Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to browser in IE 11 and unable to update superantispyware

virus malware IE11-issue

  • Please log in to reply

#1
Dave_83

Dave_83

    Member

  • Member
  • PipPip
  • 66 posts

My laptop has few issues, unable to figure out if is a virus or malware creating this issue. When i try to browse i cannot, instead i get this below when i go for google.com:

function httpGetAsync(theUrl, callback) { var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback(xmlHttp.responseText); } xmlHttp.open("GET", theUrl, true); // true for asynchronous xmlHttp.send(null); } document.onclick = function() { window.open("http://creativesrv.c...513&cb=INSER...") document.onclick = null; httpGetAsync("http://sstatic1.hist...gif?3685753", null); }

I have connected to internet via WiFi, and till yesterday i could update Malwarebytes but now i cannot update it. So the internet am unable to connect it. Could i please get help on this? Much appreciated....

Laptop configuration:
• Intel Core i3 - 4010U 1.70 Ghz
• Memory 4 GB
• Windows 8.1 Pro 64bit operating system


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
 

 
 
Copy the next line:
 

"C:\Program Files\Internet Explorer\iexplore"  -extoff  http://www.bleepingcomputer.com/download/adwcleaner/
 
Open an elevated command prompt as explained in:
 
 
(An elevated command prompt will have C:\windows\system32> as the prompt.  If not you did it wrong.)
 
Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter if IE does not open.
 
This should open IE with extensions disabled and point it at bleepingcomputer.com where you have the opportunity to download AdwCleaner.
 
Click on the Green button that says Download [email protected]
 
It should come up and ask you if you want to Run or SAVE adwcleaner.exe
Tell it SAVE
 
Once it saves, Click on Open Folder, then right click on the file you downloaded and Run as administrator.
 
Once it runs click on Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
Leave IE open and on the bleepingcomputer page where you downloaded AdwCleaner there should be a Search Downloads box.
 
Type:
frst
and hit Enter.  The page that comes up will have
 

 
Farbar Recovery Scan Tool
 
Click on that and then 
Download Now 64 bit button (if you have 64 bit Windows)
Download Now 32 bit button (if you have 32 bit windows)
 
If you don't know get them both (only one will work so try them both).
Save
Open Folder then 
right click and Run as administrator
 

 

  •  
 
 
  • Right click to run as administrator - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    Dave_83

    Dave_83

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Hi there,

     

    Thank you for the reply, below is the scan details:

     

    AdwCleaner:

     

    # AdwCleaner v6.042 - Logfile created 21/01/2017 at 18:55:58
    # Updated on 06/01/2017 by Malwarebytes
    # Database : 2017-01-06.1 [Local]
    # Operating System : Windows 8.1 Pro  (X64)
    # Username : VIVEK - MIRA
    # Running from : D:\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support

     

    ***** [ Services ] *****

    [-] Service deleted: UCBrowserSvc
    [-] Service deleted: ucdrv

    ***** [ Folders ] *****

    [-] Folder deleted: C:\Program Files (x86)\Youtube AdBlock
    [-] Folder deleted: C:\Users\VIVEK\AppData\Local\0C8D0102-1484098505-E411-B2A0-F8A9634D63C1
    [-] Folder deleted: C:\Users\VIVEK\AppData\Roaming\Softlink
    [-] Folder deleted: C:\Users\VIVEK\AppData\Roaming\WMPNetworkAcSvc
    [#] Folder deleted on reboot: C:\Program Files (x86)\Youtube AdBlock
    [-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared
    [-] Folder deleted: C:\ProgramData\Microsoft\XBLive

    ***** [ Files ] *****

    [-] File deleted: C:\END

    ***** [ DLL ] *****

     

    ***** [ WMI ] *****

     

    ***** [ Shortcuts ] *****

     

    ***** [ Scheduled Tasks ] *****

    [-] Task deleted: UCBrowserUpdaterCore

    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
    [#] Key deleted on reboot: {38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
    [#] Key deleted on reboot: {45965C76-4C88-4512-9358-368483E1C3B1}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{176F706B-5175-479C-A3DF-32420F6FB01A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{38BE2BE8-EB8E-41D1-9D94-3B1697094D47}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{53C267B2-B01D-410F-A4DD-A32962EE55F4}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8804A543-42D3-4D71-9685-B0243D5526F3}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A0F322D5-6A13-4CAB-84CF-FABB5690618E}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AC3E336C-B524-47F0-9AA2-5F67AA056086}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F577A1BA-D82D-4BB2-8430-B767285D081D}
    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F6DF4318-A699-4E88-BE1D-84F4A009B08A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{45965C76-4C88-4512-9358-368483E1C3B1}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
    [-] Key deleted: HKU\.DEFAULT\Software\UCBrowser
    [-] Key deleted: HKU\.DEFAULT\Software\jhtrsq
    [-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Installer
    [-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\UCBrowser
    [-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\UCBrowserPID
    [-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\AutoTime
    [-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\SNDA
    [-] Key deleted: HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\SaFiPlayer
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\UCBrowser
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\jhtrsq
    [#] Key deleted on reboot: HKCU\Software\Installer
    [#] Key deleted on reboot: HKCU\Software\UCBrowser
    [#] Key deleted on reboot: HKCU\Software\UCBrowserPID
    [#] Key deleted on reboot: HKCU\Software\AutoTime
    [#] Key deleted on reboot: HKCU\Software\SNDA
    [#] Key deleted on reboot: HKCU\Software\SaFiPlayer
    [-] Key deleted: HKLM\SOFTWARE\UCBrowser
    [-] Key deleted: HKLM\SOFTWARE\UCBrowserPID
    [-] Key deleted: HKLM\SOFTWARE\SkypeUpdateEx
    [-] Key deleted: HKLM\SOFTWARE\jhtrsq
    [-] Key deleted: HKLM\SOFTWARE\WMPNetworkAcSvc
    [-] Key deleted: HKLM\SOFTWARE\SaFiPlayer
    [#] Key deleted on reboot: [x64] HKCU\Software\Installer
    [#] Key deleted on reboot: [x64] HKCU\Software\UCBrowser
    [#] Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
    [#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
    [#] Key deleted on reboot: [x64] HKCU\Software\SNDA
    [#] Key deleted on reboot: [x64] HKCU\Software\SaFiPlayer
    [-] Key deleted: [x64] HKLM\SOFTWARE\UCBrowser
    [-] Key deleted: [x64] HKLM\SOFTWARE\jhtrsq
    [-] Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
    [-] Value deleted: HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
    [-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
    [-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
    [-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt

    ***** [ Web browsers ] *****

    [-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: torrentz.colorask.com
    [-] [C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: trotux

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [6671 Bytes] - [21/01/2017 18:55:58]
    C:\AdwCleaner\AdwCleaner[S0].txt - [6277 Bytes] - [21/01/2017 18:54:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6817 Bytes] ##########

     

     

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
    Ran by VIVEK (administrator) on MIRA (21-01-2017 18:59:37)
    Running from D:\
    Loaded Profiles: VIVEK (Available Profiles: VIVEK)
    Platform: Windows 8.1 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Connectify) C:\Program Files (x86)\Speedify\speedify.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
    (Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2892616 2014-02-19] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [Speedify] => C:\Program Files (x86)\Speedify\SpeedifyUI.exe [2245840 2016-10-21] (Connectify)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-16] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3612240 2016-09-01] (Tonec Inc.)
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
    HKLM\...\Providers\hiyq94fx: C:\Program Files (x86)\Anerrerentkgupy Verfier\local64spl.dll [291328 2017-01-11] ()
    ShellExecuteHooks: No Name - {09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} - C:\Users\VIVEK\AppData\Roaming\Lerjsenomick\Merjodom.dll -> No File
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Tcpip\..\Interfaces\{985873CC-8BDA-4A84-8D9A-293D3A8E222A}: [DhcpNameServer] 192.168.15.1
    Tcpip\..\Interfaces\{F98FD385-790B-46F3-BB66-DE859A723147}: [DhcpNameServer] 192.168.1.1 0.0.0.0
    ManualProxies:

    Internet Explorer:
    ==================
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
    BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\b8Ms02X3.dll => No File
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
    IE Session Restore: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> is enabled.

