Solved Chrome runs automatically and opens an unsecured page

January 11, 2019 at 05:56:03
Specs: Windows 8.1, AMD Phenom 2 X4 B95 / 2 GB DDR3
I have installed win 10 pro. I have been facing that chrome runs automatically and runs and runs.
I have run adwcleaner, junk removal tool and farbar recovery tool. but it has not resolved the issue.

Kindly help.


See More: Chrome runs automatically and opens an unsecured page

Reply ↓  Report •

✔ Best Answer
January 11, 2019 at 10:35:45
Also run this freebie which is different to the others:

MalwareBytes:
https://www.malwarebytes.org/
(use the "Free Download" button rather than the "Buy Now" button).
After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds.

Always pop back and let us know the outcome - thanks



#1
January 11, 2019 at 05:56:14
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-11-2019
# Duration: 00:00:13
# OS: Windows 10 Pro
# Cleaned: 45
# Failed: 0


***** [ Services ] *****

Deleted backlh
Deleted AppServiceGroup

***** [ Folders ] *****

Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\SoomroZafar\AppData\Roaming\CRMSvc
Deleted C:\ProgramData\Polygens
Deleted C:\ProgramData\Polygen
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Program Files\Multitimer
Deleted C:\Program Files\ShutdownTime

***** [ Files ] *****

Deleted C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted C:\Users\SoomroZafar\appdata\local\installationconfiguration.xml
Deleted C:\Users\SoomroZafar\AppData\Local\Main.dat
Deleted C:\Windows\System32\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted C:\Users\SoomroZafar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleted C:\Users\SoomroZafar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\PPI Update

***** [ Registry ] *****

Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKCU\Software\mtPolygen
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Polygen\ScotStock.dll"
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Multitimer
Deleted HKCU\Software\Microsoft\BigTime
Deleted HKCU\Software\FastDataX
Deleted HKLM\Software\foldershare
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKLM\Software\Microsoft\DMunversion
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8C82D16-B5F6-490C-A8A2-E5E5AF09AED5}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8C82D16-B5F6-490C-A8A2-E5E5AF09AED5}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPI Update
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKCU\Environment|SNP
Deleted HKCU\Environment|SNF
Deleted HKCU\Software\MICROSOFT\wewewe
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5041 octets] - [11/01/2019 17:27:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Reply ↓  Report •

#2
January 11, 2019 at 05:57:13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x86
Ran by SoomroZafar (Administrator) on 11-Jan-2019 at 17:48:27.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 3

Failed to delete: C:\ProgramData\lavasoft\web companion (Folder)
Failed to delete: C:\Program Files\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\SoomroZafar\AppData\Roaming\lavasoft\web companion (Folder)

Registry: 10

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11-Jan-2019 at 17:50:51.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Reply ↓  Report •

