2017-07-13 21:24 - 2015-03-28 22:07 - 000000000 ____D C:\Users\HP\AppData\Roaming\Dropbox
2017-07-13 20:45 - 2015-12-29 10:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-13 20:41 - 2014-10-14 10:12 - 000000000 ____D C:\Users\HP\AppData\Roaming\vlc
2017-07-12 21:19 - 2014-11-19 21:32 - 000000000 ____D C:\Windows\system32\MRT
2017-07-12 21:15 - 2014-11-19 21:32 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-07 15:30 - 2012-07-26 13:42 - 000000000 ____D C:\Windows\AUInstallAgent
2017-07-07 15:27 - 2012-07-26 13:42 - 000000000 ___HD C:\Program Files\WindowsApps
 
Some files in TEMP:
====================
2015-12-20 20:56 - 2015-12-20 20:56 - 000071168 _____ () C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsosyll.dll
2017-05-01 11:35 - 2015-07-07 15:54 - 004102944 ____R () C:\Users\HP\AppData\Local\Temp\InstallRes.exe
2017-05-01 11:35 - 2015-07-07 15:54 - 013985636 ____R () C:\Users\HP\AppData\Local\Temp\Modem_installation.exe
2014-12-06 12:29 - 2014-12-06 12:29 - 000559000 _____ (Ask Partner Network) C:\Users\HP\AppData\Local\Temp\uttEC05.tmp.exe
2016-06-14 00:21 - 2016-07-23 22:19 - 030533688 _____ () C:\Users\HP\AppData\Local\Temp\vlc-2.2.4-win32.exe
2017-06-19 03:27 - 2017-06-19 03:27 - 030950664 _____ () C:\Users\HP\AppData\Local\Temp\vlc-2.2.6-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-27 20:41
 