    FireFox:
    ========
    FF HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5 [2016-09-01] [not signed]
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-04] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-04] (Intel Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxp://www.google.com/
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com/"
    CHR Session Restore: ChromeDefaultData -> is enabled.
    CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-20] <==== ATTENTION
    CHR Extension: (Google Slides) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-01]
    CHR Extension: (Google Docs) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-01]
    CHR Extension: (Google Drive) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-01]
    CHR Extension: (YouTube) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
    CHR Extension: (Google Sheets) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-01]
    CHR Extension: (Google Docs Offline) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-31]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-01]
    CHR Extension: (Gmail) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
    CHR Extension: (Chrome Media Router) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-26]
    CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-20]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-28]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeGoogle; C:\Program Files (x86)\Google\AdobeGoogle.dll [225280 2017-01-11] () [File not signed]
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-03-01] (Apple Computer, Inc.) [File not signed]
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-06] (Macrovision Europe Ltd.) [File not signed]
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-28] (Ellora Assets Corp.) [File not signed]
    S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-11-03] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-04] (Intel Corporation)
    R2 Liqoingsuqush; C:\Program Files (x86)\Atezet\sefewardcekochManager.dll [179712 2017-01-11] () [File not signed]
    R2 Speedify; C:\Program Files (x86)\Speedify\Speedify.exe [2836536 2016-10-21] (Connectify)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    S2 OtherSearchcaaadbad; rundll32.exe "C:\Program Files (x86)\ca28a028-4454-4670-901a-d399b7a920d61484078674\OtherSearchcaaadbad.dll",soeasy [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2014-09-09] (Qualcomm Atheros Communications, Inc.)
    S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-04] (Intel Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
    S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-25] (Realtek Semiconductor Corp.)
    U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-21 18:59 - 2017-01-21 18:59 - 00000000 ____D C:\FRST
    2017-01-21 18:52 - 2017-01-21 18:55 - 00000000 ____D C:\AdwCleaner
    2017-01-20 14:48 - 2017-01-20 14:48 - 00001418 _____ C:\Users\VIVEK\Desktop\Internet Explorer.lnk
    2017-01-20 14:27 - 2017-01-20 14:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2017-01-20 14:08 - 2017-01-20 14:08 - 00001132 _____ C:\Users\VIVEK\Desktop\Malwarebytes Anti-Malware.lnk
    2017-01-19 16:20 - 2017-01-19 16:20 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
    2017-01-19 16:17 - 2017-01-19 16:17 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
    2017-01-19 16:04 - 2017-01-19 16:04 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-01-19 16:04 - 2017-01-19 16:04 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-01-19 16:04 - 2017-01-19 16:04 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2017-01-19 16:03 - 2017-01-19 16:40 - 00000000 ____D C:\Users\VIVEK\AppData\Local\AvgSetupLog
    2017-01-19 16:03 - 2017-01-19 16:03 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Avg
    2017-01-19 16:02 - 2017-01-19 20:47 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2017-01-19 16:02 - 2017-01-19 20:47 - 00002253 _____ C:\Users\Public\Desktop\WinZip.lnk
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\Documents\Add-in Express
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\AppData\Local\WinZip
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\WinZip
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Program Files (x86)\WinZip
    2017-01-19 15:31 - 2017-01-19 15:31 - 00000000 ____D C:\ProgramData\vpconfig
    2017-01-19 15:29 - 2017-01-19 15:29 - 00000000 ____D C:\Windows\19
    2017-01-11 01:43 - 2017-01-19 20:50 - 00000258 __RSH C:\Users\VIVEK\ntuser.pol
    2017-01-11 01:38 - 2017-01-19 16:15 - 00000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-01-11 01:38 - 2017-01-11 01:38 - 00003416 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-01-11 01:37 - 2017-01-21 18:56 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-01-11 01:37 - 2017-01-11 01:51 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-01-11 01:37 - 2017-01-11 01:37 - 00000000 ____D C:\Users\VIVEK\AppData\Local\UCBrowser
    2017-01-11 01:35 - 2017-01-19 16:35 - 00000000 ____D C:\Program Files (x86)\baidu
    2017-01-11 01:35 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Phapergeatjaied
    2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Links2
    2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Wsotainvuzele
    2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Program Files\9YR3RM447X
    2017-01-11 01:34 - 2017-01-19 16:40 - 00000000 ____D C:\ProgramData\Avg
    2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\Avira
    2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 _____ C:\TOSTACK
    2017-01-11 01:33 - 2017-01-19 15:41 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2017-01-11 01:33 - 2017-01-11 01:36 - 00000000 ____D C:\Windows\system32\SSL
    2017-01-11 01:33 - 2017-01-11 01:33 - 00000000 ____D C:\Program Files (x86)\Anerrerentkgupy Verfier
    2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Lerjsenomick
    2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Atezet
    2017-01-11 01:32 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Clcughtdupersy
    2017-01-11 01:30 - 2017-01-19 20:47 - 00001135 _____ C:\Users\Public\Desktop\Download Folder Lock Cr...lnk
    2017-01-11 01:09 - 2017-01-11 01:32 - 00000700 ___SH C:\Users\VIVEK\AppData\Local\systemFL7.dat
    2017-01-09 10:53 - 2017-01-09 10:53 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2 (1).pdf
    2017-01-07 14:24 - 2017-01-07 14:25 - 07534439 _____ C:\Users\VIVEK\Downloads\15818170_1844685769149300_7059580909132972032_n.mp4
    2017-01-07 00:43 - 2017-01-07 00:43 - 02020532 _____ C:\Windows\14013a6da845af9f7006eb5ed4051f1f.exe
    2017-01-04 12:22 - 2017-01-04 12:22 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2.pdf
    2017-01-01 12:40 - 2017-01-01 12:40 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\PowerISO
    2017-01-01 12:35 - 2017-01-06 20:14 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\BitTorrent
    2017-01-01 12:24 - 2017-01-11 01:34 - 00000000 ____D C:\Program Files (x86)\MagicISO
    2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
    2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    2016-12-31 12:36 - 2016-12-31 12:37 - 02654065 _____ C:\Users\VIVEK\Downloads\15679572_1011222398982650_8732101501306011648_n.mp4
    2016-12-30 21:42 - 2016-12-30 21:42 - 00214260 _____ C:\Users\VIVEK\Downloads\007.jpg
    2016-12-30 19:46 - 2016-12-30 19:50 - 273245399 _____ C:\Users\VIVEK\Downloads\_CommonRedist.zip
    2016-12-30 19:27 - 2016-12-30 19:27 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\Temp
    2016-12-26 22:14 - 2016-12-26 22:14 - 00046571 _____ C:\Users\VIVEK\Downloads\4_the_amazing_spider_man_2.torrent
    2016-12-26 22:14 - 2016-12-26 22:14 - 00002549 _____ C:\Users\VIVEK\Downloads\5_the_amazing_spider_man_2.torrent
    2016-12-26 10:23 - 2016-12-26 10:23 - 00037736 _____ C:\Users\VIVEK\Downloads\iceagecollisioncourse2016dvdripxvidac3-evo-english-96524.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-21 19:00 - 2016-10-26 15:17 - 00000000 ____D C:\ProgramData\Speedify
    2017-01-21 18:57 - 2016-09-03 00:22 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Skype
    2017-01-21 18:57 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\DMCache
    2017-01-21 18:56 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-01-20 15:38 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
    2017-01-20 15:16 - 2016-07-23 07:12 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-01-20 15:16 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
    2017-01-20 14:46 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
    2017-01-19 21:28 - 2016-07-23 12:13 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\vlc
    2017-01-19 20:58 - 2016-07-23 07:13 - 00000000 ____D C:\Users\VIVEK
    2017-01-19 20:50 - 2016-11-18 18:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-01-19 20:48 - 2016-09-19 02:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-01-19 20:48 - 2016-09-01 09:34 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-01-19 20:48 - 2016-08-06 12:11 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
    2017-01-19 20:48 - 2016-08-06 12:09 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
    2017-01-19 20:48 - 2016-08-06 12:08 - 00001423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
    2017-01-19 20:48 - 2016-08-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
    2017-01-19 20:48 - 2016-08-06 12:06 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
    2017-01-19 20:48 - 2016-07-24 02:14 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
    2017-01-19 20:48 - 2016-07-23 07:13 - 00001418 _____ C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-01-19 20:48 - 2013-08-22 20:15 - 00000000 ____D C:\Windows\Setup
    2017-01-19 20:47 - 2016-12-09 23:34 - 00001342 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
    2017-01-19 20:47 - 2016-09-01 09:34 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-01-19 20:47 - 2016-07-24 02:14 - 00000722 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
    2017-01-19 20:47 - 2016-07-23 12:01 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-01-19 20:47 - 2016-07-23 11:57 - 00001116 _____ C:\Users\Public\Desktop\Picasa 3.lnk
    2017-01-19 16:36 - 2016-08-02 07:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2017-01-19 16:36 - 2013-08-22 20:14 - 02262920 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-01-19 16:22 - 2016-07-23 07:18 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-377035130-313707484-1373472014-1001
    2017-01-19 16:19 - 2013-08-23 00:41 - 00000000 ____D C:\Windows\ShellNew
    2017-01-19 16:15 - 2013-08-22 18:55 - 00000167 _____ C:\Windows\win.ini
    2017-01-19 15:57 - 2016-09-19 02:06 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ____D C:\ProgramData\Skype
    2017-01-11 01:43 - 2016-11-29 10:04 - 00000000 ____D C:\Windows\Minidump
    2017-01-11 01:36 - 2016-07-23 12:05 - 00000000 ____D C:\Program Files (x86)\WinRAR
    2017-01-11 01:36 - 2016-07-23 11:57 - 00000000 ____D C:\Program Files (x86)\Google
    2017-01-11 01:34 - 2016-09-01 10:42 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2017-01-11 01:34 - 2016-08-11 10:10 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
    2017-01-11 01:33 - 2016-07-24 02:10 - 00000000 ____D C:\ProgramData\Intel
    2017-01-11 01:33 - 2016-07-23 12:10 - 00000000 ____D C:\ProgramData\AMD
    2017-01-11 01:33 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2017-01-06 21:00 - 2016-10-12 11:30 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\BitTorrent
    2016-12-30 22:58 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Documents
    2016-12-29 18:05 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Compressed
    2016-12-28 18:53 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\IDM
    2016-12-28 15:19 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Video
    2016-12-25 15:07 - 2016-09-01 09:31 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-12-25 15:07 - 2016-09-01 09:31 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2017-01-11 01:09 - 2017-01-11 01:32 - 0000700 ___SH () C:\Users\VIVEK\AppData\Local\systemFL7.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-04 12:04

