Fixlog, RogueKiller, ESET Online Scan
Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Kym (2016-03-02 17:35:11) Run:3
Running from C:\Users\Kym\Desktop
Loaded Profiles: Kym (Available Profiles: Kym)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2016-03-01 12:49 - 2014-09-10 20:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
Task: {025E3B95-A6D2-4C85-BD24-71C170E5A887} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-10] ()
C:\ProgramData\DP45977C.lfl
C:\Users\Kym\AppData\Local\Temp\sqlite3.dll
Task: {F27906F8-C2D3-459A-A01E-D551D7DB510D} - \{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} -> No File <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => not found.
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
idsvc => service not found.
wfpcapture => service not found.
wpcsvc => service not found.
"C:\WINDOWS\System32\Tasks\AutoKMS" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{025E3B95-A6D2-4C85-BD24-71C170E5A887} => key not found.
C:\WINDOWS\System32\Tasks\AutoKMS => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found.
"C:\ProgramData\DP45977C.lfl" => not found.
"C:\Users\Kym\AppData\Local\Temp\sqlite3.dll" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F27906F8-C2D3-459A-A01E-D551D7DB510D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 240.5 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 17:35:14 ====
RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Kym [Administrator]
Started from : C:\Users\Kym\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/02/2016 18:10:45
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 1 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00A8LB0 SCSI Disk Device +++++
--- User ---
[MBR] c609e88a3e3a1eba81f6bd58da21a012
[BSP] 6de4e5b287547337ca290f55453cdbb2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Samsung SSD 840 EVO 120G SCSI Disk Device +++++
--- User ---
[MBR] 2414a722e2d20553db2407084ca6f557
[BSP] 5514a66c0c60dbc0c336179378e42b92 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
C:\AdwCleaner\Quarantine\C\ProgramData\3c355888\4543324a.dll.vir a variant of Win32/Adware.Adposhel.A application
C:\FRST\Quarantine\C\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe.xBAD a variant of Win32/InstallCore.AFF.gen potentially unwanted application
C:\Users\Kym\AppData\Roaming\uTorrent\updates\3.4.1_30925.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\WINDOWS\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.H potentially unsafe application
Thank You So Much!!!!!!!!!!!!!!!!!!!!!
Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Kym (2016-03-03 14:21:44) Run:4
Running from C:\Users\Kym\Desktop
Loaded Profiles: Kym (Available Profiles: Kym)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Kym\AppData\Roaming\uTorrent\updates\3.4.1_30925.exe
C:\WINDOWS\AutoKMS\AutoKMS.exe
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Users\Kym\AppData\Roaming\uTorrent\updates\3.4.1_30925.exe => moved successfully
C:\WINDOWS\AutoKMS\AutoKMS.exe => moved successfully
EmptyTemp: => 360 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 14:21:51 ====