[Dave_83]

My laptop has few issues, unable to figure out if is a virus or malware creating this issue. When i try to browse i cannot, instead i get this below when i go for google.com:

function httpGetAsync(theUrl, callback) { var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback(xmlHttp.responseText); } xmlHttp.open("GET", theUrl, true); // true for asynchronous xmlHttp.send(null); } document.onclick = function() { window.open("http://creativesrv.c...513&cb=INSER...") document.onclick = null; httpGetAsync("http://sstatic1.hist...gif?3685753", null); }

I have connected to internet via WiFi, and till yesterday i could update Malwarebytes but now i cannot update it. So the internet am unable to connect it. Could i please get help on this? Much appreciated....

Laptop configuration:
• Intel Core i3 - 4010U 1.70 Ghz
• Memory 4 GB
• Windows 8.1 Pro 64bit operating system

[Advertisements]

 

 

 

Copy the next line:

 

"C:\Program Files\Internet Explorer\iexplore"  -extoff  http://www.bleepingcomputer.com/download/adwcleaner/

 

Open an elevated command prompt as explained in:

 

http://www.eightforu...indows-8-a.html

 

(An elevated command prompt will have C:\windows\system32> as the prompt.  If not you did it wrong.)

 

Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter if IE does not open.

 

This should open IE with extensions disabled and point it at bleepingcomputer.com where you have the opportunity to download AdwCleaner.

 

Click on the Green button that says Download Now@BleepingComputer

 

It should come up and ask you if you want to Run or SAVE adwcleaner.exe

Tell it SAVE

 

Once it saves, Click on Open Folder, then right click on the file you downloaded and Run as administrator.

 

Once it runs click on Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

Leave IE open and on the bleepingcomputer page where you downloaded AdwCleaner there should be a Search Downloads box.

 

Type:

frst

and hit Enter.  The page that comes up will have

 

 

Farbar Recovery Scan Tool

 

Click on that and then 

Download Now 64 bit button (if you have 64 bit Windows)

Download Now 32 bit button (if you have 32 bit windows)

 

If you don't know get them both (only one will work so try them both).

Save

Open Folder then 

right click and Run as administrator

 

 

•  

 

 

Right click to run as administrator - Open File). When the tool opens click Yes to disclaimer. 

Check the Addition.txt box

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[RKinner]

 

 

 

Copy the next line:

 

"C:\Program Files\Internet Explorer\iexplore"  -extoff  http://www.bleepingcomputer.com/download/adwcleaner/

 

Open an elevated command prompt as explained in:

 

http://www.eightforu...indows-8-a.html

 

(An elevated command prompt will have C:\windows\system32> as the prompt.  If not you did it wrong.)

 

Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter if IE does not open.

 

This should open IE with extensions disabled and point it at bleepingcomputer.com where you have the opportunity to download AdwCleaner.

 

Click on the Green button that says Download Now@BleepingComputer

 

It should come up and ask you if you want to Run or SAVE adwcleaner.exe

Tell it SAVE

 

Once it saves, Click on Open Folder, then right click on the file you downloaded and Run as administrator.

 

Once it runs click on Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

Leave IE open and on the bleepingcomputer page where you downloaded AdwCleaner there should be a Search Downloads box.

 

Type:

frst

and hit Enter.  The page that comes up will have

 

 

Farbar Recovery Scan Tool

 

Click on that and then 

Download Now 64 bit button (if you have 64 bit Windows)

Download Now 32 bit button (if you have 32 bit windows)

 

If you don't know get them both (only one will work so try them both).

Save

Open Folder then 

right click and Run as administrator

 

 

•  

 

 

Right click to run as administrator - Open File). When the tool opens click Yes to disclaimer. 

Check the Addition.txt box

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[Dave_83]

Hi there,

 

Thank you for the reply, below is the scan details:

 

AdwCleaner:

 

# AdwCleaner v6.042 - Logfile created 21/01/2017 at 18:55:58
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Local]
# Operating System : Windows 8.1 Pro  (X64)
# Username : VIVEK - MIRA
# Running from : D:\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[-] Service deleted: UCBrowserSvc
[-] Service deleted: ucdrv

***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Youtube AdBlock
[-] Folder deleted: C:\Users\VIVEK\AppData\Local\0C8D0102-1484098505-E411-B2A0-F8A9634D63C1
[-] Folder deleted: C:\Users\VIVEK\AppData\Roaming\Softlink
[-] Folder deleted: C:\Users\VIVEK\AppData\Roaming\WMPNetworkAcSvc
[#] Folder deleted on reboot: C:\Program Files (x86)\Youtube AdBlock
[-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared
[-] Folder deleted: C:\ProgramData\Microsoft\XBLive

***** [ Files ] *****

[-] File deleted: C:\END

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

[-] Task deleted: UCBrowserUpdaterCore

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
[#] Key deleted on reboot: {38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
[#] Key deleted on reboot: {45965C76-4C88-4512-9358-368483E1C3B1}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{176F706B-5175-479C-A3DF-32420F6FB01A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{38BE2BE8-EB8E-41D1-9D94-3B1697094D47}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{53C267B2-B01D-410F-A4DD-A32962EE55F4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8804A543-42D3-4D71-9685-B0243D5526F3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A0F322D5-6A13-4CAB-84CF-FABB5690618E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AC3E336C-B524-47F0-9AA2-5F67AA056086}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F577A1BA-D82D-4BB2-8430-B767285D081D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F6DF4318-A699-4E88-BE1D-84F4A009B08A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{45965C76-4C88-4512-9358-368483E1C3B1}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKU\.DEFAULT\Software\UCBrowser
[-] Key deleted: HKU\.DEFAULT\Software\jhtrsq
[-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Installer
[-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\UCBrowser
[-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\UCBrowserPID
[-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\SaFiPlayer
[#] Key deleted on reboot: HKU\S-1-5-18\Software\UCBrowser
[#] Key deleted on reboot: HKU\S-1-5-18\Software\jhtrsq
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\UCBrowser
[#] Key deleted on reboot: HKCU\Software\UCBrowserPID
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\SaFiPlayer
[-] Key deleted: HKLM\SOFTWARE\UCBrowser
[-] Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] Key deleted: HKLM\SOFTWARE\SkypeUpdateEx
[-] Key deleted: HKLM\SOFTWARE\jhtrsq
[-] Key deleted: HKLM\SOFTWARE\WMPNetworkAcSvc
[-] Key deleted: HKLM\SOFTWARE\SaFiPlayer
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\UCBrowser
[#] Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\SaFiPlayer
[-] Key deleted: [x64] HKLM\SOFTWARE\UCBrowser
[-] Key deleted: [x64] HKLM\SOFTWARE\jhtrsq
[-] Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
[-] Value deleted: HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt

***** [ Web browsers ] *****

[-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: torrentz.colorask.com
[-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: trotux

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6671 Bytes] - [21/01/2017 18:55:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [6277 Bytes] - [21/01/2017 18:54:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6817 Bytes] ##########

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by VIVEK (administrator) on MIRA (21-01-2017 18:59:37)
Running from D:\
Loaded Profiles: VIVEK (Available Profiles: VIVEK)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Connectify) C:\Program Files (x86)\Speedify\speedify.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
(Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2892616 2014-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Speedify] => C:\Program Files (x86)\Speedify\SpeedifyUI.exe [2245840 2016-10-21] (Connectify)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3612240 2016-09-01] (Tonec Inc.)
HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKLM\...\Providers\hiyq94fx: C:\Program Files (x86)\Anerrerentkgupy Verfier\local64spl.dll [291328 2017-01-11] ()
ShellExecuteHooks: No Name - {09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} - C:\Users\VIVEK\AppData\Roaming\Lerjsenomick\Merjodom.dll -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{985873CC-8BDA-4A84-8D9A-293D3A8E222A}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{F98FD385-790B-46F3-BB66-DE859A723147}: [DhcpNameServer] 192.168.1.1 0.0.0.0
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\b8Ms02X3.dll => No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> is enabled.

FireFox:
========
FF HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5 [2016-09-01] [not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-04] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-20] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-01]
CHR Extension: (Google Docs) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-01]
CHR Extension: (Google Drive) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-01]
CHR Extension: (YouTube) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
CHR Extension: (Google Sheets) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-01]
CHR Extension: (Gmail) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-26]
CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-20]
CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeGoogle; C:\Program Files (x86)\Google\AdobeGoogle.dll [225280 2017-01-11] () [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-03-01] (Apple Computer, Inc.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-06] (Macrovision Europe Ltd.) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-28] (Ellora Assets Corp.) [File not signed]
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-11-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-04] (Intel Corporation)
R2 Liqoingsuqush; C:\Program Files (x86)\Atezet\sefewardcekochManager.dll [179712 2017-01-11] () [File not signed]
R2 Speedify; C:\Program Files (x86)\Speedify\Speedify.exe [2836536 2016-10-21] (Connectify)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 OtherSearchcaaadbad; rundll32.exe "C:\Program Files (x86)\ca28a028-4454-4670-901a-d399b7a920d61484078674\OtherSearchcaaadbad.dll",soeasy [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2014-09-09] (Qualcomm Atheros Communications, Inc.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-04] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-25] (Realtek Semiconductor Corp.)
U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-21 18:59 - 2017-01-21 18:59 - 00000000 ____D C:\FRST
2017-01-21 18:52 - 2017-01-21 18:55 - 00000000 ____D C:\AdwCleaner
2017-01-20 14:48 - 2017-01-20 14:48 - 00001418 _____ C:\Users\VIVEK\Desktop\Internet Explorer.lnk
2017-01-20 14:27 - 2017-01-20 14:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-20 14:08 - 2017-01-20 14:08 - 00001132 _____ C:\Users\VIVEK\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-19 16:20 - 2017-01-19 16:20 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-01-19 16:17 - 2017-01-19 16:17 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2017-01-19 16:04 - 2017-01-19 16:04 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-01-19 16:04 - 2017-01-19 16:04 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-01-19 16:04 - 2017-01-19 16:04 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-01-19 16:03 - 2017-01-19 16:40 - 00000000 ____D C:\Users\VIVEK\AppData\Local\AvgSetupLog
2017-01-19 16:03 - 2017-01-19 16:03 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Avg
2017-01-19 16:02 - 2017-01-19 20:47 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-01-19 16:02 - 2017-01-19 20:47 - 00002253 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\Documents\Add-in Express
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\AppData\Local\WinZip
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\WinZip
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Program Files (x86)\WinZip
2017-01-19 15:31 - 2017-01-19 15:31 - 00000000 ____D C:\ProgramData\vpconfig
2017-01-19 15:29 - 2017-01-19 15:29 - 00000000 ____D C:\Windows\19
2017-01-11 01:43 - 2017-01-19 20:50 - 00000258 __RSH C:\Users\VIVEK\ntuser.pol
2017-01-11 01:38 - 2017-01-19 16:15 - 00000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2017-01-11 01:38 - 2017-01-11 01:38 - 00003416 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2017-01-11 01:37 - 2017-01-21 18:56 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
2017-01-11 01:37 - 2017-01-11 01:51 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-11 01:37 - 2017-01-11 01:37 - 00000000 ____D C:\Users\VIVEK\AppData\Local\UCBrowser
2017-01-11 01:35 - 2017-01-19 16:35 - 00000000 ____D C:\Program Files (x86)\baidu
2017-01-11 01:35 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Phapergeatjaied
2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Links2
2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Wsotainvuzele
2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Program Files\9YR3RM447X
2017-01-11 01:34 - 2017-01-19 16:40 - 00000000 ____D C:\ProgramData\Avg
2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\Avira
2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 _____ C:\TOSTACK
2017-01-11 01:33 - 2017-01-19 15:41 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-01-11 01:33 - 2017-01-11 01:36 - 00000000 ____D C:\Windows\system32\SSL
2017-01-11 01:33 - 2017-01-11 01:33 - 00000000 ____D C:\Program Files (x86)\Anerrerentkgupy Verfier
2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Lerjsenomick
2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Atezet
2017-01-11 01:32 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Clcughtdupersy
2017-01-11 01:30 - 2017-01-19 20:47 - 00001135 _____ C:\Users\Public\Desktop\Download Folder Lock Cr...lnk
2017-01-11 01:09 - 2017-01-11 01:32 - 00000700 ___SH C:\Users\VIVEK\AppData\Local\systemFL7.dat
2017-01-09 10:53 - 2017-01-09 10:53 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2 (1).pdf
2017-01-07 14:24 - 2017-01-07 14:25 - 07534439 _____ C:\Users\VIVEK\Downloads\15818170_1844685769149300_7059580909132972032_n.mp4
2017-01-07 00:43 - 2017-01-07 00:43 - 02020532 _____ C:\Windows\14013a6da845af9f7006eb5ed4051f1f.exe
2017-01-04 12:22 - 2017-01-04 12:22 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2.pdf
2017-01-01 12:40 - 2017-01-01 12:40 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\PowerISO
2017-01-01 12:35 - 2017-01-06 20:14 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\BitTorrent
2017-01-01 12:24 - 2017-01-11 01:34 - 00000000 ____D C:\Program Files (x86)\MagicISO
2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-12-31 12:36 - 2016-12-31 12:37 - 02654065 _____ C:\Users\VIVEK\Downloads\15679572_1011222398982650_8732101501306011648_n.mp4
2016-12-30 21:42 - 2016-12-30 21:42 - 00214260 _____ C:\Users\VIVEK\Downloads\007.jpg
2016-12-30 19:46 - 2016-12-30 19:50 - 273245399 _____ C:\Users\VIVEK\Downloads\_CommonRedist.zip
2016-12-30 19:27 - 2016-12-30 19:27 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\Temp
2016-12-26 22:14 - 2016-12-26 22:14 - 00046571 _____ C:\Users\VIVEK\Downloads\4_the_amazing_spider_man_2.torrent
2016-12-26 22:14 - 2016-12-26 22:14 - 00002549 _____ C:\Users\VIVEK\Downloads\5_the_amazing_spider_man_2.torrent
2016-12-26 10:23 - 2016-12-26 10:23 - 00037736 _____ C:\Users\VIVEK\Downloads\iceagecollisioncourse2016dvdripxvidac3-evo-english-96524.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-21 19:00 - 2016-10-26 15:17 - 00000000 ____D C:\ProgramData\Speedify
2017-01-21 18:57 - 2016-09-03 00:22 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Skype
2017-01-21 18:57 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\DMCache
2017-01-21 18:56 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 15:38 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2017-01-20 15:16 - 2016-07-23 07:12 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 15:16 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2017-01-20 14:46 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-01-19 21:28 - 2016-07-23 12:13 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\vlc
2017-01-19 20:58 - 2016-07-23 07:13 - 00000000 ____D C:\Users\VIVEK
2017-01-19 20:50 - 2016-11-18 18:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-19 20:48 - 2016-09-19 02:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 20:48 - 2016-09-01 09:34 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-19 20:48 - 2016-08-06 12:11 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2017-01-19 20:48 - 2016-08-06 12:09 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2017-01-19 20:48 - 2016-08-06 12:08 - 00001423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2017-01-19 20:48 - 2016-08-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2017-01-19 20:48 - 2016-08-06 12:06 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2017-01-19 20:48 - 2016-07-24 02:14 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2017-01-19 20:48 - 2016-07-23 07:13 - 00001418 _____ C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-19 20:48 - 2013-08-22 20:15 - 00000000 ____D C:\Windows\Setup
2017-01-19 20:47 - 2016-12-09 23:34 - 00001342 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2017-01-19 20:47 - 2016-09-01 09:34 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-19 20:47 - 2016-07-24 02:14 - 00000722 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2017-01-19 20:47 - 2016-07-23 12:01 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-01-19 20:47 - 2016-07-23 11:57 - 00001116 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2017-01-19 16:36 - 2016-08-02 07:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2017-01-19 16:36 - 2013-08-22 20:14 - 02262920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-19 16:22 - 2016-07-23 07:18 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-377035130-313707484-1373472014-1001
2017-01-19 16:19 - 2013-08-23 00:41 - 00000000 ____D C:\Windows\ShellNew
2017-01-19 16:15 - 2013-08-22 18:55 - 00000167 _____ C:\Windows\win.ini
2017-01-19 15:57 - 2016-09-19 02:06 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ____D C:\ProgramData\Skype
2017-01-11 01:43 - 2016-11-29 10:04 - 00000000 ____D C:\Windows\Minidump
2017-01-11 01:36 - 2016-07-23 12:05 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-01-11 01:36 - 2016-07-23 11:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-11 01:34 - 2016-09-01 10:42 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-01-11 01:34 - 2016-08-11 10:10 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-01-11 01:33 - 2016-07-24 02:10 - 00000000 ____D C:\ProgramData\Intel
2017-01-11 01:33 - 2016-07-23 12:10 - 00000000 ____D C:\ProgramData\AMD
2017-01-11 01:33 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-06 21:00 - 2016-10-12 11:30 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\BitTorrent
2016-12-30 22:58 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Documents
2016-12-29 18:05 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Compressed
2016-12-28 18:53 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\IDM
2016-12-28 15:19 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Video
2016-12-25 15:07 - 2016-09-01 09:31 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-25 15:07 - 2016-09-01 09:31 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-01-11 01:09 - 2017-01-11 01:32 - 0000700 ___SH () C:\Users\VIVEK\AppData\Local\systemFL7.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-04 12:04