==================== End of FRST.txt ============================
 
Farbar Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by HP (02-08-2017 22:07:18)
Running from C:\Users\HP\Desktop
Windows 8 Pro (X64) (2014-10-14 03:53:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-832398117-1466902750-3213826024-500 - Administrator - Disabled)
Guest (S-1-5-21-832398117-1466902750-3213826024-501 - Limited - Disabled)
HP (S-1-5-21-832398117-1466902750-3213826024-1001 - Administrator - Enabled) => C:\Users\HP
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Airtel 4G (HKLM-x32\...\Airtel 4G 03.200515.444L) (Version: 03.200515.444L - )
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dropbox (HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
Idea Net Setter (HKLM-x32\...\Idea Net Setter) (Version: 21.005.11.00.356 - Huawei Technologies Co.,Ltd)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{1FA35853-3EBA-449C-8D52-E925CECC2352}) (Version: 7.9.0.56 - Skype Technologies S.A.)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
VitalSource Bookshelf (HKLM-x32\...\{d25e882e-ebb7-4f14-b756-5fb52fe1d833}) (Version: 7.2.0003 - Ingram Content Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vodafone Mobile Connect (HKLM-x32\...\Vodafone Mobile Connect) (Version: 22.001.27.00.210 - Huawei Technologies Co.,Ltd)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{3AD65835-62CE-4DBD-95A9-9C52E04F5045}\InprocServer32 -> C:\Users\HP\AppData\Local\SkypePlugin\7.9.0.56\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{A0D3F860-9D1C-4FEB-9E6C-E23084D15756}\localserver32 -> C:\Users\HP\AppData\Local\SkypePlugin\7.9.0.56\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\HP\AppData\Local\SkypePlugin\7.9.0.56\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832398117-1466902750-3213826024-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\vpshell2.dll [2014-02-08] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\vpshell2.dll [2014-02-08] (Symantec Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-08-14] (Intel Corporation)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\vpshell2.dll [2014-02-08] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers1_S-1-5-21-832398117-1466902750-3213826024-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-832398117-1466902750-3213826024-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-832398117-1466902750-3213826024-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03B7CB10-B649-422F-A669-9D4B426A9401} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-12] (Synaptics Incorporated)
Task: {11B99A84-F660-49CC-B8BD-7750E7C64749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1761F71A-1E61-4B84-8312-F3FADE4C937C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {32527882-F87F-49AC-B611-4942605D8CCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5297E2A1-EE15-4C25-A6B5-AA52AD49BF86} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {BE6F1FFA-D58E-48B4-8732-53327FB3526C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-832398117-1466902750-3213826024-1001UA => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {F849BAF8-1D53-4DBF-BCB5-B299BF4169F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {FFC698B6-498E-405F-93DF-71FD0623AD00} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-832398117-1466902750-3213826024-1001Core => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-832398117-1466902750-3213826024-1001Core.job => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-832398117-1466902750-3213826024-1001UA.job => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-14 09:58 - 2011-05-28 22:05 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-01 12:15 - 2015-04-22 08:13 - 000135168 _____ () C:\Windows\SysWOW64\ChgService.exe
2017-06-29 00:32 - 2017-06-23 08:51 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-29 00:32 - 2017-06-23 08:51 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2014-08-14 00:23 - 2014-08-14 00:23 - 013199432 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll
2010-11-16 19:08 - 2010-11-16 19:08 - 000339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-05-10 20:13 - 2015-05-10 20:14 - 000218624 _____ () C:\ProgramData\Idea Net Setter\OnlineUpdate\ouc.exe
2016-09-23 09:53 - 2015-09-23 07:36 - 000242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-06-08 11:26 - 2015-06-08 11:26 - 000311296 _____ () C:\Program Files (x86)\Airtel 4G\Driver\LaunchAssistant.exe
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2015-05-10 20:14 - 2015-05-10 20:13 - 000011362 _____ () C:\ProgramData\Idea Net Setter\OnlineUpdate\mingwm10.dll
2015-05-10 20:14 - 2015-05-10 20:13 - 000043008 _____ () C:\ProgramData\Idea Net Setter\OnlineUpdate\libgcc_s_dw2-1.dll
2015-05-10 20:14 - 2015-05-10 20:13 - 002415104 _____ () C:\ProgramData\Idea Net Setter\OnlineUpdate\QtCore4.dll
2015-05-10 20:14 - 2015-05-10 20:13 - 001148416 _____ () C:\ProgramData\Idea Net Setter\OnlineUpdate\QtNetwork4.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 10:56 - 2012-07-26 10:56 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg
DNS Servers: 87.117.234.36 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-832398117-1466902750-3213826024-1001\...\StartupApproved\Run: => "Dropbox Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{96BA908A-003D-4B12-A21E-21618CC8C3B2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{618A7655-CE1E-4760-A6C7-F9BD219E2409}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{A701F9A7-7A23-4DC5-A3B3-F46AF74F1AD8}] => (Allow) C:\Windows\system32\calc.exe
FirewallRules: [{02F75B44-5641-4D6C-A6CD-1CE40EA931F6}] => (Allow) C:\Windows\system32\calc.exe
FirewallRules: [{69612BD5-4E5D-430C-9E97-25FE7EBB8FAA}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACCEB1AF-0426-4109-B010-0815B8F31B74}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D9CE070-3FD5-4B66-9459-1B35E2312B04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
12-07-2017 21:12:35 Windows Update
20-07-2017 23:36:48 Scheduled Checkpoint
29-07-2017 02:46:40 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/02/2017 09:52:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/02/2017 09:52:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (08/02/2017 06:19:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/02/2017 04:28:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/02/2017 04:28:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (08/02/2017 02:10:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/02/2017 02:10:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
 
Error: (08/01/2017 02:11:29 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/01/2017 02:11:24 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/31/2017 03:34:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6812
 
 
System errors:
=============
Error: (08/02/2017 09:49:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Idea Net Setter. OUC service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/02/2017 09:49:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Idea Net Setter. OUC service to connect.
 
Error: (08/02/2017 09:47:32 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/02/2017 09:43:21 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/02/2017 09:43:15 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/02/2017 09:43:02 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/02/2017 09:42:56 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/02/2017 09:42:50 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/02/2017 09:42:45 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/02/2017 09:42:40 PM) (Source: DCOM) (EventID: 10005) (User: SIRSIKAR)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 45%
Total physical RAM: 4032.29 MB
Available physical RAM: 2178.27 MB
Total Virtual: 4928.29 MB
Available Virtual: 2919.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.31 GB) (Free:38.1 GB) NTFS
Drive d: () (Fixed) (Total:170.9 GB) (Free:110.18 GB) NTFS
Drive e: () (Fixed) (Total:197.21 GB) (Free:193.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D86CD8FD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=170.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=197.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 04 August 2017 - 07:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 87.117.234.36 8.8.8.8
Tcpip\..\Interfaces\{5C299C5A-2069-447D-918E-8958E8279054}: [DhcpNameServer] 87.117.234.36 8.8.8.8
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-02]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

How is the computer running now?

#3 lohisir

lohisir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 04 August 2017 - 05:07 PM

Thanks for taking out the time to analyse and respond, nasdaq. I will run this code tomorrow and get back to you.