    ==================== End of FRST.txt ============================

     

     

    Addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
    Ran by VIVEK (21-01-2017 19:00:50)
    Running from D:\
    Windows 8.1 Pro (X64) (2016-07-23 01:42:25)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-377035130-313707484-1373472014-500 - Administrator - Disabled)
    Guest (S-1-5-21-377035130-313707484-1373472014-501 - Limited - Disabled)
    VIVEK (S-1-5-21-377035130-313707484-1373472014-1001 - Administrator - Enabled) => C:\Users\VIVEK

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
    Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{F1D90A17-427A-B2A6-98AF-D7E77DE0143A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    BitTorrent (HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
    DEVIL MAY CRY 4 (HKLM\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
    DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
    Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.38.2 - ELAN Microelectronic Corp.)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
    Speedify (HKLM\...\Speedify) (Version: 4.0.7.3356 - Connectify)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
    WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.dll ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1676BD33-BB38-4A1A-8B88-77633C0610C6} - \Anerrerentkgupy Verfier -> No File <==== ATTENTION
    Task: {3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {45FE4A7C-4BF4-488D-8E92-E9A2B6617080} - \updengine -> No File <==== ATTENTION
    Task: {8F615EEA-D62B-4FFC-B723-3A97052535EE} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
    Task: {907D5EB2-19E3-4311-A951-CDE946D616EE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {AD36A761-EC67-4717-AAE3-5D9922EBAF6F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-23] ()
    Task: {B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
    Task: {D0B7A62A-E741-40F0-9D97-68C391D04C60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
    Task: {E89EF429-799D-4C18-A6A5-D596A6F9CE03} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-09] (UCWeb Inc) <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 

    ==================== Loaded Modules (Whitelisted) ==============

    2017-01-11 01:32 - 2017-01-11 01:32 - 00179712 _____ () c:\program files (x86)\atezet\sefewardcekochmanager.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 00947768 _____ () C:\Program Files (x86)\Speedify\ffmpeg.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 01801272 _____ () C:\Program Files (x86)\Speedify\libglesv2.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 00089144 _____ () C:\Program Files (x86)\Speedify\libegl.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 04041784 _____ () C:\Program Files (x86)\Speedify\node.dll
    2017-01-11 01:35 - 2017-01-11 01:35 - 00225280 ____H () C:\Program Files (x86)\Google\AdobeGoogle.dll
    2016-07-24 02:10 - 2013-12-04 02:05 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 18:55 - 2017-01-11 01:35 - 00003722 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       down.baidu2016.com
    127.0.0.1       123.sogou.com
    127.0.0.1       www.czzsyzgm.com
    127.0.0.1       www.czzsyzxl.com
    127.0.0.1       union.baidu2019.com
    127.0.0.1       down.baidu2016.com
    127.0.0.1       123.sogou.com
    127.0.0.1       www.czzsyzgm.com
    127.0.0.1       www.czzsyzxl.com
    127.0.0.1       union.baidu2019.com
    34.195.153.94 www.google-analytics.com
    34.195.153.94 google-analytics.com
    34.195.153.94 mc.yandex.ru
    34.195.153.94 top-fwz1.mail.ru
    34.195.153.94 site.yandex.net
    34.195.153.94 pagead2.googlesyndication.com
    34.195.153.94 ad.mail.ru
    34.195.153.94 ads.adfox.ru
    34.195.153.94 ads.pubmatic.com
    34.195.153.94 apis.google.com
    34.195.153.94 autocontext.begun.ru
    34.195.153.94 b.scorecardresearch.com
    34.195.153.94 c.amazon-adsystem.com
    34.195.153.94 cdn.admixer.net
    34.195.153.94 cdn.cxense.com
    34.195.153.94 cdn.livefyre.com
    34.195.153.94 cdn.onthe.io
    34.195.153.94 cdn.optimizely.com
    34.195.153.94 cdn.prom.st
    34.195.153.94 cdn.pushwoosh.com

    There are 55 more lines.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VIVEK\Desktop\791f94acfeb2a5b48b2b6d11f25e591a.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{18215059-33AE-46AC-8DF9-00FB22502E84}] => C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{78F43857-82E2-4E21-9EEC-FB49B57D07F1}] => C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [TCP Query User{3566C891-BE3F-4AF3-9947-A02E7ACA247B}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
    FirewallRules: [UDP Query User{FEF32AA9-C263-480C-853A-6C2A2D5A43F7}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
    FirewallRules: [{A58B62AA-6A3B-4CF8-8199-A7222DD08048}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{A3C99D04-6008-4CA8-95FF-3AE7AD16349C}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{929AF19C-590F-4B13-9206-8FBF9056458C}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{8760F7B1-D9BD-4496-9C02-6BC1D452D69E}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{10D3FFCC-395A-4A59-9FFF-74B49EE3E370}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{62A1B8A6-49DD-47F6-9103-32F8EF3BAAC4}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D7799B51-E85A-4CCE-8F7B-8D2A322E27AA}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{720CE350-401D-4E86-8E6D-FEBB0822AE5E}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{DA34208E-D21D-46BE-B721-94EDDD9C43E9}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{214109B1-BB58-4404-999E-44A1C633D1FF}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{A252C7DD-959B-4D85-B088-1EDC41927D46}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{355AA570-AA2A-4433-B2D0-550E95CE6833}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{48D51658-6931-4575-B65D-C9D17A1EB166}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{91FF1BE6-2DBA-45E6-A15A-DF794896623C}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{8695061A-8AF6-49CA-9112-A9C09F14B751}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{4F1DE4C5-606C-4B8A-9D48-43B62F5567ED}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
    FirewallRules: [{59576CFA-B6BC-4E5B-8CDB-5B73175BC3B6}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