==================== End of FRST.txt ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by VIVEK (21-01-2017 19:00:50)
Running from D:\
Windows 8.1 Pro (X64) (2016-07-23 01:42:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-377035130-313707484-1373472014-500 - Administrator - Disabled)
Guest (S-1-5-21-377035130-313707484-1373472014-501 - Limited - Disabled)
VIVEK (S-1-5-21-377035130-313707484-1373472014-1001 - Administrator - Enabled) => C:\Users\VIVEK

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F1D90A17-427A-B2A6-98AF-D7E77DE0143A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
DEVIL MAY CRY 4 (HKLM\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.38.2 - ELAN Microelectronic Corp.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Speedify (HKLM\...\Speedify) (Version: 4.0.7.3356 - Connectify)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1676BD33-BB38-4A1A-8B88-77633C0610C6} - \Anerrerentkgupy Verfier -> No File <==== ATTENTION
Task: {3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {45FE4A7C-4BF4-488D-8E92-E9A2B6617080} - \updengine -> No File <==== ATTENTION
Task: {8F615EEA-D62B-4FFC-B723-3A97052535EE} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
Task: {907D5EB2-19E3-4311-A951-CDE946D616EE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {AD36A761-EC67-4717-AAE3-5D9922EBAF6F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-23] ()
Task: {B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
Task: {D0B7A62A-E741-40F0-9D97-68C391D04C60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
Task: {E89EF429-799D-4C18-A6A5-D596A6F9CE03} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-09] (UCWeb Inc) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 

==================== Loaded Modules (Whitelisted) ==============

2017-01-11 01:32 - 2017-01-11 01:32 - 00179712 _____ () c:\program files (x86)\atezet\sefewardcekochmanager.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 00947768 _____ () C:\Program Files (x86)\Speedify\ffmpeg.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 01801272 _____ () C:\Program Files (x86)\Speedify\libglesv2.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 00089144 _____ () C:\Program Files (x86)\Speedify\libegl.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 04041784 _____ () C:\Program Files (x86)\Speedify\node.dll
2017-01-11 01:35 - 2017-01-11 01:35 - 00225280 ____H () C:\Program Files (x86)\Google\AdobeGoogle.dll
2016-07-24 02:10 - 2013-12-04 02:05 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2017-01-11 01:35 - 00003722 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