#3
January 11, 2019 at 05:59:01
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-06-2016
Ran by SoomroZafar (administrator) on SOOMROZAFAR (11-01-2019 17:55:04)
Running from D:\Files-Data\Desktop
Loaded Profiles: SoomroZafar (Available Profiles: SoomroZafar)
Platform: Microsoft Windows 10 Pro Version 1709 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
Failed to access process -> Memory Compression
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Users\SoomroZafar\AppData\Local\Temp\is-K0SPP.tmp\zpns3zt1gai.tmp
() C:\Users\SoomroZafar\AppData\Roaming\CRMSvc\CRMSvc.exe
() C:\Users\SoomroZafar\AppData\Local\Temp\is-8OIUV.tmp\p3jbiflxr2t.tmp
() C:\Users\SoomroZafar\AppData\Local\Temp\is-QNK6E.tmp\5ghwpr03shq.tmp
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Microsoft SQL Server\SX0O351ZBQ8E12W485VWH\pm5RJ9RIZK.exe [104960 2019-01-11] ()
HKLM\...\RunOnce: [uuxm3ku1qbf] => C:\Program Files\Overriwde\53301926.exe [869376 2019-01-11] ()
HKLM\...\RunOnce: [riq43wb5ki3] => C:\Program Files\Overriwde\137358826.exe [869376 2019-01-11] ()
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [WhZcJW#VO6.exe] => C:\Program Files\Microsoft SQL Server\SX0O351ZBQ8E12W485VWH\WhZcJW#VO6.exe [363008 2019-01-11] ()
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [1I89PGY9ZXA8NXA] => "C:\Program Files\3ILXRM4QBV\3ILXRM4QB.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [804091] => C:\Users\SoomroZafar\AppData\Roaming\ksimdryb4pi\cglnlkmodiv.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [2RJ7YZ8L2RUWSXW] => "C:\Program Files\J5GKKDN3AH\J5GKKDN3A.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [184836] => C:\Users\SoomroZafar\AppData\Roaming\ljumsprfqtg\gqnm5opsm21.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [HEPOF7HII0KD0YM] => "C:\Program Files\EBWLHZMUZX\EBWLHZMUZ.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [W6RUHYO9K9NJ4B1] => C:\Program Files\YJH561FVYM\YJH561FVY.exe [672768 2019-01-11] (J6KSK)
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [1407341] => C:\Users\SoomroZafar\AppData\Roaming\izdfhjviq2l\bfxdm30nv5l.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [5343351] => C:\Users\SoomroZafar\AppData\Roaming\qpoic303dsk\4szpvjpnzjz.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [8946989] => C:\Users\SoomroZafar\AppData\Roaming\5bustkpngno\2adxjuazkih.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [6677323] => C:\Users\SoomroZafar\AppData\Roaming\0mwcq3d32ju\1eqmfjwizb5.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [UTRRHETPI5P736G] => "C:\Program Files\8QVFPHYKUN\8QVFPHYKU.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [FCREKRHI2NPL633] => "C:\Program Files\AJUWO3GR9U\AJUWO3GR9.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [6969795] => C:\Users\SoomroZafar\AppData\Roaming\d44difaeisj\r03usubek5u.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [BVFK358ZJ8X7AUL] => "C:\Program Files\A0F8SB0NF2\A0F8SB0NF.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [6595844] => C:\Users\SoomroZafar\AppData\Roaming\i3xvrxayigr\c0mjdaybytp.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [2207956] => C:\Users\SoomroZafar\AppData\Roaming\y4pd3edkfrk\qwocj33ppru.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [0H5ZIMMGAUQTD5P] => "C:\Program Files\AHHCT8FY5A\N6OR17MZ4.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [1866416] => C:\Users\SoomroZafar\AppData\Roaming\0p02ff1q1uu\us0zkmf0ra0.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [4163843] => C:\Users\SoomroZafar\AppData\Roaming\hgyii3vhnug\dibs5h53lpm.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [2178406] => C:\Users\SoomroZafar\AppData\Roaming\52vb1z33thx\ga3h3n1tewb.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [M5XJ66CXXO4RS9Q] => "C:\Program Files\DSPOR11NB6\DSPOR11NB.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [47CHJMENDCY0PHL] => "C:\Program Files\UI8WOBOJ9Q\SHE6WKI8Q.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [ZP2OP7L3PDU265X] => "C:\Program Files\CC7FKJILFU\N0K30SIBW.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [YPY58YO8PX0FJ3W] => "C:\Program Files\3U7ST2BKJP\O47MSCZ81.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [8816565] => C:\Users\SoomroZafar\AppData\Roaming\zibawdhdbib\lnhvrwgcvim.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [5669257] => C:\Users\SoomroZafar\AppData\Roaming\555rzw4eq2y\x2lzajlnmfm.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [8183215] => C:\Users\SoomroZafar\AppData\Roaming\aq1omc04lkk\2qnk5brvsmh.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [M1VP18BCLFL6LF8] => "C:\Program Files\ST2BJTMPQP\C8QGIQTLK.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [6561736] => C:\Users\SoomroZafar\AppData\Roaming\cvrkqrbq02e\3ss2qwtlhz4.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [7129612] => C:\Users\SoomroZafar\AppData\Roaming\g0t300bvzhq\ms1pckm2cvj.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [3069916] => C:\Users\SoomroZafar\AppData\Roaming\y0pv3k3z5dm\i3vhsi50gbt.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [5VH4XNJQ0YAP2GI] => "C:\Program Files\1NVOM1AG4Z\1NVOM1AG4.exe"
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [HC9EULQ8ZUVQJ4R] => C:\Program Files\SLK53CQ3QP\MZ2CVGGLL.exe [672768 2019-01-11] (J6KSK)
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [7207903] => C:\Users\SoomroZafar\AppData\Roaming\idjtcub1hex\xwdxsfoyjo4.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [5U4JBV56BYZHWAY] => C:\Program Files\DNKLJUEHT1\H89OZZJNF.exe [672768 2019-01-11] (J6KSK)
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [5624739] => C:\Users\SoomroZafar\AppData\Roaming\lchii0mv11z\ibu0a0fjlz5.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [PFW1MLYT3MYPL81] => C:\Program Files\W4XHDVN51T\W4XHDVN51.exe [672768 2019-01-11] (J6KSK)
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [3742619] => C:\Users\SoomroZafar\AppData\Roaming\dsq0vwudtgn\zpns3zt1gai.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [4MUIYGX85WDWPVP] => C:\Program Files\BDDK931DWT\BDDK931DW.exe [672768 2019-01-11] (J6KSK)
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [Z8VER10H2VN97MQ] => C:\Program Files\3LSYXFEC2O\3LSYXFEC2.exe [672768 2019-01-11] (J6KSK)
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [4937964] => C:\Users\SoomroZafar\AppData\Roaming\3tjgiceg1wl\p3jbiflxr2t.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [1922660] => C:\Users\SoomroZafar\AppData\Roaming\zvwsgm4ebrb\5ghwpr03shq.exe [1833812 2019-01-11] ( )
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\RunOnce: [App] => C:\Users\SoomroZafar\AppData\Roaming\App.exe [595456 2019-01-11] ()
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\MountPoints2: {8b62726b-d03d-11e8-b418-bcaec565573a} - "H:\SISetup.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2018-05-12] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-05-22] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9a09519e-af52-4e55-bf35-8ddfb1417fb5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SoomroZafar\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\SoomroZafar\AppData\Roaming\IDM\idmmzcc5 [2018-10-15] [not signed]
FF HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-20]

Chrome:
=======
CHR Profile: C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Slides) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-15]
CHR Extension: (Docs) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-15]
CHR Extension: (Google Drive) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-15]
CHR Extension: (IDM Integration Module) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-15]
CHR Extension: (Gmail) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\SoomroZafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2018-06-24]

===========================================
Continued in next post/comment box.