#4 lohisir

lohisir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 August 2017 - 09:17 AM

Dear nasdaq,

 

If you ever have legal trouble in India (which you hopefully never will), hit me up! Unfortunately, deliverymodo is still there! The fixlog is below:

 

Fixlog Start

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017

Ran by HP (06-08-2017 19:36:56) Run:1
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Tcpip\Parameters: [DhcpNameServer] 87.117.234.36 8.8.8.8
Tcpip\..\Interfaces\{5C299C5A-2069-447D-918E-8958E8279054}: [DhcpNameServer] 87.117.234.36 8.8.8.8
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-02]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C299C5A-2069-447D-918E-8958E8279054}\\DhcpNameServer => value removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-02] => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d08e:3e24:7649:e4f2%12
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:80b:1176:3f57:fffd
   Link-local IPv6 Address . . . . . : fe80::80b:1176:3f57:fffd%16
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.domain.name:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : domain.name
   Link-local IPv6 Address . . . . . : fe80::d08e:3e24:7649:e4f2%12
   IPv4 Address. . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:80b:1176:3f57:fffd
   Link-local IPv6 Address . . . . . : fe80::80b:1176:3f57:fffd%16
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.domain.name:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{339AB4C8-AB50-4345-AAA1-7A876B9961DC} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13846417 B
Java, Flash, Steam htmlcache => 999 B
Windows/system/drivers => 284828428 B
Edge => 0 B
Chrome => 418878309 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 19183680 B
NetworkService => 0 B
HP => 332430319 B
 
RecycleBin => 7209983309 B
EmptyTemp: => 7.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:40:58 ====

Edited by lohisir, 06 August 2017 - 09:19 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 06 August 2017 - 01:23 PM

Hi.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

If you have reset the Chrome browser and the problem persists let me know if you are syncing Chrome with your other applications.

#6 lohisir

lohisir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 August 2017 - 02:11 PM

Hi nasdaq, I'm not sure what "syncing Chrome" means. I will try the rest and report back.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 07 August 2017 - 07:10 AM



I'm not sure what "syncing Chrome" means. I will try the rest and report back.



If you have a Tablet and or a phone does the Bookmarks and Passwords change in these Androids if you add a Bookmark or change a Password in Chrome?

===

If nothing is found in the RogueKiller log it may be that you Router is compromised.

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Restart the computer and let me know if the problem persists.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 13 August 2017 - 08:12 AM

Are you still with me?

#9 lohisir

lohisir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 August 2017 - 11:13 AM

Hi nasdaq, sorry for going incommunicado. I had a lot of work pressure the last few days and then had to travel for work. Thanks for your patience! :)

 

I tried Rogue Killer and restarted the computer but my laptop is still infected. I'm not at home right now so I cannot reset my router - but I suppose if I still have the problem away from my router then its probably not a router issue. I'll report back on 21 August once I'm back home.

 

On whether my chrome is synced with other applications: I'll check my office computer when I'm back on 21 August and report back. I'm not sure if this is helpful, but my android phone doesn't have this issue.

 

Rogue Killer Text Below:

 

RogueKiller V12.11.9.0 (x64) [Aug  3 2017] (Free) by Adlice Software
 
Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : HP [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/18/2017 20:18:22 (Duration : 01:05:10)
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] ouc.exe(2088) -- C:\ProgramData\Idea Net Setter\OnlineUpdate\ouc.exe[-] -> Found
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] cea5b8f2bcebeb57b2483e426247ee2f
[BSP] 6366d6dad3c8e7d8d2dda37dcf2a4b3d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 99650 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 175000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 563202048 | Size: 201938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 18 August 2017 - 01:21 PM

Hi,

If the redirects are in chrome only I suggest the removal.

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
https://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

Will wait for your answer on or after the 21st of August.

p.s.
I would also fix these 2 entries reported by the RogueKiller.
 

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found



#11 lohisir

lohisir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 27 August 2017 - 01:27 PM

Hi nasdaq,

 

I went to my dashboard and its showing an error against sync data and I can't see any options mentioned in the guide linked by you. Please let me know if I can remove google chrom without removing sync data without issues.

 

There was something strange I had noticed a while ago, when I had gone to chrome settings to make some changes linked to this malware, the default user name that was present was not mine or anyone who would have used my computer. Is this something I should have reported earlier? 

 

Thanks,

 

L



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 28 August 2017 - 09:17 AM



Hi,

my dashboard and its showing an error against sync data and I can't see any options mentioned

Do you have any difficulties syncing information from other computer etc..

Are you Sign in to Chrome?

https://support.google.com/chrome/answer/185277?co=GENIE.Platform%3DDesktop&hl=en

p.s.
What is your current Chrome profile and what is the other unknown name?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users