There are 55 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-377035130-313707484-1373472014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VIVEK\Desktop\791f94acfeb2a5b48b2b6d11f25e591a.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{18215059-33AE-46AC-8DF9-00FB22502E84}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{78F43857-82E2-4E21-9EEC-FB49B57D07F1}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [TCP Query User{3566C891-BE3F-4AF3-9947-A02E7ACA247B}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
FirewallRules: [UDP Query User{FEF32AA9-C263-480C-853A-6C2A2D5A43F7}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
FirewallRules: [{A58B62AA-6A3B-4CF8-8199-A7222DD08048}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A3C99D04-6008-4CA8-95FF-3AE7AD16349C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{929AF19C-590F-4B13-9206-8FBF9056458C}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8760F7B1-D9BD-4496-9C02-6BC1D452D69E}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{10D3FFCC-395A-4A59-9FFF-74B49EE3E370}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{62A1B8A6-49DD-47F6-9103-32F8EF3BAAC4}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D7799B51-E85A-4CCE-8F7B-8D2A322E27AA}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{720CE350-401D-4E86-8E6D-FEBB0822AE5E}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DA34208E-D21D-46BE-B721-94EDDD9C43E9}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{214109B1-BB58-4404-999E-44A1C633D1FF}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A252C7DD-959B-4D85-B088-1EDC41927D46}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{355AA570-AA2A-4433-B2D0-550E95CE6833}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{48D51658-6931-4575-B65D-C9D17A1EB166}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{91FF1BE6-2DBA-45E6-A15A-DF794896623C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8695061A-8AF6-49CA-9112-A9C09F14B751}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F1DE4C5-606C-4B8A-9D48-43B62F5567ED}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{59576CFA-B6BC-4E5B-8CDB-5B73175BC3B6}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

==================== Restore Points =========================

25-12-2016 18:49:45 Scheduled Checkpoint
02-01-2017 12:55:34 Scheduled Checkpoint
10-01-2017 17:12:36 Scheduled Checkpoint
19-01-2017 16:01:52 Installed WinZip 17.5

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2017 06:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.4.7.0, time stamp: 0x51fd032f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16384, time stamp: 0x5215fa76
Exception code: 0xe0434352
Fault offset: 0x0000000000008384
Faulting process id: 0x64c
Faulting application start time: 0x01d273e9fd8cd6aa
Faulting application path: C:\Windows\AutoKMS\AutoKMS.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 6e72b950-dfdd-11e6-827b-f8a9634d63c1
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2017 06:58:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
Stack:
   at ..(Byte, Byte, .)
   at ..(Byte[])
   at ..(., .)
   at ..(Byte[])
   at ..(Byte[])
   at ..(System.IAsyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.ContextAwareResult.Complete(IntPtr)
   at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (01/21/2017 06:57:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/21/2017 06:57:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/21/2017 06:55:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Exception code: 0xc0000005
Fault offset: 0x001a3c48
Faulting process id: 0x4e8
Faulting application start time: 0x01d273e9e2da5c7e
Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
Report Id: 20ad0bc4-dfdd-11e6-827a-3010b3183547
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2017 06:54:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Exception code: 0xc0000005
Fault offset: 0x001a3c48
Faulting process id: 0x394
Faulting application start time: 0x01d273e9becf5a90
Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
Report Id: fca20a25-dfdc-11e6-827a-3010b3183547
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2017 06:53:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Exception code: 0xc0000005
Fault offset: 0x001a3c48
Faulting process id: 0x6b4
Faulting application start time: 0x01d273e99abadd7f
Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
Report Id: d88ff151-dfdc-11e6-827a-3010b3183547
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2017 06:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Exception code: 0xc0000005
Fault offset: 0x001a3c48
Faulting process id: 0x518
Faulting application start time: 0x01d273e976a660d4
Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
Report Id: b484fbfb-dfdc-11e6-827a-3010b3183547
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2017 06:51:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Exception code: 0xc0000005
Fault offset: 0x001a3c48
Faulting process id: 0x12e0
Faulting application start time: 0x01d273e952a1491a
Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
Report Id: 906cd166-dfdc-11e6-827a-3010b3183547
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2017 06:50:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
Exception code: 0xc0000005
Fault offset: 0x001a3c48
Faulting process id: 0x930
Faulting application start time: 0x01d273e92e96ceb0
Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
Report Id: 6c697e0f-dfdc-11e6-827a-3010b3183547
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (01/21/2017 06:59:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OtherSearchcaaadbad service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/21/2017 06:59:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the OtherSearchcaaadbad service to connect.

Error: (01/21/2017 06:56:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/21/2017 06:56:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (01/21/2017 06:55:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Speedify service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdobeGoogle service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Device Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The UC浏览器基础服务 service terminated unexpectedly.  It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 25%
Total physical RAM: 4024.36 MB
Available physical RAM: 2988.33 MB
Total Virtual: 4920.36 MB
Available Virtual: 3854.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:390.62 GB) (Free:304.04 GB) NTFS
Drive d: (SONY_4GR) (Removable) (Total:3.62 GB) (Free:3.48 GB) FAT32
Drive e: (New Volume) (Fixed) (Total:539.91 GB) (Free:42.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=539.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

[RKinner]

 

Download the attached fixlist.txt to the same location as FRST

 

 

Run FRST and press Fix

A fix log will be generated please post that 

 

 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Are your browsers working OK now?

 

[Dave_83]

Other websites are opening, like Yahoo, Rediff, MSN etc., only Google and Gmail are not opening. Below are the fixlist scan and FRST scan:

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by VIVEK (21-01-2017 21:04:54) Run:1
Running from D:\
Loaded Profiles: VIVEK (Available Profiles: VIVEK)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [Speedify] => C:\Program Files (x86)\Speedify\SpeedifyUI.exe [2245840 2016-10-21] (Connectify)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3612240 2016-09-01] (Tonec Inc.)
HKLM\...\Providers\hiyq94fx: C:\Program Files (x86)\Anerrerentkgupy Verfier\local64spl.dll [291328 2017-01-11] ()
ShellExecuteHooks: No Name - {09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} - C:\Users\VIVEK\AppData\Roaming\Lerjsenomick\Merjodom.dll -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
FF HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5 [2016-09-01] [not signed]
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-20] <==== ATTENTION
CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-28] (Ellora Assets Corp.) [File not signed]
R2 Liqoingsuqush; C:\Program Files (x86)\Atezet\sefewardcekochManager.dll [179712 2017-01-11] () [File not signed]
R2 Speedify; C:\Program Files (x86)\Speedify\Speedify.exe [2836536 2016-10-21] (Connectify)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
S2 OtherSearchcaaadbad; rundll32.exe "C:\Program Files (x86)\ca28a028-4454-4670-901a-d399b7a920d61484078674\OtherSearchcaaadbad.dll",soeasy [X]
U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
2017-01-19 16:17 - 2017-01-19 16:17 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2017-01-11 01:38 - 2017-01-19 16:15 - 00000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2017-01-11 01:38 - 2017-01-11 01:38 - 00003416 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2017-01-11 01:37 - 2017-01-21 18:56 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
2017-01-11 01:37 - 2017-01-11 01:51 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-11 01:37 - 2017-01-11 01:37 - 00000000 ____D C:\Users\VIVEK\AppData\Local\UCBrowser
2017-01-11 01:35 - 2017-01-19 16:35 - 00000000 ____D C:\Program Files (x86)\baidu
2017-01-11 01:35 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Phapergeatjaied
2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Links2
2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Wsotainvuzele
2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Program Files\9YR3RM447X
2017-01-11 01:34 - 2017-01-19 16:40 - 00000000 ____D C:\ProgramData\Avg
2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\Avira
2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 _____ C:\TOSTACK
2017-01-11 01:33 - 2017-01-19 15:41 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-01-11 01:33 - 2017-01-11 01:36 - 00000000 ____D C:\Windows\system32\SSL
2017-01-11 01:33 - 2017-01-11 01:33 - 00000000 ____D C:\Program Files (x86)\Anerrerentkgupy Verfier
2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Lerjsenomick
2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Atezet
2017-01-11 01:32 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Clcughtdupersy
2017-01-11 01:30 - 2017-01-19 20:47 - 00001135 _____ C:\Users\Public\Desktop\Download Folder Lock Cr...lnk
2017-01-07 00:43 - 2017-01-07 00:43 - 02020532 _____ C:\Windows\14013a6da845af9f7006eb5ed4051f1f.exe
Task: {1676BD33-BB38-4A1A-8B88-77633C0610C6} - \Anerrerentkgupy Verfier -> No File <==== ATTENTION
Task: {45FE4A7C-4BF4-488D-8E92-E9A2B6617080} - \updengine -> No File <==== ATTENTION
Task: {8F615EEA-D62B-4FFC-B723-3A97052535EE} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
Task: {907D5EB2-19E3-4311-A951-CDE946D616EE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E89EF429-799D-4C18-A6A5-D596A6F9CE03} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-09] (UCWeb Inc) <==== ATTENTION
Task: {AD36A761-EC67-4717-AAE3-5D9922EBAF6F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-23] ()
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
2017-01-11 01:32 - 2017-01-11 01:32 - 00179712 _____ () c:\program files (x86)\atezet\sefewardcekochmanager.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 00947768 _____ () C:\Program Files (x86)\Speedify\ffmpeg.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 01801272 _____ () C:\Program Files (x86)\Speedify\libglesv2.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 00089144 _____ () C:\Program Files (x86)\Speedify\libegl.dll
2016-10-26 15:17 - 2016-10-21 01:33 - 04041784 _____ () C:\Program Files (x86)\Speedify\node.dll
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]
C:\Program Files (x86)\Atezet
C:\Users\VIVEK\AppData\Local\Clcughtdupersy
C:\Users\VIVEK\AppData\Roaming\Lerjsenomick
C:\Program Files (x86)\Anerrerentkgupy Verfier
C:\Program Files (x86)\UCBrowser
C:\Users\VIVEK\AppData\Local\Wsotainvuzele
C:\Program Files (x86)\Phapergeatjaied
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Speedify => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater => value removed successfully
HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => value removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\hiyq94fx => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order hiyq94fx => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} => value removed successfully
HKCR\CLSID\{09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension => key removed successfully
HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D} => key not found.
HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Mozilla\SeaMonkey\Extensions\\[email protected] => value removed successfully
C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5 => moved successfully
Chrome Session Restore: => removed successfully
C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb => not found
C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb => moved successfully
HKLM\System\CurrentControlSet\Services\FreemakeVideoCapture => key removed successfully
FreemakeVideoCapture => service removed successfully
HKLM\System\CurrentControlSet\Services\Liqoingsuqush => key removed successfully
Liqoingsuqush => service removed successfully
HKLM\System\CurrentControlSet\Services\Speedify => key removed successfully
Speedify => service removed successfully
npf => Unable to stop service.
HKLM\System\CurrentControlSet\Services\npf => key removed successfully
npf => service removed successfully
HKLM\System\CurrentControlSet\Services\OtherSearchcaaadbad => key removed successfully
OtherSearchcaaadbad => service removed successfully
HKLM\System\CurrentControlSet\Services\ucdrv => key removed successfully
ucdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
HKLM\System\CurrentControlSet\Services\NEWDRIVER => key removed successfully
NEWDRIVER => service removed successfully
C:\Windows\SysWOW64\kz.exe => moved successfully
C:\Windows\Tasks\UCBrowserUpdater.job => moved successfully
C:\Windows\System32\Tasks\UCBrowserUpdater => moved successfully
C:\Windows\System32\Tasks\UCBrowserSecureUpdater => moved successfully

"C:\Program Files (x86)\UCBrowser" folder move:

Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

C:\Users\VIVEK\AppData\Local\UCBrowser => moved successfully
C:\Program Files (x86)\baidu => moved successfully
C:\Program Files (x86)\Phapergeatjaied => moved successfully
C:\Users\VIVEK\AppData\Roaming\Links2 => moved successfully
C:\Users\VIVEK\AppData\Local\Wsotainvuzele => moved successfully
C:\Program Files\9YR3RM447X => moved successfully
C:\ProgramData\Avg => moved successfully
C:\ProgramData\Avira => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\TOSTACK => moved successfully
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
C:\Windows\system32\SSL => moved successfully
C:\Program Files (x86)\Anerrerentkgupy Verfier => moved successfully
C:\Users\VIVEK\AppData\Roaming\Lerjsenomick => moved successfully
C:\Program Files (x86)\Atezet => moved successfully
C:\Users\VIVEK\AppData\Local\Clcughtdupersy => moved successfully
C:\Users\Public\Desktop\Download Folder Lock Cr...lnk => moved successfully
C:\Windows\14013a6da845af9f7006eb5ed4051f1f.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1676BD33-BB38-4A1A-8B88-77633C0610C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1676BD33-BB38-4A1A-8B88-77633C0610C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anerrerentkgupy Verfier => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45FE4A7C-4BF4-488D-8E92-E9A2B6617080} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45FE4A7C-4BF4-488D-8E92-E9A2B6617080} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updengine => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8F615EEA-D62B-4FFC-B723-3A97052535EE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F615EEA-D62B-4FFC-B723-3A97052535EE} => key removed successfully
C:\Windows\System32\Tasks\UCBrowserSecureUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{907D5EB2-19E3-4311-A951-CDE946D616EE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{907D5EB2-19E3-4311-A951-CDE946D616EE} => key removed successfully
C:\Windows\System32\Tasks\AVG EUpdate Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E89EF429-799D-4C18-A6A5-D596A6F9CE03} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E89EF429-799D-4C18-A6A5-D596A6F9CE03} => key removed successfully
C:\Windows\System32\Tasks\UCBrowserUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AD36A761-EC67-4717-AAE3-5D9922EBAF6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD36A761-EC67-4717-AAE3-5D9922EBAF6F} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
C:\Windows\Tasks\UCBrowserUpdater.job => not found.
"c:\program files (x86)\atezet\sefewardcekochmanager.dll" => not found.
C:\Program Files (x86)\Speedify\ffmpeg.dll => moved successfully
C:\Program Files (x86)\Speedify\libglesv2.dll => moved successfully
C:\Program Files (x86)\Speedify\libegl.dll => moved successfully
C:\Program Files (x86)\Speedify\node.dll => moved successfully
C:\Windows\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\Windows\system32\drivers => ":x64" ADS removed successfully.
C:\Windows\system32\drivers => ":x86" ADS removed successfully.
"C:\Program Files (x86)\Atezet" => not found.
"C:\Users\VIVEK\AppData\Local\Clcughtdupersy" => not found.
"C:\Users\VIVEK\AppData\Roaming\Lerjsenomick" => not found.
"C:\Program Files (x86)\Anerrerentkgupy Verfier" => not found.