    ==================== Restore Points =========================

    25-12-2016 18:49:45 Scheduled Checkpoint
    02-01-2017 12:55:34 Scheduled Checkpoint
    10-01-2017 17:12:36 Scheduled Checkpoint
    19-01-2017 16:01:52 Installed WinZip 17.5

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/21/2017 06:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AutoKMS.exe, version: 2.4.7.0, time stamp: 0x51fd032f
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.16384, time stamp: 0x5215fa76
    Exception code: 0xe0434352
    Fault offset: 0x0000000000008384
    Faulting process id: 0x64c
    Faulting application start time: 0x01d273e9fd8cd6aa
    Faulting application path: C:\Windows\AutoKMS\AutoKMS.exe
    Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report Id: 6e72b950-dfdd-11e6-827b-f8a9634d63c1
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/21/2017 06:58:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: AutoKMS.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ApplicationException
    Stack:
       at ..(Byte, Byte, .)
       at ..(Byte[])
       at ..(., .)
       at ..(Byte[])
       at ..(Byte[])
       at ..(System.IAsyncResult)
       at System.Net.LazyAsyncResult.Complete(IntPtr)
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Net.ContextAwareResult.Complete(IntPtr)
       at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
       at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

    Error: (01/21/2017 06:57:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/21/2017 06:57:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (01/21/2017 06:55:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Exception code: 0xc0000005
    Fault offset: 0x001a3c48
    Faulting process id: 0x4e8
    Faulting application start time: 0x01d273e9e2da5c7e
    Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
    Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
    Report Id: 20ad0bc4-dfdd-11e6-827a-3010b3183547
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/21/2017 06:54:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Exception code: 0xc0000005
    Fault offset: 0x001a3c48
    Faulting process id: 0x394
    Faulting application start time: 0x01d273e9becf5a90
    Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
    Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
    Report Id: fca20a25-dfdc-11e6-827a-3010b3183547
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/21/2017 06:53:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Exception code: 0xc0000005
    Fault offset: 0x001a3c48
    Faulting process id: 0x6b4
    Faulting application start time: 0x01d273e99abadd7f
    Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
    Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
    Report Id: d88ff151-dfdc-11e6-827a-3010b3183547
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/21/2017 06:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Exception code: 0xc0000005
    Fault offset: 0x001a3c48
    Faulting process id: 0x518
    Faulting application start time: 0x01d273e976a660d4
    Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
    Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
    Report Id: b484fbfb-dfdc-11e6-827a-3010b3183547
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/21/2017 06:51:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Exception code: 0xc0000005
    Fault offset: 0x001a3c48
    Faulting process id: 0x12e0
    Faulting application start time: 0x01d273e952a1491a
    Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
    Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
    Report Id: 906cd166-dfdc-11e6-827a-3010b3183547
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/21/2017 06:50:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Faulting module name: Speedify.exe, version: 4.0.7.3356, time stamp: 0x58092316
    Exception code: 0xc0000005
    Fault offset: 0x001a3c48
    Faulting process id: 0x930
    Faulting application start time: 0x01d273e92e96ceb0
    Faulting application path: C:\Program Files (x86)\Speedify\Speedify.exe
    Faulting module path: C:\Program Files (x86)\Speedify\Speedify.exe
    Report Id: 6c697e0f-dfdc-11e6-827a-3010b3183547
    Faulting package full name:
    Faulting package-relative application ID:

    System errors:
    =============
    Error: (01/21/2017 06:59:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The OtherSearchcaaadbad service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (01/21/2017 06:59:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the OtherSearchcaaadbad service to connect.

    Error: (01/21/2017 06:56:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NEWDRIVER service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (01/21/2017 06:56:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (01/21/2017 06:55:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Speedify service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AdobeGoogle service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bluetooth Device Monitor service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (01/21/2017 06:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The UC浏览器基础服务 service terminated unexpectedly.  It has done this 1 time(s).

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
    Percentage of memory in use: 25%
    Total physical RAM: 4024.36 MB
    Available physical RAM: 2988.33 MB
    Total Virtual: 4920.36 MB
    Available Virtual: 3854.68 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:390.62 GB) (Free:304.04 GB) NTFS
    Drive d: (SONY_4GR) (Removable) (Total:3.62 GB) (Free:3.48 GB) FAT32
    Drive e: (New Volume) (Fixed) (Total:539.91 GB) (Free:42.6 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
    Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
    Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=539.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

    ==================== End of Addition.txt ============================


     


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   12.75KB   107 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
    Are your browsers working OK now?
     

    • 0

    #5
    Dave_83

    Dave_83

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Other websites are opening, like Yahoo, Rediff, MSN etc., only Google and Gmail are not opening. Below are the fixlist scan and FRST scan:

     

    Fixlog.txt

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
    Ran by VIVEK (21-01-2017 21:04:54) Run:1
    Running from D:\
    Loaded Profiles: VIVEK (Available Profiles: VIVEK)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    HKLM\...\Run: [Speedify] => C:\Program Files (x86)\Speedify\SpeedifyUI.exe [2245840 2016-10-21] (Connectify)
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3612240 2016-09-01] (Tonec Inc.)
    HKLM\...\Providers\hiyq94fx: C:\Program Files (x86)\Anerrerentkgupy Verfier\local64spl.dll [291328 2017-01-11] ()
    ShellExecuteHooks: No Name - {09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} - C:\Users\VIVEK\AppData\Roaming\Lerjsenomick\Merjodom.dll -> No File
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
    FF HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5 [2016-09-01] [not signed]
    CHR Session Restore: ChromeDefaultData -> is enabled.
    CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-20] <==== ATTENTION
    CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2017-01-11]
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-28] (Ellora Assets Corp.) [File not signed]
    R2 Liqoingsuqush; C:\Program Files (x86)\Atezet\sefewardcekochManager.dll [179712 2017-01-11] () [File not signed]
    R2 Speedify; C:\Program Files (x86)\Speedify\Speedify.exe [2836536 2016-10-21] (Connectify)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
    S2 OtherSearchcaaadbad; rundll32.exe "C:\Program Files (x86)\ca28a028-4454-4670-901a-d399b7a920d61484078674\OtherSearchcaaadbad.dll",soeasy [X]
    U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
    2017-01-19 16:17 - 2017-01-19 16:17 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
    2017-01-11 01:38 - 2017-01-19 16:15 - 00000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-01-11 01:38 - 2017-01-11 01:38 - 00003416 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-01-11 01:37 - 2017-01-21 18:56 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-01-11 01:37 - 2017-01-11 01:51 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-01-11 01:37 - 2017-01-11 01:37 - 00000000 ____D C:\Users\VIVEK\AppData\Local\UCBrowser
    2017-01-11 01:35 - 2017-01-19 16:35 - 00000000 ____D C:\Program Files (x86)\baidu
    2017-01-11 01:35 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Phapergeatjaied
    2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Links2
    2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Wsotainvuzele
    2017-01-11 01:35 - 2017-01-11 01:35 - 00000000 ____D C:\Program Files\9YR3RM447X
    2017-01-11 01:34 - 2017-01-19 16:40 - 00000000 ____D C:\ProgramData\Avg
    2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\Avira
    2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-01-11 01:34 - 2017-01-11 01:34 - 00000000 _____ C:\TOSTACK
    2017-01-11 01:33 - 2017-01-19 15:41 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2017-01-11 01:33 - 2017-01-11 01:36 - 00000000 ____D C:\Windows\system32\SSL
    2017-01-11 01:33 - 2017-01-11 01:33 - 00000000 ____D C:\Program Files (x86)\Anerrerentkgupy Verfier
    2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Lerjsenomick
    2017-01-11 01:32 - 2017-01-11 01:42 - 00000000 ____D C:\Program Files (x86)\Atezet
    2017-01-11 01:32 - 2017-01-11 01:35 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Clcughtdupersy
    2017-01-11 01:30 - 2017-01-19 20:47 - 00001135 _____ C:\Users\Public\Desktop\Download Folder Lock Cr...lnk
    2017-01-07 00:43 - 2017-01-07 00:43 - 02020532 _____ C:\Windows\14013a6da845af9f7006eb5ed4051f1f.exe
    Task: {1676BD33-BB38-4A1A-8B88-77633C0610C6} - \Anerrerentkgupy Verfier -> No File <==== ATTENTION
    Task: {45FE4A7C-4BF4-488D-8E92-E9A2B6617080} - \updengine -> No File <==== ATTENTION
    Task: {8F615EEA-D62B-4FFC-B723-3A97052535EE} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
    Task: {907D5EB2-19E3-4311-A951-CDE946D616EE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {E89EF429-799D-4C18-A6A5-D596A6F9CE03} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-09] (UCWeb Inc) <==== ATTENTION
    Task: {AD36A761-EC67-4717-AAE3-5D9922EBAF6F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-23] ()
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    2017-01-11 01:32 - 2017-01-11 01:32 - 00179712 _____ () c:\program files (x86)\atezet\sefewardcekochmanager.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 00947768 _____ () C:\Program Files (x86)\Speedify\ffmpeg.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 01801272 _____ () C:\Program Files (x86)\Speedify\libglesv2.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 00089144 _____ () C:\Program Files (x86)\Speedify\libegl.dll
    2016-10-26 15:17 - 2016-10-21 01:33 - 04041784 _____ () C:\Program Files (x86)\Speedify\node.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]
    C:\Program Files (x86)\Atezet
    C:\Users\VIVEK\AppData\Local\Clcughtdupersy
    C:\Users\VIVEK\AppData\Roaming\Lerjsenomick
    C:\Program Files (x86)\Anerrerentkgupy Verfier
    C:\Program Files (x86)\UCBrowser
    C:\Users\VIVEK\AppData\Local\Wsotainvuzele
    C:\Program Files (x86)\Phapergeatjaied
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