Reply ↓  Report •

Related Solutions

#4
January 11, 2019 at 05:59:15
==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [635800 2018-01-05] (Microsoft Corporation)
S3 AssignedAccessManagerSvc; C:\Windows\System32\assignedaccessmanagersvc.dll [299520 2017-09-29] (Microsoft Corporation)
S3 camsvc; C:\Windows\system32\CapabilityAccessManager.dll [169472 2018-01-05] (Microsoft Corporation)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [340480 2017-09-29] (Microsoft Corporation)
R2 CDPUserSvc_6ad7c; C:\Windows\system32\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 CRMSvc; C:\Users\SoomroZafar\AppData\Roaming\CRMSvc\CRMSvc.exe [1524224 2019-01-11] () [File not signed]
S3 DevicesFlowUserSvc; C:\Windows\System32\DevicesFlowBroker.dll [524800 2017-09-29] (Microsoft Corporation)
S3 DevicesFlowUserSvc_6ad7c; C:\Windows\system32\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 diagsvc; C:\Windows\system32\DiagSvc.dll [166912 2017-09-29] (Microsoft Corporation)
R2 DusmSvc; C:\Windows\System32\dusmsvc.dll [237568 2018-01-05] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [575488 2017-09-29] (Microsoft Corporation)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
S3 GraphicsPerfSvc; C:\Windows\System32\GraphicsPerfSvc.dll [54784 2017-09-29] (Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 InstallService; C:\Windows\system32\InstallService.dll [1008640 2018-01-05] (Microsoft Corporation)
S3 IpxlatCfgSvc; C:\Windows\System32\IpxlatCfg.dll [51200 2017-09-29] (Microsoft Corporation)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [23040 2018-10-13] () [File not signed]
S3 NaturalAuthentication; C:\Windows\System32\NaturalAuth.dll [297472 2018-01-05] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\Windows\System32\PrintWorkflowService.dll [136192 2017-09-29] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_6ad7c; C:\Windows\system32\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 PushToInstall; C:\Windows\system32\PushToInstall.dll [187392 2018-01-05] (Microsoft Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [118272 2017-09-29] (Microsoft Corporation)
R2 SecurityHealthService; C:\Windows\system32\SecurityHealthService.exe [414824 2018-01-05] (Microsoft Corporation)
R3 SEMgrSvc; C:\Windows\system32\SEMgrSvc.dll [995328 2017-09-29] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2891976 2018-01-05] (Microsoft Corporation)
S3 SharedRealitySvc; C:\Windows\System32\SharedRealitySvc.dll [310272 2017-09-29] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [143360 2017-09-29] (Microsoft Corporation)
S3 spectrum; C:\Windows\system32\spectrum.exe [661504 2018-01-05] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [131584 2018-01-05] (Microsoft Corporation)
R3 TokenBroker; C:\Windows\System32\TokenBroker.dll [917504 2018-01-05] (Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [836096 2017-09-29] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [244224 2018-01-05] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [244224 2018-01-05] (Microsoft Corporation)
S3 WarpJITSvc; C:\Windows\System32\Windows.WARP.JITService.dll [26112 2017-09-29] (Microsoft Corporation)
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2019-01-11] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3183440 2018-12-12] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\Windows\System32\wfdsconmgrsvc.dll [434688 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [91776 2018-12-12] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [654336 2017-09-29] (Microsoft Corporation)
S3 wlpasvc; C:\Windows\System32\lpasvc.dll [878592 2017-09-29] (Microsoft Corporation)
S2 WpnUserService; C:\Windows\System32\WpnUserService.dll [57856 2017-09-29] (Microsoft Corporation)
R2 WpnUserService_6ad7c; C:\Windows\system32\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 xbgm; C:\Windows\system32\xbgmsvc.exe [118344 2017-09-29] (Microsoft Corporation)
S3 XboxGipSvc; C:\Windows\System32\XboxGipSvc.dll [46592 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AC9ABDE32E77; C:\Windows\AC9ABDE32E77.sys [493800 2019-01-11] (VideoDriver)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [13312 2017-09-29] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [13312 2017-09-29] (Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [92056 2017-09-29] (Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [116632 2017-09-29] (Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [109464 2017-09-29] (Microsoft Corporation)
R1 bam; C:\Windows\System32\drivers\bam.sys [49560 2018-01-05] (Microsoft Corporation)
S3 CAD; C:\Windows\System32\drivers\CAD.sys [51608 2017-09-29] (Microsoft Corporation)
R2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [308224 2018-01-05] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R2 dump_76AF3F80; C:\Windows\System32\drivers\dump_76AF3F80.sys [150784 2019-01-11] () [File not signed]
S3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [17504 2003-02-21] ( )
S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [18944 2017-09-29] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [28672 2017-09-29] (Intel(R) Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [30208 2017-09-29] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [43552 2017-09-29] (Microsoft Corporation)
S3 IPT; C:\Windows\System32\drivers\ipt.sys [19456 2017-09-29] (Microsoft Corporation)
S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [405024 2017-09-29] (Microsoft Corporation)