"C:\Program Files (x86)\UCBrowser" folder move:

Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

"C:\Users\VIVEK\AppData\Local\Wsotainvuzele" => not found.
"C:\Program Files (x86)\Phapergeatjaied" => not found.

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-01-2017 21:07:06)

"C:\Program Files (x86)\UCBrowser" => Could not move
"C:\Program Files (x86)\UCBrowser" => Could not move

==== End of Fixlog 21:07:13 ====

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by VIVEK (21-01-2017 21:11:30)
Running from D:\
Windows 8.1 Pro (X64) (2016-07-23 01:42:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-377035130-313707484-1373472014-500 - Administrator - Disabled)
Guest (S-1-5-21-377035130-313707484-1373472014-501 - Limited - Disabled)
VIVEK (S-1-5-21-377035130-313707484-1373472014-1001 - Administrator - Enabled) => C:\Users\VIVEK

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F1D90A17-427A-B2A6-98AF-D7E77DE0143A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
DEVIL MAY CRY 4 (HKLM\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.38.2 - ELAN Microelectronic Corp.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Speedify (HKLM\...\Speedify) (Version: 4.0.7.3356 - Connectify)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {44469CE2-9009-403E-AC91-5075ADC75ABD} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
Task: {86991D16-D398-4FCD-81A0-6F2779374212} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-16] (UCWeb Inc) <==== ATTENTION
Task: {B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
Task: {D0B7A62A-E741-40F0-9D97-68C391D04C60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 

==================== Loaded Modules (Whitelisted) ==============

2017-01-11 01:37 - 2017-01-16 16:53 - 00930704 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2017-01-11 01:35 - 2017-01-11 01:35 - 00225280 ____H () C:\Program Files (x86)\Google\AdobeGoogle.dll
2016-07-24 02:10 - 2013-12-04 02:05 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2017-01-11 01:35 - 00003722 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

There are 55 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-377035130-313707484-1373472014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VIVEK\Desktop\791f94acfeb2a5b48b2b6d11f25e591a.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{18215059-33AE-46AC-8DF9-00FB22502E84}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{78F43857-82E2-4E21-9EEC-FB49B57D07F1}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [TCP Query User{3566C891-BE3F-4AF3-9947-A02E7ACA247B}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
FirewallRules: [UDP Query User{FEF32AA9-C263-480C-853A-6C2A2D5A43F7}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
FirewallRules: [{A58B62AA-6A3B-4CF8-8199-A7222DD08048}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A3C99D04-6008-4CA8-95FF-3AE7AD16349C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{929AF19C-590F-4B13-9206-8FBF9056458C}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8760F7B1-D9BD-4496-9C02-6BC1D452D69E}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{10D3FFCC-395A-4A59-9FFF-74B49EE3E370}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{62A1B8A6-49DD-47F6-9103-32F8EF3BAAC4}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D7799B51-E85A-4CCE-8F7B-8D2A322E27AA}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{720CE350-401D-4E86-8E6D-FEBB0822AE5E}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DA34208E-D21D-46BE-B721-94EDDD9C43E9}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{214109B1-BB58-4404-999E-44A1C633D1FF}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A252C7DD-959B-4D85-B088-1EDC41927D46}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{355AA570-AA2A-4433-B2D0-550E95CE6833}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{48D51658-6931-4575-B65D-C9D17A1EB166}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{91FF1BE6-2DBA-45E6-A15A-DF794896623C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8695061A-8AF6-49CA-9112-A9C09F14B751}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F1DE4C5-606C-4B8A-9D48-43B62F5567ED}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{59576CFA-B6BC-4E5B-8CDB-5B73175BC3B6}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

==================== Restore Points =========================

02-01-2017 12:55:34 Scheduled Checkpoint
10-01-2017 17:12:36 Scheduled Checkpoint
19-01-2017 16:01:52 Installed WinZip 17.5

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2017 09:07:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/21/2017 09:07:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 22%
Total physical RAM: 4024.36 MB
Available physical RAM: 3121.6 MB
Total Virtual: 4920.36 MB
Available Virtual: 4025.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:390.62 GB) (Free:304.78 GB) NTFS
Drive d: (SONY_4GR) (Removable) (Total:3.62 GB) (Free:3.48 GB) FAT32
Drive e: (New Volume) (Fixed) (Total:539.91 GB) (Free:42.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=539.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

[RKinner]

Don't see a new FRST log but here's a new fixlist based on what didn't go away the last time:

 

 

Got to go out for about 3 hours.

 

 

[Dave_83]

Hi, After using the fixlist.txt, fixed it using FRST. Browser's IE and Chrome are working fine, Google and Gmail opens up just good 

 

Could I know what was the issue?

 

Below are the scans:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by VIVEK (administrator) on MIRA (23-01-2017 21:09:58)
Running from D:\
Loaded Profiles: VIVEK (Available Profiles: VIVEK)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2892616 2014-02-19] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{F98FD385-790B-46F3-BB66-DE859A723147}: [DhcpNameServer] 192.168.1.1 0.0.0.0
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\b8Ms02X3.dll => No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> is enabled.

FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-04] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-22] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-22]
CHR Extension: (Google Drive) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22]
CHR Extension: (YouTube) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22]
CHR Extension: (Adobe Acrobat) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-21]
CHR Extension: (Google Sheets) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-21]
CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeGoogle; C:\Program Files (x86)\Google\AdobeGoogle.dll [225280 2017-01-11] () [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-03-01] (Apple Computer, Inc.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-06] (Macrovision Europe Ltd.) [File not signed]
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-11-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-04] (Intel Corporation)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [930704 2017-01-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2014-09-09] (Qualcomm Atheros Communications, Inc.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-04] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-25] (Realtek Semiconductor Corp.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-23 21:09 - 2017-01-23 21:09 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
2017-01-21 21:07 - 2017-01-21 21:07 - 00000000 ____D C:\Users\VIVEK\AppData\Local\UCBrowser
2017-01-21 19:43 - 2017-01-21 19:43 - 00001527 _____ C:\Users\Public\Desktop\UC超级返.lnk
2017-01-21 18:59 - 2017-01-23 21:09 - 00000000 ____D C:\FRST
2017-01-21 18:52 - 2017-01-21 18:55 - 00000000 ____D C:\AdwCleaner
2017-01-20 14:48 - 2017-01-20 14:48 - 00001418 _____ C:\Users\VIVEK\Desktop\Internet Explorer.lnk
2017-01-20 14:27 - 2017-01-20 14:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-19 16:20 - 2017-01-19 16:20 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-01-19 16:04 - 2017-01-19 16:04 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-01-19 16:04 - 2017-01-19 16:04 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-01-19 16:03 - 2017-01-19 16:40 - 00000000 ____D C:\Users\VIVEK\AppData\Local\AvgSetupLog
2017-01-19 16:03 - 2017-01-19 16:03 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Avg
2017-01-19 16:02 - 2017-01-19 20:47 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-01-19 16:02 - 2017-01-19 20:47 - 00002253 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\Documents\Add-in Express
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\AppData\Local\WinZip
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\WinZip
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Program Files (x86)\WinZip
2017-01-19 15:31 - 2017-01-19 15:31 - 00000000 ____D C:\ProgramData\vpconfig
2017-01-19 15:29 - 2017-01-19 15:29 - 00000000 ____D C:\Windows\19
2017-01-11 01:43 - 2017-01-19 20:50 - 00000258 __RSH C:\Users\VIVEK\ntuser.pol
2017-01-11 01:37 - 2017-01-21 19:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-11 01:09 - 2017-01-11 01:32 - 00000700 ___SH C:\Users\VIVEK\AppData\Local\systemFL7.dat
2017-01-09 10:53 - 2017-01-09 10:53 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2 (1).pdf
2017-01-07 14:24 - 2017-01-07 14:25 - 07534439 _____ C:\Users\VIVEK\Downloads\15818170_1844685769149300_7059580909132972032_n.mp4
2017-01-04 12:22 - 2017-01-04 12:22 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2.pdf
2017-01-01 12:40 - 2017-01-01 12:40 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\PowerISO
2017-01-01 12:35 - 2017-01-06 20:14 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\BitTorrent
2017-01-01 12:24 - 2017-01-11 01:34 - 00000000 ____D C:\Program Files (x86)\MagicISO
2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-12-31 12:36 - 2016-12-31 12:37 - 02654065 _____ C:\Users\VIVEK\Downloads\15679572_1011222398982650_8732101501306011648_n.mp4
2016-12-30 21:42 - 2016-12-30 21:42 - 00214260 _____ C:\Users\VIVEK\Downloads\007.jpg
2016-12-30 19:46 - 2016-12-30 19:50 - 273245399 _____ C:\Users\VIVEK\Downloads\_CommonRedist.zip
2016-12-30 19:27 - 2016-12-30 19:27 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\Temp
2016-12-26 22:14 - 2016-12-26 22:14 - 00046571 _____ C:\Users\VIVEK\Downloads\4_the_amazing_spider_man_2.torrent
2016-12-26 22:14 - 2016-12-26 22:14 - 00002549 _____ C:\Users\VIVEK\Downloads\5_the_amazing_spider_man_2.torrent
2016-12-26 10:23 - 2016-12-26 10:23 - 00037736 _____ C:\Users\VIVEK\Downloads\iceagecollisioncourse2016dvdripxvidac3-evo-english-96524.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-23 21:07 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-23 21:07 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-01-23 21:02 - 2016-07-23 07:12 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-23 21:02 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2017-01-22 20:33 - 2016-07-23 07:18 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-377035130-313707484-1373472014-1001
2017-01-22 20:02 - 2016-09-19 02:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-21 21:05 - 2016-10-26 15:17 - 00000000 ____D C:\Program Files (x86)\Speedify
2017-01-21 21:04 - 2016-10-26 15:17 - 00000000 ____D C:\ProgramData\Speedify
2017-01-21 21:04 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\IDM
2017-01-21 18:57 - 2016-09-03 00:22 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Skype
2017-01-21 18:57 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\DMCache
2017-01-20 15:38 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2017-01-19 21:28 - 2016-07-23 12:13 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\vlc
2017-01-19 20:58 - 2016-07-23 07:13 - 00000000 ____D C:\Users\VIVEK
2017-01-19 20:50 - 2016-11-18 18:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-19 20:48 - 2016-09-01 09:34 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-19 20:48 - 2016-08-06 12:11 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
2017-01-19 20:48 - 2016-08-06 12:09 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2017-01-19 20:48 - 2016-08-06 12:08 - 00001423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2017-01-19 20:48 - 2016-08-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2017-01-19 20:48 - 2016-08-06 12:06 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2017-01-19 20:48 - 2016-07-24 02:14 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2017-01-19 20:48 - 2016-07-23 07:13 - 00001418 _____ C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-19 20:48 - 2013-08-22 20:15 - 00000000 ____D C:\Windows\Setup
2017-01-19 20:47 - 2016-12-09 23:34 - 00001342 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2017-01-19 20:47 - 2016-09-01 09:34 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-19 20:47 - 2016-07-24 02:14 - 00000722 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2017-01-19 20:47 - 2016-07-23 12:01 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-01-19 20:47 - 2016-07-23 11:57 - 00001116 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2017-01-19 16:36 - 2016-08-02 07:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2017-01-19 16:36 - 2013-08-22 20:14 - 02262920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-19 16:19 - 2013-08-23 00:41 - 00000000 ____D C:\Windows\ShellNew
2017-01-19 16:15 - 2013-08-22 18:55 - 00000167 _____ C:\Windows\win.ini
2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ____D C:\ProgramData\Skype
2017-01-11 01:43 - 2016-11-29 10:04 - 00000000 ____D C:\Windows\Minidump
2017-01-11 01:36 - 2016-07-23 12:05 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-01-11 01:36 - 2016-07-23 11:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-11 01:34 - 2016-09-01 10:42 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-01-11 01:34 - 2016-08-11 10:10 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-01-11 01:33 - 2016-07-24 02:10 - 00000000 ____D C:\ProgramData\Intel
2017-01-11 01:33 - 2016-07-23 12:10 - 00000000 ____D C:\ProgramData\AMD
2017-01-11 01:33 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-06 21:00 - 2016-10-12 11:30 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\BitTorrent
2016-12-30 22:58 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Documents
2016-12-29 18:05 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Compressed
2016-12-28 15:19 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Video

==================== Files in the root of some directories =======

2017-01-11 01:09 - 2017-01-11 01:32 - 0000700 ___SH () C:\Users\VIVEK\AppData\Local\systemFL7.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-21 19:25

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by VIVEK (23-01-2017 21:10:57)
Running from D:\
Windows 8.1 Pro (X64) (2016-07-23 01:42:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-377035130-313707484-1373472014-500 - Administrator - Disabled)
Guest (S-1-5-21-377035130-313707484-1373472014-501 - Limited - Disabled)
VIVEK (S-1-5-21-377035130-313707484-1373472014-1001 - Administrator - Enabled) => C:\Users\VIVEK

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F1D90A17-427A-B2A6-98AF-D7E77DE0143A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
DEVIL MAY CRY 4 (HKLM\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.38.2 - ELAN Microelectronic Corp.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Speedify (HKLM\...\Speedify) (Version: 4.0.7.3356 - Connectify)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4C2F5B99-56DE-4A5D-84FE-8DF1C1B631BA} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 

==================== Loaded Modules (Whitelisted) ==============

2017-01-11 01:37 - 2017-01-16 16:53 - 00930704 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2017-01-11 01:35 - 2017-01-11 01:35 - 00225280 ____H () C:\Program Files (x86)\Google\AdobeGoogle.dll
2016-07-24 02:10 - 2013-12-04 02:05 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2017-01-23 21:06 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-377035130-313707484-1373472014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VIVEK\Desktop\791f94acfeb2a5b48b2b6d11f25e591a.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{18215059-33AE-46AC-8DF9-00FB22502E84}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{78F43857-82E2-4E21-9EEC-FB49B57D07F1}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [TCP Query User{3566C891-BE3F-4AF3-9947-A02E7ACA247B}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
FirewallRules: [UDP Query User{FEF32AA9-C263-480C-853A-6C2A2D5A43F7}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
FirewallRules: [{A58B62AA-6A3B-4CF8-8199-A7222DD08048}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A3C99D04-6008-4CA8-95FF-3AE7AD16349C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{929AF19C-590F-4B13-9206-8FBF9056458C}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8760F7B1-D9BD-4496-9C02-6BC1D452D69E}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{10D3FFCC-395A-4A59-9FFF-74B49EE3E370}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{62A1B8A6-49DD-47F6-9103-32F8EF3BAAC4}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D7799B51-E85A-4CCE-8F7B-8D2A322E27AA}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{720CE350-401D-4E86-8E6D-FEBB0822AE5E}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DA34208E-D21D-46BE-B721-94EDDD9C43E9}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{214109B1-BB58-4404-999E-44A1C633D1FF}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A252C7DD-959B-4D85-B088-1EDC41927D46}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{355AA570-AA2A-4433-B2D0-550E95CE6833}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{48D51658-6931-4575-B65D-C9D17A1EB166}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{91FF1BE6-2DBA-45E6-A15A-DF794896623C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8695061A-8AF6-49CA-9112-A9C09F14B751}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4F1DE4C5-606C-4B8A-9D48-43B62F5567ED}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{59576CFA-B6BC-4E5B-8CDB-5B73175BC3B6}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

==================== Restore Points =========================

02-01-2017 12:55:34 Scheduled Checkpoint
10-01-2017 17:12:36 Scheduled Checkpoint
19-01-2017 16:01:52 Installed WinZip 17.5

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2017 09:07:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/23/2017 09:07:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
=============
Error: (01/23/2017 09:07:44 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 23%
Total physical RAM: 4024.36 MB
Available physical RAM: 3080.39 MB
Total Virtual: 4920.36 MB
Available Virtual: 4008.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:390.62 GB) (Free:304.74 GB) NTFS
Drive d: (SONY_4GR) (Removable) (Total:3.62 GB) (Free:3.44 GB) FAT32
Drive e: (New Volume) (Fixed) (Total:539.91 GB) (Free:42.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=539.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

[RKinner]

I don't see a second fixlog.

 

Even if the first one fixed the problem you should still continue.

 

As for what caused your problem:  You had a broken browser hijacker

 

Something like the one discussed here:

http://www.myantispy...irefox-ie-edge/

tho I don't think much of their method of resetting the browser but it probably would work to remove the hijacker but would lose all of your other extensions and add-ons..

[Dave_83]

Below is the Fixlog details.

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by VIVEK (23-01-2017 21:06:15) Run:2
Running from D:\
Loaded Profiles: VIVEK (Available Profiles: VIVEK)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.dll ()
UNLOCK: C:\Program Files (x86)\UCBrowser
C:\Program Files (x86)\UCBrowser
Task: {3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {44469CE2-9009-403E-AC91-5075ADC75ABD} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
Task: {86991D16-D398-4FCD-81A0-6F2779374212} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-16] (UCWeb Inc) <==== ATTENTION
Task: {B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
Task: {D0B7A62A-E741-40F0-9D97-68C391D04C60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]
HOSTS:
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"


*****************

Processes closed successfully.
HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE} => key removed successfully
"C:\Program Files (x86)\UCBrowser" => was unlocked

"C:\Program Files (x86)\UCBrowser" folder move:

Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44469CE2-9009-403E-AC91-5075ADC75ABD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44469CE2-9009-403E-AC91-5075ADC75ABD} => key removed successfully
C:\Windows\System32\Tasks\UCBrowserSecureUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86991D16-D398-4FCD-81A0-6F2779374212} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86991D16-D398-4FCD-81A0-6F2779374212} => key removed successfully
C:\Windows\System32\Tasks\UCBrowserUpdaterCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0B7A62A-E741-40F0-9D97-68C391D04C60} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0B7A62A-E741-40F0-9D97-68C391D04C60} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
C:\Windows\Tasks\UCBrowserUpdaterCore.job => moved successfully
C:\Windows\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\Windows\system32\drivers => ":x64" ADS removed successfully.
C:\Windows\system32\drivers => ":x86" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-01-2017 21:07:45)

"C:\Program Files (x86)\UCBrowser" => Could not move

==== End of Fixlog 21:07:48 ====

[RKinner]

UCBrowser seems to be putting up a fight.  Get the 15 day free trial of MBAM:

 

https://www.malwareb...m/mwb-download/

 

Click on Download and Save the file and once it finishes downloading, go to the folder (usually you can right click on it and Open Folder) and then right click and Run As Admin.

 

Let it do a full scan then chack anything it finds and tell it to remove them.

 

Reboot and then do another MBAM scan.  Does it still find stuff?

[Dave_83]

Downloaded and scanned, 2 threats were detected and quarantined.

 

Screenshot attached.

Attached Thumbnails

• 

[RKinner]

Search for:

 

task scheduler

hit enter.

 

Click on Task Scheduler Library

 

Look in the next pane over.  Find any tasks that start with UC

Right click and Disable.

 

Does it let you do that or do you get an error?