    *****************

    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Speedify => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater => value removed successfully
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\hiyq94fx => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order hiyq94fx => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} => value removed successfully
    HKCR\CLSID\{09C9B5EC-D3F4-11E6-85AF-64006A5CFC35} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension => key removed successfully
    HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D} => key not found.
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Mozilla\SeaMonkey\Extensions\\[email protected] => value removed successfully
    C:\Users\VIVEK\AppData\Roaming\IDM\idmmzcc5 => moved successfully
    Chrome Session Restore: => removed successfully
    C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
    C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb => not found
    C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb => moved successfully
    HKLM\System\CurrentControlSet\Services\FreemakeVideoCapture => key removed successfully
    FreemakeVideoCapture => service removed successfully
    HKLM\System\CurrentControlSet\Services\Liqoingsuqush => key removed successfully
    Liqoingsuqush => service removed successfully
    HKLM\System\CurrentControlSet\Services\Speedify => key removed successfully
    Speedify => service removed successfully
    npf => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\npf => key removed successfully
    npf => service removed successfully
    HKLM\System\CurrentControlSet\Services\OtherSearchcaaadbad => key removed successfully
    OtherSearchcaaadbad => service removed successfully
    HKLM\System\CurrentControlSet\Services\ucdrv => key removed successfully
    ucdrv => service removed successfully
    HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => key removed successfully
    MBAMSwissArmy => service removed successfully
    HKLM\System\CurrentControlSet\Services\NEWDRIVER => key removed successfully
    NEWDRIVER => service removed successfully
    C:\Windows\SysWOW64\kz.exe => moved successfully
    C:\Windows\Tasks\UCBrowserUpdater.job => moved successfully
    C:\Windows\System32\Tasks\UCBrowserUpdater => moved successfully
    C:\Windows\System32\Tasks\UCBrowserSecureUpdater => moved successfully

    "C:\Program Files (x86)\UCBrowser" folder move:

    Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

    C:\Users\VIVEK\AppData\Local\UCBrowser => moved successfully
    C:\Program Files (x86)\baidu => moved successfully
    C:\Program Files (x86)\Phapergeatjaied => moved successfully
    C:\Users\VIVEK\AppData\Roaming\Links2 => moved successfully
    C:\Users\VIVEK\AppData\Local\Wsotainvuzele => moved successfully
    C:\Program Files\9YR3RM447X => moved successfully
    C:\ProgramData\Avg => moved successfully
    C:\ProgramData\Avira => moved successfully
    C:\ProgramData\AVAST Software => moved successfully
    C:\TOSTACK => moved successfully
    C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
    C:\Windows\system32\SSL => moved successfully
    C:\Program Files (x86)\Anerrerentkgupy Verfier => moved successfully
    C:\Users\VIVEK\AppData\Roaming\Lerjsenomick => moved successfully
    C:\Program Files (x86)\Atezet => moved successfully
    C:\Users\VIVEK\AppData\Local\Clcughtdupersy => moved successfully
    C:\Users\Public\Desktop\Download Folder Lock Cr...lnk => moved successfully
    C:\Windows\14013a6da845af9f7006eb5ed4051f1f.exe => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1676BD33-BB38-4A1A-8B88-77633C0610C6} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1676BD33-BB38-4A1A-8B88-77633C0610C6} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anerrerentkgupy Verfier => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45FE4A7C-4BF4-488D-8E92-E9A2B6617080} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45FE4A7C-4BF4-488D-8E92-E9A2B6617080} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updengine => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8F615EEA-D62B-4FFC-B723-3A97052535EE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F615EEA-D62B-4FFC-B723-3A97052535EE} => key removed successfully
    C:\Windows\System32\Tasks\UCBrowserSecureUpdater => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{907D5EB2-19E3-4311-A951-CDE946D616EE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{907D5EB2-19E3-4311-A951-CDE946D616EE} => key removed successfully
    C:\Windows\System32\Tasks\AVG EUpdate Task => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E89EF429-799D-4C18-A6A5-D596A6F9CE03} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E89EF429-799D-4C18-A6A5-D596A6F9CE03} => key removed successfully
    C:\Windows\System32\Tasks\UCBrowserUpdater => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AD36A761-EC67-4717-AAE3-5D9922EBAF6F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD36A761-EC67-4717-AAE3-5D9922EBAF6F} => key removed successfully
    C:\Windows\System32\Tasks\AutoKMS => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
    C:\Windows\Tasks\UCBrowserUpdater.job => not found.
    "c:\program files (x86)\atezet\sefewardcekochmanager.dll" => not found.
    C:\Program Files (x86)\Speedify\ffmpeg.dll => moved successfully
    C:\Program Files (x86)\Speedify\libglesv2.dll => moved successfully
    C:\Program Files (x86)\Speedify\libegl.dll => moved successfully
    C:\Program Files (x86)\Speedify\node.dll => moved successfully
    C:\Windows\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
    C:\Windows\system32\drivers => ":x64" ADS removed successfully.
    C:\Windows\system32\drivers => ":x86" ADS removed successfully.
    "C:\Program Files (x86)\Atezet" => not found.
    "C:\Users\VIVEK\AppData\Local\Clcughtdupersy" => not found.
    "C:\Users\VIVEK\AppData\Roaming\Lerjsenomick" => not found.
    "C:\Program Files (x86)\Anerrerentkgupy Verfier" => not found.

    "C:\Program Files (x86)\UCBrowser" folder move:

    Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

    "C:\Users\VIVEK\AppData\Local\Wsotainvuzele" => not found.
    "C:\Program Files (x86)\Phapergeatjaied" => not found.