S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [42904 2017-09-29] (Microsoft Corporation)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [56728 2017-09-29] (Avago Technologies)
R0 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [210328 2017-09-29] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [91648 2017-09-29] (Microsoft Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [51608 2017-09-29] (Avago Technologies)
S0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [32152 2017-09-29] (Microsoft Corporation)
S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [71680 2017-09-29] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [100864 2017-09-29] (Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [35736 2017-09-29] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [8704 2018-01-05] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [14232 2017-09-29] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [116120 2018-01-05] (Microsoft Corporation)
S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [58880 2018-01-05] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [38488 2018-12-12] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [266424 2018-12-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [47800 2018-12-12] (Microsoft Corporation)
S3 wdnsfltr; C:\Windows\System32\drivers\wdnsfltr.sys [24576 2017-09-29] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [182272 2018-01-05] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: PushToInstall -> C:\Windows\system32\PushToInstall.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: InstallService -> C:\Windows\system32\InstallService.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-01 15:15 - 2019-11-01 15:15 - 00004096 _____ C:\Windows\SECOH-QAD.exe
2019-11-01 15:15 - 2019-11-01 15:15 - 00003072 _____ C:\Windows\SECOH-QAD.dll
2019-01-11 17:54 - 2019-01-11 17:55 - 00000000 ____D C:\FRST
2019-01-11 17:40 - 2019-01-11 17:49 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\Lavasoft
2019-01-11 17:40 - 2019-01-11 17:40 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Lavasoft
2019-01-11 17:40 - 2019-01-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-01-11 17:40 - 2019-01-11 17:40 - 00000000 ____D C:\Program Files\Lavasoft
2019-01-11 17:39 - 2019-01-11 17:39 - 00000000 ____D C:\ProgramData\Lavasoft
2019-01-11 17:38 - 2019-01-11 17:39 - 00000000 ____D C:\Program Files\3LSYXFEC2O
2019-01-11 17:38 - 2019-01-11 17:38 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\zvwsgm4ebrb
2019-01-11 17:38 - 2019-01-11 17:38 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\CRMSvc
2019-01-11 17:38 - 2019-01-11 17:38 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\3tjgiceg1wl
2019-01-11 17:38 - 2019-01-11 17:38 - 00000000 ____D C:\Program Files\BDDK931DWT
2019-01-11 17:26 - 2019-01-11 17:34 - 00000000 ____D C:\AdwCleaner
2019-01-11 17:16 - 2019-01-11 17:16 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\dsq0vwudtgn
2019-01-11 17:16 - 2019-01-11 17:16 - 00000000 ____D C:\Program Files\W4XHDVN51T
2019-01-11 17:01 - 2019-01-11 17:01 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\lchii0mv11z
2019-01-11 17:01 - 2019-01-11 17:01 - 00000000 ____D C:\Program Files\DNKLJUEHT1
2019-01-11 16:37 - 2019-01-11 16:37 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\idjtcub1hex
2019-01-11 16:37 - 2019-01-11 16:37 - 00000000 ____D C:\Program Files\SLK53CQ3QP
2019-01-11 16:21 - 2019-01-11 16:21 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\y0pv3k3z5dm
2019-01-11 16:20 - 2019-01-11 16:20 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\g0t300bvzhq
2019-01-11 16:20 - 2019-01-11 16:20 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\cvrkqrbq02e
2019-01-11 16:17 - 2019-01-11 16:17 - 00595456 _____ C:\Users\SoomroZafar\AppData\Roaming\App.exe
2019-01-11 16:16 - 2019-01-11 16:16 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\zibawdhdbib
2019-01-11 16:16 - 2019-01-11 16:16 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\aq1omc04lkk
2019-01-11 16:16 - 2019-01-11 16:16 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\555rzw4eq2y
2019-01-11 16:13 - 2019-01-11 17:38 - 00007251 _____ C:\Windows\system32\rrrr.txt
2019-01-11 16:13 - 2019-01-11 16:13 - 00150784 _____ C:\Windows\system32\Drivers\dump_76AF3F80.sys
2019-01-11 16:13 - 2019-01-11 16:13 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\ybon3ij0ioj
2019-01-11 16:13 - 2019-01-11 16:13 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\n1sl5r5fgur
2019-01-11 16:13 - 2019-01-11 16:13 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\1yz3u4ixmfp
2019-01-11 16:13 - 2019-01-11 16:13 - 00000000 ____D C:\Program Files\NWNRJR9U98
2019-01-11 16:10 - 2019-01-11 16:10 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\cdqlnt04jfg
2019-01-11 16:05 - 2019-01-11 16:05 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\hgyii3vhnug
2019-01-11 16:05 - 2019-01-11 16:05 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\52vb1z33thx
2019-01-11 16:05 - 2019-01-11 16:05 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\0p02ff1q1uu
2019-01-11 15:57 - 2019-01-11 15:57 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\i3xvrxayigr
2019-01-11 15:56 - 2019-01-11 15:56 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\y4pd3edkfrk
2019-01-11 15:56 - 2019-01-11 15:56 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\d44difaeisj
