B.
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Primitive (12-01-2017 17:08:26) Run:1
Running from C:\Users\Primitive\Downloads
Loaded Profiles: Primitive (Available Profiles: Primitive)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [EYRKE24C10] => "C:\Program Files\IC2V2WYVYK\IC2V2WYVY.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [NUNFA29225] => "C:\Program Files\2A2LPM4EMV\2A2LPM4EM.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [8OWUXWBOLA] => "C:\Program Files\WULGW5D5I7\WULGW5D5I.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [CREBFQSHC2] => "C:\Program Files\4W0W2ATTVO\OOUXACVEO.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR HomePage: Default ->
hxxp://www-searching.com/?pid=s&s=H1Azf ... prd=set_chCHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=H1Azftptn095001BU,99d2d407-79a2-423f-bfc9-5a32c9d22a91,&vp=ch&prd=set_ch"
S1 QMUdisk; \??\G:\New folder (2)\QQPCMgr\11.5.17480.801\QMUdisk64.sys [X]
FirewallRules: [{37A44789-887F-4CA6-8ACF-C952769083E9}] => C:\Users\Primitive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2031FA55-552B-4B93-A5AE-72E51F6A14C1}] => C:\Users\Primitive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{97E16202-4044-4F0F-9BF2-84A496F9CD3C}] => ?????????????????????????
FirewallRules: [{E5FB93B2-C21A-4215-90F2-2B657ABA1B03}] => ?????????????????????????e
FirewallRules: [{40FFEEF4-8644-4556-A6C6-AD56BA9C3C94}] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{6EBFBA97-8AB9-487C-AE84-C00896D56CF6}] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{C128DD8E-6669-4F8C-A7CC-4CF4B15680EE}C:\program files (x86)\google\chrome\application\chrome334.exe] => C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{B861456E-70E4-469F-8B4F-7F0BF6105783}C:\program files (x86)\google\chrome\application\chrome334.exe] => C:\program files (x86)\google\chrome\application\chrome334.exe
Task: {261E3E8C-3AD7-4C4D-8AA9-783CF4434369} - \{090E0447-0D79-7F0A-7D11-0B0F7A791178} -> No File <==== ATTENTION
Task: {36B00A86-14C3-41A7-B53D-1E7ADF3EF867} - \AutoKMS -> No File <==== ATTENTION
Task: {65B50D4F-1AFF-436B-BC6B-F129C6A6B586} - \KMSAutoNet -> No File <==== ATTENTION
Task: {777CF6EA-4249-47B6-A683-FE7135473D41} - \{2287B3D0-B907-4177-80BB-5FF6B8136810} -> No File <==== ATTENTION
Task: {A30D90C7-A77F-4157-8682-6BEA2B13BD31} - \SwiftPCOptimizer -> No File <==== ATTENTION
Task: {A6004B45-D432-4BF3-88FF-141BF7861078} - \SwiftPCOptimizer_Start -> No File <==== ATTENTION
Task: {AC6523D9-CF90-4522-B591-AA44718C9766} - \{112A8B3F-1DAE-489F-8929-1C94F206F211} -> No File <==== ATTENTION
TTask: {D8A06427-5D05-4CE1-BE41-5F3886ED06BC} - \{422AEE5F-5505-466A-BA11-DE3F57D65AA8} -> No File <==== ATTENTION
Task: {E8283A05-12C4-4092-B1F0-6EDD015C702A} - \{504E3221-1CBB-4D6A-BF66-4695DD06B783} -> No File <==== ATTENTION
C:\program files (x86)\google\chrome\application\chrome334.exe
G:\New folder (2)\QQPCMgr\11.5.17480.801\QMUdisk64.sys
C:\Users\Primitive\AppData\Local\Temp\8F19.tmp.exe
C:\Users\Primitive\AppData\Local\Temp\BrowserAir.exe
C:\Users\Primitive\AppData\Local\Temp\condefclean.exe
C:\Users\Primitive\AppData\Local\Temp\InstallHelper.exe
C:\Users\Primitive\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Primitive\AppData\Local\Temp\libeay32.dll
C:\Users\Primitive\AppData\Local\Temp\msvcr120.dll
C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Primitive\AppData\Local\Temp\nvscpapisvr.exe
C:\Users\Primitive\AppData\Local\Temp\nvStInst.exe
C:\Users\Primitive\AppData\Local\Temp\PidGenX.dll
C:\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE
C:\Users\Primitive\AppData\Local\Temp\sqlite3.dll
C:\Users\Primitive\AppData\Local\Temp\SynciosDeviceService.exe
C:\Users\Primitive\AppData\Local\Temp\tu17p84.exe
C:\Users\Primitive\AppData\Local\Temp\Uninstall.exe
C:\Users\Primitive\AppData\Local\Temp\uninstall_temp_280234.exe
C:\Users\Primitive\AppData\Local\Temp\uninstall_temp_61000.exe
C:\Users\Primitive\AppData\Local\Temp\uninstall_temp_72171.exe
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Folder: C:\Program Files\4W0W2ATTVO
Folder: C:\Program Files\WULGW5D5I7
Folder: C:\Program Files\2A2LPM4EMV
Folder: C:\Program Files\IC2V2WYVYK
Folder: C:\Users\Primitive\AppData\Roaming\uTorrent
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************
Restore point was successfully created.