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

    Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

    ========= End of CMD: =========

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-01-2017 21:07:06)

    "C:\Program Files (x86)\UCBrowser" => Could not move
    "C:\Program Files (x86)\UCBrowser" => Could not move

    ==== End of Fixlog 21:07:13 ====


     

    Addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
    Ran by VIVEK (21-01-2017 21:11:30)
    Running from D:\
    Windows 8.1 Pro (X64) (2016-07-23 01:42:25)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-377035130-313707484-1373472014-500 - Administrator - Disabled)
    Guest (S-1-5-21-377035130-313707484-1373472014-501 - Limited - Disabled)
    VIVEK (S-1-5-21-377035130-313707484-1373472014-1001 - Administrator - Enabled) => C:\Users\VIVEK

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
    Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{F1D90A17-427A-B2A6-98AF-D7E77DE0143A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    BitTorrent (HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
    DEVIL MAY CRY 4 (HKLM\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
    DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
    Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.38.2 - ELAN Microelectronic Corp.)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
    Speedify (HKLM\...\Speedify) (Version: 4.0.7.3356 - Connectify)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
    WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.dll ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {44469CE2-9009-403E-AC91-5075ADC75ABD} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
    Task: {86991D16-D398-4FCD-81A0-6F2779374212} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-16] (UCWeb Inc) <==== ATTENTION
    Task: {B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
    Task: {D0B7A62A-E741-40F0-9D97-68C391D04C60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 

    ==================== Loaded Modules (Whitelisted) ==============

    2017-01-11 01:37 - 2017-01-16 16:53 - 00930704 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-01-11 01:35 - 2017-01-11 01:35 - 00225280 ____H () C:\Program Files (x86)\Google\AdobeGoogle.dll
    2016-07-24 02:10 - 2013-12-04 02:05 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 18:55 - 2017-01-11 01:35 - 00003722 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       down.baidu2016.com
    127.0.0.1       123.sogou.com
    127.0.0.1       www.czzsyzgm.com
    127.0.0.1       www.czzsyzxl.com
    127.0.0.1       union.baidu2019.com
    127.0.0.1       down.baidu2016.com
    127.0.0.1       123.sogou.com
    127.0.0.1       www.czzsyzgm.com
    127.0.0.1       www.czzsyzxl.com
    127.0.0.1       union.baidu2019.com
    34.195.153.94 www.google-analytics.com
    34.195.153.94 google-analytics.com
    34.195.153.94 mc.yandex.ru
    34.195.153.94 top-fwz1.mail.ru
    34.195.153.94 site.yandex.net
    34.195.153.94 pagead2.googlesyndication.com
    34.195.153.94 ad.mail.ru
    34.195.153.94 ads.adfox.ru
    34.195.153.94 ads.pubmatic.com
    34.195.153.94 apis.google.com
    34.195.153.94 autocontext.begun.ru
    34.195.153.94 b.scorecardresearch.com
    34.195.153.94 c.amazon-adsystem.com
    34.195.153.94 cdn.admixer.net
    34.195.153.94 cdn.cxense.com
    34.195.153.94 cdn.livefyre.com
    34.195.153.94 cdn.onthe.io
    34.195.153.94 cdn.optimizely.com
    34.195.153.94 cdn.prom.st
    34.195.153.94 cdn.pushwoosh.com

    There are 55 more lines.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VIVEK\Desktop\791f94acfeb2a5b48b2b6d11f25e591a.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{18215059-33AE-46AC-8DF9-00FB22502E84}] => C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{78F43857-82E2-4E21-9EEC-FB49B57D07F1}] => C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [TCP Query User{3566C891-BE3F-4AF3-9947-A02E7ACA247B}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
    FirewallRules: [UDP Query User{FEF32AA9-C263-480C-853A-6C2A2D5A43F7}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
    FirewallRules: [{A58B62AA-6A3B-4CF8-8199-A7222DD08048}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{A3C99D04-6008-4CA8-95FF-3AE7AD16349C}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{929AF19C-590F-4B13-9206-8FBF9056458C}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{8760F7B1-D9BD-4496-9C02-6BC1D452D69E}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{10D3FFCC-395A-4A59-9FFF-74B49EE3E370}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{62A1B8A6-49DD-47F6-9103-32F8EF3BAAC4}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D7799B51-E85A-4CCE-8F7B-8D2A322E27AA}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{720CE350-401D-4E86-8E6D-FEBB0822AE5E}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{DA34208E-D21D-46BE-B721-94EDDD9C43E9}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{214109B1-BB58-4404-999E-44A1C633D1FF}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{A252C7DD-959B-4D85-B088-1EDC41927D46}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{355AA570-AA2A-4433-B2D0-550E95CE6833}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{48D51658-6931-4575-B65D-C9D17A1EB166}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{91FF1BE6-2DBA-45E6-A15A-DF794896623C}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{8695061A-8AF6-49CA-9112-A9C09F14B751}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{4F1DE4C5-606C-4B8A-9D48-43B62F5567ED}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
    FirewallRules: [{59576CFA-B6BC-4E5B-8CDB-5B73175BC3B6}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

    ==================== Restore Points =========================

    02-01-2017 12:55:34 Scheduled Checkpoint
    10-01-2017 17:12:36 Scheduled Checkpoint
    19-01-2017 16:01:52 Installed WinZip 17.5

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/21/2017 09:07:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/21/2017 09:07:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    System errors:
    =============

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
    Percentage of memory in use: 22%
    Total physical RAM: 4024.36 MB
    Available physical RAM: 3121.6 MB
    Total Virtual: 4920.36 MB
    Available Virtual: 4025.96 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:390.62 GB) (Free:304.78 GB) NTFS
    Drive d: (SONY_4GR) (Removable) (Total:3.62 GB) (Free:3.48 GB) FAT32
    Drive e: (New Volume) (Fixed) (Total:539.91 GB) (Free:42.6 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
    Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
    Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=539.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

    ==================== End of Addition.txt ============================


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Don't see a new FRST log but here's a new fixlist based on what didn't go away the last time:

     

    Attached File  fixlist.txt   3.16KB   47 downloads

     

    Got to go out for about 3 hours.

     

     


    • 0

    #7
    Dave_83

    Dave_83

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Hi, After using the fixlist.txt, fixed it using FRST. Browser's IE and Chrome are working fine, Google and Gmail opens up just good  :yes:

     

    Could I know what was the issue?

     

    Below are the scans:

     

    FRST.txt

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
    Ran by VIVEK (administrator) on MIRA (23-01-2017 21:09:58)
    Running from D:\
    Loaded Profiles: VIVEK (Available Profiles: VIVEK)
    Platform: Windows 8.1 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2892616 2014-02-19] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-16] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Tcpip\..\Interfaces\{F98FD385-790B-46F3-BB66-DE859A723147}: [DhcpNameServer] 192.168.1.1 0.0.0.0
    ManualProxies:

    Internet Explorer:
    ==================
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
    BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\b8Ms02X3.dll => No File
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-06-27] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
    IE Session Restore: HKU\S-1-5-21-377035130-313707484-1373472014-1001 -> is enabled.