2019-01-11 15:51 - 2019-01-11 15:51 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\0mwcq3d32ju
2019-01-11 15:49 - 2019-01-11 15:49 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\qpoic303dsk
2019-01-11 15:49 - 2019-01-11 15:49 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\5bustkpngno
2019-01-11 15:47 - 2019-01-11 15:48 - 00000000 ____D C:\Program Files\YJH561FVYM
2019-01-11 15:47 - 2019-01-11 15:47 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\izdfhjviq2l
2019-01-11 15:46 - 2019-01-11 15:46 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\ljumsprfqtg
2019-01-11 15:45 - 2019-01-11 16:17 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Samantha
2019-01-11 15:45 - 2019-01-11 15:49 - 00000000 ____D C:\Program Files\Common Files\Tiplux
2019-01-11 15:45 - 2019-01-11 15:45 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\Mozilla
2019-01-11 15:44 - 2019-01-11 15:47 - 00000000 ____D C:\Program Files\Overriwde
2019-01-11 15:44 - 2019-01-11 15:44 - 01895382 _____ C:\Users\SoomroZafar\AppData\Local\Lamtop.bin
2019-01-11 15:44 - 2019-01-11 15:44 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\ksimdryb4pi
2019-01-11 15:43 - 2019-01-11 15:55 - 00000000 ____D C:\Program Files\WinData
2019-01-11 15:43 - 2019-01-11 15:44 - 01283072 _____ (Free Time, 2008-2016 ) C:\Windows\MediaConverter.exe
2019-01-11 15:43 - 2019-01-11 15:43 - 07858688 _____ C:\Users\SoomroZafar\AppData\Local\agent.dat
2019-01-11 15:43 - 2019-01-11 15:43 - 02036399 _____ C:\Users\SoomroZafar\AppData\Local\HotIt.tst
2019-01-11 15:43 - 2019-01-11 15:43 - 00126464 _____ C:\Users\SoomroZafar\AppData\Local\noah.dat
2019-01-11 15:43 - 2019-01-11 15:43 - 00070896 _____ C:\Users\SoomroZafar\AppData\Local\Config.xml
2019-01-11 15:43 - 2019-01-11 15:43 - 00005568 _____ C:\Users\SoomroZafar\AppData\Local\md.xml
2019-01-11 15:43 - 2019-01-11 15:43 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Chrome
2019-01-11 15:42 - 2019-01-11 15:42 - 00278509 _____ C:\Users\SoomroZafar\AppData\Local\Zathstock.tst
2019-01-11 15:42 - 2019-01-11 15:41 - 01997312 _____ (TODO: <Company name>) C:\Users\SoomroZafar\AppData\Local\Zathstock.exe
2019-01-11 15:42 - 2019-01-11 15:41 - 01997312 _____ (TODO: <Company name>) C:\Users\SoomroZafar\AppData\Local\HotIt.exe
2019-01-11 15:41 - 2019-01-11 15:48 - 00722944 _____ C:\Users\SoomroZafar\AppData\Local\sham.db
2019-01-11 15:41 - 2019-01-11 15:41 - 00493800 _____ (VideoDriver) C:\Windows\AC9ABDE32E77.sys
2019-01-11 15:41 - 2019-01-11 15:41 - 00140800 _____ C:\Users\SoomroZafar\AppData\Local\installer.dat
2019-01-11 15:41 - 2019-01-11 15:41 - 00000000 ____D C:\Program Files\foldershare
2019-01-11 15:40 - 2019-01-11 15:40 - 00000000 ____D C:\ProgramData\{C2877499-ED75-05E2-0DF0-61890D1738D8}
2019-01-11 15:40 - 2019-01-11 15:40 - 00000000 ____D C:\ProgramData\{A21277C0-EE2C-6577-54F3-F4E95414ADB8}
2019-01-11 15:39 - 2019-01-11 15:39 - 00000000 ____D C:\Program Files\Microsoft Toolkit Final
2019-01-08 14:49 - 2019-01-08 14:49 - 00000952 _____ C:\Users\SoomroZafar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BurningROMPortable.lnk
2019-01-08 09:58 - 2019-01-08 09:58 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsignf7bd359e0a80d210
2019-01-08 09:57 - 2019-01-08 09:57 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign1c2578d33a74db1a
2019-01-08 09:56 - 2019-01-08 09:56 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign8ce36c8bf0f1b0c6
2019-01-08 09:56 - 2019-01-08 09:56 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign5df6c6c78a50ce0f
2019-01-04 14:39 - 2019-01-04 14:41 - 00001456 _____ C:\Users\SoomroZafar\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-01-04 14:31 - 2019-01-04 14:31 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsignc01dd74971e5c38f
2019-01-04 14:31 - 2019-01-04 14:31 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign38c17b0ff787c7b8
2019-01-04 14:31 - 2019-01-04 14:31 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign14fbbf055da41871
2018-12-24 15:37 - 2018-12-24 15:37 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsignbd45a1c5939531c5
2018-12-24 15:35 - 2018-12-24 15:35 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign5877cfcde16d73f9
2018-12-24 15:35 - 2018-12-24 15:35 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign2b80b87620ccdd77
2018-12-20 16:37 - 2018-12-20 16:37 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign76e6c5b2be44778c
2018-12-20 16:37 - 2018-12-20 16:37 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign242368e7877c8fea
2018-12-20 16:27 - 2018-12-20 16:27 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign3598e47b052581fd
2018-12-20 16:27 - 2018-12-20 16:27 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign326e7f2b0dcde98f
2018-12-19 19:55 - 2018-12-19 19:55 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsignc4eb18cad8a7bbab
2018-12-19 19:55 - 2018-12-19 19:55 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsigna172ed4c45a98bc2
2018-12-19 19:55 - 2018-12-19 19:55 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign05300751dc930985
2018-12-19 19:13 - 2018-12-19 19:13 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign9f46777b4cdc9ccc
2018-12-19 19:13 - 2018-12-19 19:13 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign955d7e1f5fb6f5cf
2018-12-19 18:53 - 2018-12-19 18:53 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign971b154cbdfba1bd
2018-12-19 18:53 - 2018-12-19 18:53 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Tempzxpsign4dbfd0cffe0f774f

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 17:41 - 2018-10-13 15:34 - 01928646 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-11 17:35 - 2018-10-13 15:18 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-11 17:34 - 2018-10-15 13:03 - 00002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-11 17:34 - 2017-09-29 10:31 - 00524288 _____ C:\Windows\system32\config\BBI
2019-01-11 16:38 - 2018-10-15 17:54 - 00000000 ____D C:\Windows\Minidump
2019-01-11 16:38 - 2018-10-15 13:26 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\IDM
2019-01-11 16:38 - 2017-09-29 16:52 - 00000000 ____D C:\Windows\INF
2019-01-11 16:33 - 2018-10-15 12:46 - 00000000 ____D C:\Program Files\KMSpico
2019-01-11 16:27 - 2017-09-29 16:55 - 00000000 ____D C:\Windows\DeliveryOptimization
2019-01-11 16:15 - 2018-10-13 15:18 - 00000000 ____D C:\Windows\system32\SleepStudy
2019-01-11 16:10 - 2018-10-13 15:33 - 00000000 ____D C:\Users\SoomroZafar
2019-01-11 15:49 - 2018-10-15 13:26 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\DMCache
2019-01-11 15:40 - 2018-10-15 11:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2019-01-11 11:34 - 2018-10-13 15:33 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Packages
2019-01-10 08:48 - 2017-09-29 16:55 - 00000000 ____D C:\Windows\AppReadiness
2019-01-09 08:58 - 2017-09-29 16:55 - 00000000 ___HD C:\Program Files\WindowsApps
2019-01-08 14:49 - 2018-10-15 11:33 - 00000000 ____D C:\BurningROMPortable
2019-01-08 09:58 - 2018-10-13 15:33 - 00000000 ____D C:\Users\SoomroZafar\AppData\Roaming\Adobe
2018-12-20 11:13 - 2018-10-13 15:35 - 00002390 _____ C:\Users\SoomroZafar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-20 11:13 - 2018-10-13 15:35 - 00000000 ___RD C:\Users\SoomroZafar\OneDrive
2018-12-19 19:13 - 2018-10-15 12:52 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\Adobe
2018-12-19 12:15 - 2018-10-13 16:29 - 00000000 ____D C:\Users\SoomroZafar\AppData\Local\PlaceholderTileLogoFolder
2018-12-13 13:04 - 2017-09-29 16:55 - 00000000 ____D C:\Windows\system32\NDF
2018-12-12 08:33 - 2018-10-15 14:02 - 00000000 ____D C:\Windows\system32\Drivers\wd
2018-12-12 08:32 - 2018-10-15 12:11 - 00499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-12 08:28 - 2017-09-29 10:31 - 00000000 ____D C:\Windows\system32\config

==================== Files in the root of some directories =======

2019-01-11 16:17 - 2019-01-11 16:17 - 0595456 _____ () C:\Users\SoomroZafar\AppData\Roaming\App.exe
2019-01-04 14:39 - 2019-01-04 14:41 - 0001456 _____ () C:\Users\SoomroZafar\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-01-11 15:43 - 2019-01-11 15:43 - 7858688 _____ () C:\Users\SoomroZafar\AppData\Local\agent.dat
2019-01-11 15:43 - 2019-01-11 15:43 - 0070896 _____ () C:\Users\SoomroZafar\AppData\Local\Config.xml
2019-01-11 15:42 - 2019-01-11 15:41 - 1997312 _____ (TODO: <Company name>) C:\Users\SoomroZafar\AppData\Local\HotIt.exe
2019-01-11 15:43 - 2019-01-11 15:43 - 2036399 _____ () C:\Users\SoomroZafar\AppData\Local\HotIt.tst
2019-01-11 15:41 - 2019-01-11 15:41 - 0140800 _____ () C:\Users\SoomroZafar\AppData\Local\installer.dat
2019-01-11 15:44 - 2019-01-11 15:44 - 1895382 _____ () C:\Users\SoomroZafar\AppData\Local\Lamtop.bin
2019-01-11 15:43 - 2019-01-11 15:43 - 0005568 _____ () C:\Users\SoomroZafar\AppData\Local\md.xml
2019-01-11 15:43 - 2019-01-11 15:43 - 0126464 _____ () C:\Users\SoomroZafar\AppData\Local\noah.dat
2018-10-18 09:42 - 2018-10-18 09:42 - 0000000 _____ () C:\Users\SoomroZafar\AppData\Local\oobelibMkey.log
2019-01-11 15:41 - 2019-01-11 15:48 - 0722944 _____ () C:\Users\SoomroZafar\AppData\Local\sham.db
2019-01-11 15:45 - 2019-01-11 15:45 - 0032038 _____ () C:\Users\SoomroZafar\AppData\Local\uninstall_temp.ico
2019-01-11 15:42 - 2019-01-11 15:41 - 1997312 _____ (TODO: <Company name>) C:\Users\SoomroZafar\AppData\Local\Zathstock.exe
2019-01-11 15:42 - 2019-01-11 15:42 - 0278509 _____ () C:\Users\SoomroZafar\AppData\Local\Zathstock.tst

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2019-11-01 14:54

==================== End of FRST.txt ============================


Reply ↓  Report •

#5
January 11, 2019 at 06:50:08
You should not post logs without being asked for them.

If you don't already have it, try CCleaner-Slim. Run the cleaner & the registry scanner & remove everything they find. Then click on Tools > Startup & have a look at the Windows entries & Scheduled Tasks; disable or delete as necessary. You should also look at the Browser plugins & make adjustments their as well. Afterwards, reboot & see what happens.
https://www.ccleaner.com/ccleaner/b...


Reply ↓  Report •

#6
January 11, 2019 at 10:35:45
✔ Best Answer
Also run this freebie which is different to the others:

MalwareBytes:
https://www.malwarebytes.org/
(use the "Free Download" button rather than the "Buy Now" button).
After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#7
January 11, 2019 at 14:24:56
Copy & Paste the contents of the Malwarebytes scan log please.

message edited by Johnw


Reply ↓  Report •

#8
January 11, 2019 at 15:08:13
After posting the Malwarebytes log, download the latest version of Farbar.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php


Reply ↓  Report •

#9
January 12, 2019 at 01:04:20
After running Malwarebytes antimalware, it is working fine. Thank you.

MALWAREBYTES LOG here
http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#10
January 12, 2019 at 07:39:15
"MALWAREBYTES LOG here"
Thanks, but that is not the log.

http://fs5.directupload.net/images/...
After clicking on > View Report & then > Export. Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.


Reply ↓  Report •

#11
January 13, 2019 at 05:18:31
I will post malwarebytes log later.
After that I have started FRST. After a few seconds it goes to "Not Responding". What to do? I have tried so many times.

Reply ↓  Report •

#12
January 13, 2019 at 13:55:39
"What to do? I have tried so many times"
No idea at this stage, need the Malwarebytes log first.

Reply ↓  Report •

#13
January 13, 2019 at 23:57:19
Try this two method ,hope it works .
first the delete the cookies,clear the cache,delete the history
second is reinstall the chrome.
Also try the following that might assist
https://dailytechposts.com/google-c...
https://dailytechposts.com/err-cach...
https://dailytechposts.com/delete-c...

Reply ↓  Report •

#14
January 17, 2019 at 00:26:24
ALL GOES WRONG.
I am installing Free version now. I have uninstalled Malwarebytes.
BECAUSE
--------------
I had installed accidentally premium, which was unable to view log report.

Reply ↓  Report •

#15
January 17, 2019 at 01:25:14
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/17/19
Scan Time: 1:35 PM
Log File: e4f136f2-1a32-11e9-a4dc-bcaec565573a.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.8828
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x86
File System: NTFS
User: SOOMROZAFAR\SoomroZafar

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 213925
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 6 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Rootkit.Agent.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AC9ABDE32E77, Quarantined, [416], [624064],1.0.8828

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [5324], [353142],1.0.8828
Rootkit.Agent.PUA, C:\WINDOWS\AC9ABDE32E77.SYS, Quarantined, [416], [624064],1.0.8828

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


Reply ↓  Report •

#16
January 17, 2019 at 01:27:24
Below is the log file when uninstalling Premium version. It may help to diagnose. Thank you.

http://www.fileconvoy.com/dfl.php?i...

message edited by raaz_hai


Reply ↓  Report •

#17
January 17, 2019 at 01:29:47
"Below is the log file when uninstalling Premium version. It may help to diagnose"
You forgot the log.

Reply ↓  Report •

#18
January 17, 2019 at 01:34:21
"What to do? I have tried so many times"
Try FRST ( not FRST 64 ) again, now that Malwarebytes has quarantined those 3 files.

New version now available, download please.


Reply ↓  Report •

#19
January 17, 2019 at 01:52:23
both files log and addition
http://www.fileconvoy.com/dfl.php?i...

Reply ↓  Report •

#20
January 17, 2019 at 01:54:23
You didn't follow the original instructions.
"After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds"

Run Malwarebytes again please, include > Scan for rootkits.

Copy & Paste the contents of the log, in your next reply please.


Reply ↓  Report •

#21
January 17, 2019 at 05:23:30
Oh I forgot! Here it is.
http://www.fileconvoy.com/dfl.php?i...

Reply ↓  Report •

#22
January 17, 2019 at 05:46:09
"Oh I forgot! Here it is"
Good result, nice & clean.

Copy & Paste only the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\MountPoints2: {8b62726b-d03d-11e8-b418-bcaec565573a} - "H:\SISetup.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
SearchScopes: HKLM -> DefaultScope value is missing
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\webcompanion.com -> hxxp://webcompanion.com

Open FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Reply ↓  Report •

#23
January 17, 2019 at 23:17:40
Fix result of Farbar Recovery Scan Tool (x86) Version: 16-01-2019 01
Ran by SoomroZafar (18-01-2019 11:50:26) Run:1
Running from D:\Files-Data\Desktop
Loaded Profiles: SoomroZafar (Available Profiles: SoomroZafar)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\MountPoints2: {8b62726b-d03d-11e8-b418-bcaec565573a} - "H:\SISetup.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
SearchScopes: HKLM -> DefaultScope value is missing
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\...\webcompanion.com -> hxxp://webcompanion.com
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b62726b-d03d-11e8-b418-bcaec565573a} => removed successfully.
HKLM\Software\Classes\CLSID\{8b62726b-d03d-11e8-b418-bcaec565573a} => not found
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.
HKU\S-1-5-21-3469074536-4166737508-3379940497-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8675328 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58451360 B
Java, Flash, Steam htmlcache => 0 B


Reply ↓  Report •

#24
January 17, 2019 at 23:22:52
Extract from your log.
"Windows Defender Antivirus has encountered an error trying to update signatures"
See if you can now update Windows Defender.
https://windows10skill.com/update-w...

Reply ↓  Report •

#25
January 18, 2019 at 04:15:02
Thank you everyone, specially Johnw.
Should I remove Malwarebytes Free? Suggest.
BTW I have manually updated Win Defender. see https://imgur.com/MvvHYER

Reply ↓  Report •

#26
January 18, 2019 at 05:07:14
"Should I remove Malwarebytes Free?"
I wouldn't.

"BTW I have manually updated Win Defender"
Very good.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)


Reply ↓  Report •

#27
January 18, 2019 at 22:48:51
# DelFix v1.013 - Logfile created 19/01/2019 at 11:45:27
# Updated 17/04/2016 by Xplode
# Username : SoomroZafar - SOOMROZAFAR
# Operating System : Windows 10 Pro (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #16 [Scheduled Checkpoint | 01/10/2019 05:57:10]
Deleted : RP #18 [JRT Pre-Junkware Removal | 01/11/2019 12:48:29]
Deleted : RP #19 [Installed Transmission 2.92 (14714) | 01/16/2019 06:53:55]
Deleted : RP #17 [Scheduled Checkpoint | 11/01/2019 10:01:51]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Reply ↓  Report •

#28
January 18, 2019 at 23:08:23
Here is how a USER got the problems shown in your AdwCleaner, Farbar & MalwareBytes logs. No AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample/Example pages.
http://www.softpedia.com/get/Multim...
http://fs5.directupload.net/images/...
Users are advised to pay attention while installing this ad-supported application:
· Offers to download or install software or components (Facemoods toolbar) that the program does not require to fully function
· Offers to change the homepage for web browsers installed in the system.
SS of above.
http://fs5.directupload.net/images/...


Reply ↓  Report •

#29
January 19, 2019 at 05:48:55
After all the above steps, I have been facing this error https://bit.ly/2W1fu9a
Kindly help

Dear Johnw: I have not followed any steps posted above post # 28, right above my post.


Reply ↓  Report •

#30
January 19, 2019 at 06:04:38
raaz_hai, refer your new post.

Reply ↓  Report •

Ask Question