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EYRKE24C10 => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NUNFA29225 => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\8OWUXWBOLA => value removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CREBFQSHC2 => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-233390903-2661952563-451428824-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
HKLM\System\CurrentControlSet\Services\QMUdisk => key removed successfully
QMUdisk => service removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37A44789-887F-4CA6-8ACF-C952769083E9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2031FA55-552B-4B93-A5AE-72E51F6A14C1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97E16202-4044-4F0F-9BF2-84A496F9CD3C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5FB93B2-C21A-4215-90F2-2B657ABA1B03} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40FFEEF4-8644-4556-A6C6-AD56BA9C3C94} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6EBFBA97-8AB9-487C-AE84-C00896D56CF6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C128DD8E-6669-4F8C-A7CC-4CF4B15680EE}C:\program files (x86)\google\chrome\application\chrome334.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B861456E-70E4-469F-8B4F-7F0BF6105783}C:\program files (x86)\google\chrome\application\chrome334.exe => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{261E3E8C-3AD7-4C4D-8AA9-783CF4434369} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{261E3E8C-3AD7-4C4D-8AA9-783CF4434369} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{090E0447-0D79-7F0A-7D11-0B0F7A791178} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{36B00A86-14C3-41A7-B53D-1E7ADF3EF867} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36B00A86-14C3-41A7-B53D-1E7ADF3EF867} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65B50D4F-1AFF-436B-BC6B-F129C6A6B586} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B50D4F-1AFF-436B-BC6B-F129C6A6B586} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{777CF6EA-4249-47B6-A683-FE7135473D41} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{777CF6EA-4249-47B6-A683-FE7135473D41} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2287B3D0-B907-4177-80BB-5FF6B8136810} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A30D90C7-A77F-4157-8682-6BEA2B13BD31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A30D90C7-A77F-4157-8682-6BEA2B13BD31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftPCOptimizer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6004B45-D432-4BF3-88FF-141BF7861078} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6004B45-D432-4BF3-88FF-141BF7861078} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftPCOptimizer_Start => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC6523D9-CF90-4522-B591-AA44718C9766} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC6523D9-CF90-4522-B591-AA44718C9766} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{112A8B3F-1DAE-489F-8929-1C94F206F211} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\T{D8A06427-5D05-4CE1-BE41-5F3886ED06BC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeT\{422AEE5F-5505-466A-BA11-DE3F57D65AA8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8283A05-12C4-4092-B1F0-6EDD015C702A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8283A05-12C4-4092-B1F0-6EDD015C702A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{504E3221-1CBB-4D6A-BF66-4695DD06B783} => key removed successfully
"C:\program files (x86)\google\chrome\application\chrome334.exe" => not found.
"G:\New folder (2)\QQPCMgr\11.5.17480.801\QMUdisk64.sys" => not found.
C:\Users\Primitive\AppData\Local\Temp\8F19.tmp.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\BrowserAir.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\condefclean.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\InstallHelper.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\nvscpapisvr.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\PidGenX.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE => moved successfully
C:\Users\Primitive\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Primitive\AppData\Local\Temp\SynciosDeviceService.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\tu17p84.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\uninstall_temp_280234.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\uninstall_temp_61000.exe => moved successfully
C:\Users\Primitive\AppData\Local\Temp\uninstall_temp_72171.exe => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
========================= Folder: C:\Program Files\4W0W2ATTVO ========================
2017-01-09 23:46 - 2017-01-09 23:46 - 0000037 _____ () C:\Program Files\4W0W2ATTVO\cast.config
2017-01-09 23:46 - 2017-01-09 23:46 - 0001275 _____ () C:\Program Files\4W0W2ATTVO\OOUXACVEO.exe.config
2017-01-09 23:46 - 2017-01-09 23:46 - 0010752 _____ (UUY77_) C:\Program Files\4W0W2ATTVO\uninstaller.exe
2017-01-09 23:46 - 2017-01-09 23:46 - 0001275 _____ () C:\Program Files\4W0W2ATTVO\uninstaller.exe.config
====== End of Folder: ======
========================= Folder: C:\Program Files\WULGW5D5I7 ========================
2017-01-09 21:59 - 2017-01-09 21:59 - 0000036 _____ () C:\Program Files\WULGW5D5I7\cast.config
2017-01-09 21:59 - 2017-01-09 21:59 - 0010752 _____ (UUY77_) C:\Program Files\WULGW5D5I7\uninstaller.exe
2017-01-09 21:59 - 2017-01-09 21:59 - 0001275 _____ () C:\Program Files\WULGW5D5I7\uninstaller.exe.config
2017-01-09 21:59 - 2017-01-09 21:59 - 0001275 _____ () C:\Program Files\WULGW5D5I7\WULGW5D5I.exe.config
====== End of Folder: ======
========================= Folder: C:\Program Files\2A2LPM4EMV ========================
2017-01-09 21:53 - 2017-01-09 21:53 - 0001275 _____ () C:\Program Files\2A2LPM4EMV\2A2LPM4EM.exe.config
2017-01-09 21:53 - 2017-01-09 21:53 - 0000036 _____ () C:\Program Files\2A2LPM4EMV\cast.config
2017-01-09 21:53 - 2017-01-09 21:53 - 0010752 _____ (UUY77_) C:\Program Files\2A2LPM4EMV\uninstaller.exe
2017-01-09 21:53 - 2017-01-09 21:53 - 0001275 _____ () C:\Program Files\2A2LPM4EMV\uninstaller.exe.config
====== End of Folder: ======
========================= Folder: C:\Program Files\IC2V2WYVYK ========================
2017-01-09 21:52 - 2017-01-09 21:52 - 0000036 _____ () C:\Program Files\IC2V2WYVYK\cast.config
2017-01-09 21:52 - 2017-01-09 21:52 - 0001275 _____ () C:\Program Files\IC2V2WYVYK\IC2V2WYVY.exe.config
2017-01-09 21:52 - 2017-01-09 21:52 - 0010752 _____ (UUY77_) C:\Program Files\IC2V2WYVYK\uninstaller.exe
2017-01-09 21:52 - 2017-01-09 21:52 - 0001275 _____ () C:\Program Files\IC2V2WYVYK\uninstaller.exe.config
====== End of Folder: ======
========================= Folder: C:\Users\Primitive\AppData\Roaming\uTorrent ========================
2017-01-09 21:49 - 2017-01-09 21:53 - 0008135 _____ () C:\Users\Primitive\AppData\Roaming\uTorrent\settings.dat
2017-01-09 21:49 - 2017-01-09 21:49 - 0008067 _____ () C:\Users\Primitive\AppData\Roaming\uTorrent\settings.dat.old
2017-01-09 21:53 - 2017-01-09 21:53 - 0000251 _____ () C:\Users\Primitive\AppData\Roaming\uTorrent\toolbar.benc
2017-01-09 21:53 - 2017-01-09 21:53 - 0000194 _____ () C:\Users\Primitive\AppData\Roaming\uTorrent\updates.dat
2017-01-09 21:49 - 2017-01-09 21:49 - 0000000 ____D () C:\Users\Primitive\AppData\Roaming\uTorrent\share
2017-01-09 21:53 - 2017-01-09 21:53 - 0000000 ____D () C:\Users\Primitive\AppData\Roaming\uTorrent\updates
====== End of Folder: ======
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 48045 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13803978 B
Java, Flash, Steam htmlcache => 131578 B
Windows/system/drivers => 1718178171 B
Edge => 3090736 B
Chrome => 213957135 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 5885 B
NetworkService => 56104 B
Primitive => 41294000728 B
RecycleBin => 641268 B
EmptyTemp: => 40.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:09:06 ====