    FireFox:
    ========
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-04] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-04] (Intel Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-22] <==== ATTENTION
    CHR Extension: (Google Docs) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-22]
    CHR Extension: (Google Drive) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22]
    CHR Extension: (YouTube) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22]
    CHR Extension: (Adobe Acrobat) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-21]
    CHR Extension: (Google Sheets) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-21]
    CHR Extension: (Google Docs Offline) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
    CHR Extension: (Gmail) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22]
    CHR Extension: (Chrome Media Router) - C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-21]
    CHR Profile: C:\Users\VIVEK\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-20]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-28]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeGoogle; C:\Program Files (x86)\Google\AdobeGoogle.dll [225280 2017-01-11] () [File not signed]
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-03-01] (Apple Computer, Inc.) [File not signed]
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-06] (Macrovision Europe Ltd.) [File not signed]
    S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-11-03] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-04] (Intel Corporation)
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [930704 2017-01-16] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2014-09-09] (Qualcomm Atheros Communications, Inc.)
    S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-04] (Intel Corporation)
    S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-25] (Realtek Semiconductor Corp.)
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-23 21:09 - 2017-01-23 21:09 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-01-21 21:07 - 2017-01-21 21:07 - 00000000 ____D C:\Users\VIVEK\AppData\Local\UCBrowser
    2017-01-21 19:43 - 2017-01-21 19:43 - 00001527 _____ C:\Users\Public\Desktop\UC超级返.lnk
    2017-01-21 18:59 - 2017-01-23 21:09 - 00000000 ____D C:\FRST
    2017-01-21 18:52 - 2017-01-21 18:55 - 00000000 ____D C:\AdwCleaner
    2017-01-20 14:48 - 2017-01-20 14:48 - 00001418 _____ C:\Users\VIVEK\Desktop\Internet Explorer.lnk
    2017-01-20 14:27 - 2017-01-20 14:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2017-01-19 16:20 - 2017-01-19 16:20 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-01-19 16:19 - 2017-01-19 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
    2017-01-19 16:04 - 2017-01-19 16:04 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-01-19 16:04 - 2017-01-19 16:04 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-01-19 16:03 - 2017-01-19 16:40 - 00000000 ____D C:\Users\VIVEK\AppData\Local\AvgSetupLog
    2017-01-19 16:03 - 2017-01-19 16:03 - 00000000 ____D C:\Users\VIVEK\AppData\Local\Avg
    2017-01-19 16:02 - 2017-01-19 20:47 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2017-01-19 16:02 - 2017-01-19 20:47 - 00002253 _____ C:\Users\Public\Desktop\WinZip.lnk
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\Documents\Add-in Express
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Users\VIVEK\AppData\Local\WinZip
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\WinZip
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2017-01-19 16:02 - 2017-01-19 16:02 - 00000000 ____D C:\Program Files (x86)\WinZip
    2017-01-19 15:31 - 2017-01-19 15:31 - 00000000 ____D C:\ProgramData\vpconfig
    2017-01-19 15:29 - 2017-01-19 15:29 - 00000000 ____D C:\Windows\19
    2017-01-11 01:43 - 2017-01-19 20:50 - 00000258 __RSH C:\Users\VIVEK\ntuser.pol
    2017-01-11 01:37 - 2017-01-21 19:38 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-01-11 01:09 - 2017-01-11 01:32 - 00000700 ___SH C:\Users\VIVEK\AppData\Local\systemFL7.dat
    2017-01-09 10:53 - 2017-01-09 10:53 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2 (1).pdf
    2017-01-07 14:24 - 2017-01-07 14:25 - 07534439 _____ C:\Users\VIVEK\Downloads\15818170_1844685769149300_7059580909132972032_n.mp4
    2017-01-04 12:22 - 2017-01-04 12:22 - 03626686 _____ C:\Users\VIVEK\Downloads\c99_2.pdf
    2017-01-01 12:40 - 2017-01-01 12:40 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\PowerISO
    2017-01-01 12:35 - 2017-01-06 20:14 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\BitTorrent
    2017-01-01 12:24 - 2017-01-11 01:34 - 00000000 ____D C:\Program Files (x86)\MagicISO
    2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
    2017-01-01 12:24 - 2017-01-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    2016-12-31 12:36 - 2016-12-31 12:37 - 02654065 _____ C:\Users\VIVEK\Downloads\15679572_1011222398982650_8732101501306011648_n.mp4
    2016-12-30 21:42 - 2016-12-30 21:42 - 00214260 _____ C:\Users\VIVEK\Downloads\007.jpg
    2016-12-30 19:46 - 2016-12-30 19:50 - 273245399 _____ C:\Users\VIVEK\Downloads\_CommonRedist.zip
    2016-12-30 19:27 - 2016-12-30 19:27 - 00000000 ____D C:\Users\VIVEK\AppData\LocalLow\Temp
    2016-12-26 22:14 - 2016-12-26 22:14 - 00046571 _____ C:\Users\VIVEK\Downloads\4_the_amazing_spider_man_2.torrent
    2016-12-26 22:14 - 2016-12-26 22:14 - 00002549 _____ C:\Users\VIVEK\Downloads\5_the_amazing_spider_man_2.torrent
    2016-12-26 10:23 - 2016-12-26 10:23 - 00037736 _____ C:\Users\VIVEK\Downloads\iceagecollisioncourse2016dvdripxvidac3-evo-english-96524.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-23 21:07 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-01-23 21:07 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
    2017-01-23 21:02 - 2016-07-23 07:12 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-01-23 21:02 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
    2017-01-22 20:33 - 2016-07-23 07:18 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-377035130-313707484-1373472014-1001
    2017-01-22 20:02 - 2016-09-19 02:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-01-21 21:05 - 2016-10-26 15:17 - 00000000 ____D C:\Program Files (x86)\Speedify
    2017-01-21 21:04 - 2016-10-26 15:17 - 00000000 ____D C:\ProgramData\Speedify
    2017-01-21 21:04 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\IDM
    2017-01-21 18:57 - 2016-09-03 00:22 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\Skype
    2017-01-21 18:57 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\DMCache
    2017-01-20 15:38 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
    2017-01-19 21:28 - 2016-07-23 12:13 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\vlc
    2017-01-19 20:58 - 2016-07-23 07:13 - 00000000 ____D C:\Users\VIVEK
    2017-01-19 20:50 - 2016-11-18 18:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-01-19 20:48 - 2016-09-01 09:34 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-01-19 20:48 - 2016-08-06 12:11 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
    2017-01-19 20:48 - 2016-08-06 12:09 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
    2017-01-19 20:48 - 2016-08-06 12:08 - 00001423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
    2017-01-19 20:48 - 2016-08-06 12:08 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
    2017-01-19 20:48 - 2016-08-06 12:06 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
    2017-01-19 20:48 - 2016-07-24 02:14 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
    2017-01-19 20:48 - 2016-07-23 07:13 - 00001418 _____ C:\Users\VIVEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-01-19 20:48 - 2013-08-22 20:15 - 00000000 ____D C:\Windows\Setup
    2017-01-19 20:47 - 2016-12-09 23:34 - 00001342 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
    2017-01-19 20:47 - 2016-09-01 09:34 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-01-19 20:47 - 2016-07-24 02:14 - 00000722 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
    2017-01-19 20:47 - 2016-07-23 12:01 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-01-19 20:47 - 2016-07-23 11:57 - 00001116 _____ C:\Users\Public\Desktop\Picasa 3.lnk
    2017-01-19 16:36 - 2016-08-02 07:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2017-01-19 16:36 - 2013-08-22 20:14 - 02262920 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-01-19 16:19 - 2013-08-23 00:41 - 00000000 ____D C:\Windows\ShellNew
    2017-01-19 16:15 - 2013-08-22 18:55 - 00000167 _____ C:\Windows\win.ini
    2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-01-19 15:30 - 2016-09-03 00:22 - 00000000 ____D C:\ProgramData\Skype
    2017-01-11 01:43 - 2016-11-29 10:04 - 00000000 ____D C:\Windows\Minidump
    2017-01-11 01:36 - 2016-07-23 12:05 - 00000000 ____D C:\Program Files (x86)\WinRAR
    2017-01-11 01:36 - 2016-07-23 11:57 - 00000000 ____D C:\Program Files (x86)\Google
    2017-01-11 01:34 - 2016-09-01 10:42 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2017-01-11 01:34 - 2016-08-11 10:10 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
    2017-01-11 01:33 - 2016-07-24 02:10 - 00000000 ____D C:\ProgramData\Intel
    2017-01-11 01:33 - 2016-07-23 12:10 - 00000000 ____D C:\ProgramData\AMD
    2017-01-11 01:33 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2017-01-06 21:00 - 2016-10-12 11:30 - 00000000 ____D C:\Users\VIVEK\AppData\Roaming\BitTorrent
    2016-12-30 22:58 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Documents
    2016-12-29 18:05 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Compressed
    2016-12-28 15:19 - 2016-09-01 10:43 - 00000000 ____D C:\Users\VIVEK\Downloads\Video

    ==================== Files in the root of some directories =======

    2017-01-11 01:09 - 2017-01-11 01:32 - 0000700 ___SH () C:\Users\VIVEK\AppData\Local\systemFL7.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-21 19:25

    ==================== End of FRST.txt ============================

     

    Addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
    Ran by VIVEK (23-01-2017 21:10:57)
    Running from D:\
    Windows 8.1 Pro (X64) (2016-07-23 01:42:25)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-377035130-313707484-1373472014-500 - Administrator - Disabled)
    Guest (S-1-5-21-377035130-313707484-1373472014-501 - Limited - Disabled)
    VIVEK (S-1-5-21-377035130-313707484-1373472014-1001 - Administrator - Enabled) => C:\Users\VIVEK

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
    Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{F1D90A17-427A-B2A6-98AF-D7E77DE0143A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    BitTorrent (HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
    DEVIL MAY CRY 4 (HKLM\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
    DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
    Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.38.2 - ELAN Microelectronic Corp.)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
    Speedify (HKLM\...\Speedify) (Version: 4.0.7.3356 - Connectify)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
    WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {4C2F5B99-56DE-4A5D-84FE-8DF1C1B631BA} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\Users\VIVEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 

    ==================== Loaded Modules (Whitelisted) ==============

    2017-01-11 01:37 - 2017-01-16 16:53 - 00930704 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-01-11 01:35 - 2017-01-11 01:35 - 00225280 ____H () C:\Program Files (x86)\Google\AdobeGoogle.dll
    2016-07-24 02:10 - 2013-12-04 02:05 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 18:55 - 2017-01-23 21:06 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-377035130-313707484-1373472014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VIVEK\Desktop\791f94acfeb2a5b48b2b6d11f25e591a.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-377035130-313707484-1373472014-1001\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{18215059-33AE-46AC-8DF9-00FB22502E84}] => C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{78F43857-82E2-4E21-9EEC-FB49B57D07F1}] => C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [TCP Query User{3566C891-BE3F-4AF3-9947-A02E7ACA247B}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
    FirewallRules: [UDP Query User{FEF32AA9-C263-480C-853A-6C2A2D5A43F7}C:\users\vivek\downloads\microsoft toolkit.exe] => C:\users\vivek\downloads\microsoft toolkit.exe
    FirewallRules: [{A58B62AA-6A3B-4CF8-8199-A7222DD08048}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{A3C99D04-6008-4CA8-95FF-3AE7AD16349C}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{929AF19C-590F-4B13-9206-8FBF9056458C}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{8760F7B1-D9BD-4496-9C02-6BC1D452D69E}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{10D3FFCC-395A-4A59-9FFF-74B49EE3E370}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{62A1B8A6-49DD-47F6-9103-32F8EF3BAAC4}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D7799B51-E85A-4CCE-8F7B-8D2A322E27AA}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{720CE350-401D-4E86-8E6D-FEBB0822AE5E}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{DA34208E-D21D-46BE-B721-94EDDD9C43E9}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{214109B1-BB58-4404-999E-44A1C633D1FF}] => C:\Users\VIVEK\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{A252C7DD-959B-4D85-B088-1EDC41927D46}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{355AA570-AA2A-4433-B2D0-550E95CE6833}] => C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{48D51658-6931-4575-B65D-C9D17A1EB166}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{91FF1BE6-2DBA-45E6-A15A-DF794896623C}] => C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{8695061A-8AF6-49CA-9112-A9C09F14B751}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{4F1DE4C5-606C-4B8A-9D48-43B62F5567ED}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
    FirewallRules: [{59576CFA-B6BC-4E5B-8CDB-5B73175BC3B6}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

    ==================== Restore Points =========================

    02-01-2017 12:55:34 Scheduled Checkpoint
    10-01-2017 17:12:36 Scheduled Checkpoint
    19-01-2017 16:01:52 Installed WinZip 17.5

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Generic Bluetooth Adapter
    Description: Generic Bluetooth Adapter
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: GenericAdapter
    Service: BTHUSB
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/23/2017 09:07:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/23/2017 09:07:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    System errors:
    =============
    Error: (01/23/2017 09:07:44 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
    Percentage of memory in use: 23%
    Total physical RAM: 4024.36 MB
    Available physical RAM: 3080.39 MB
    Total Virtual: 4920.36 MB
    Available Virtual: 4008.98 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:390.62 GB) (Free:304.74 GB) NTFS
    Drive d: (SONY_4GR) (Removable) (Total:3.62 GB) (Free:3.44 GB) FAT32
    Drive e: (New Volume) (Fixed) (Total:539.91 GB) (Free:42.6 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
    Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
    Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=539.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)

    ==================== End of Addition.txt ============================


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    I don't see a second fixlog.

     

    Even if the first one fixed the problem you should still continue.

     

    As for what caused your problem:  You had a broken browser hijacker

     

    Something like the one discussed here:

    http://www.myantispy...irefox-ie-edge/

    tho I don't think much of their method of resetting the browser but it probably would work to remove the hijacker but would lose all of your other extensions and add-ons..


    • 0

    #9
    Dave_83

    Dave_83

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Below is the Fixlog details.

     

    Fixlog.txt

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
    Ran by VIVEK (23-01-2017 21:06:15) Run:2
    Running from D:\
    Loaded Profiles: VIVEK (Available Profiles: VIVEK)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.dll ()
    UNLOCK: C:\Program Files (x86)\UCBrowser
    C:\Program Files (x86)\UCBrowser
    Task: {3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {44469CE2-9009-403E-AC91-5075ADC75ABD} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-19] (UC Web Inc.) <==== ATTENTION
    Task: {86991D16-D398-4FCD-81A0-6F2779374212} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-16] (UCWeb Inc) <==== ATTENTION
    Task: {B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
    Task: {D0B7A62A-E741-40F0-9D97-68C391D04C60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1483554]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1209122]
    HOSTS:
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"


    *****************

    Processes closed successfully.
    HKU\S-1-5-21-377035130-313707484-1373472014-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE} => key removed successfully
    "C:\Program Files (x86)\UCBrowser" => was unlocked

    "C:\Program Files (x86)\UCBrowser" folder move:

    Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3477A4F8-DD2A-4D9D-9325-B1A4C70CCCA7} => key removed successfully
    C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44469CE2-9009-403E-AC91-5075ADC75ABD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44469CE2-9009-403E-AC91-5075ADC75ABD} => key removed successfully
    C:\Windows\System32\Tasks\UCBrowserSecureUpdater => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86991D16-D398-4FCD-81A0-6F2779374212} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86991D16-D398-4FCD-81A0-6F2779374212} => key removed successfully
    C:\Windows\System32\Tasks\UCBrowserUpdaterCore => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7D0591C-5A77-44CE-B16D-90DEE1B6EEEE} => key removed successfully
    C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0B7A62A-E741-40F0-9D97-68C391D04C60} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0B7A62A-E741-40F0-9D97-68C391D04C60} => key removed successfully
    C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
    C:\Windows\Tasks\UCBrowserUpdaterCore.job => moved successfully
    C:\Windows\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
    C:\Windows\system32\drivers => ":x64" ADS removed successfully.
    C:\Windows\system32\drivers => ":x86" ADS removed successfully.
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

    Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

    ========= End of CMD: =========


    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-01-2017 21:07:45)

    "C:\Program Files (x86)\UCBrowser" => Could not move

    ==== End of Fixlog 21:07:48 ====


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    UCBrowser seems to be putting up a fight.  Get the 15 day free trial of MBAM:

     

    https://www.malwareb...m/mwb-download/

     

    Click on Download and Save the file and once it finishes downloading, go to the folder (usually you can right click on it and Open Folder) and then right click and Run As Admin.

     

    Let it do a full scan then chack anything it finds and tell it to remove them.

     

    Reboot and then do another MBAM scan.  Does it still find stuff?


    • 0

    #11
    Dave_83

    Dave_83

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Downloaded and scanned, 2 threats were detected and quarantined.

     

    Screenshot attached.

    Attached Thumbnails

    • malware scan report.jpg

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Search for:

     

    task scheduler

    hit enter.

     

    Click on Task Scheduler Library

     

    Look in the next pane over.  Find any tasks that start with UC

    Right click and Disable.

     

    Does it let you do that or do you get an error?


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: virus, malware, IE11-issue

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP