mikehende
Active Member-
Posts
958 -
Joined
-
Last visited
-
Days Won
5
Content Type
Forums
Blogs
Events
Articles
Resources
Downloads
Gallery
Store
Everything posted by mikehende
-
Hey guys, I am not sure if this thread belongs her so if not please move to whichever forum, thanks. Hearing now about the ipad pro being virus free, one thing come to mind, whatever technology they are using for this may soon be used in windows then virus cleaning will eventually become obsolete?
-
Dell laptop win10 virus/adware issues
mikehende replied to mikehende's topic in Tech Help and Discussions
The owner was giving the laptop to his sister so he wanted it working right with no chances of virus activity which is why we went the reset route. Thanks for coming to the rescue as always though but you know the situation around here, waiting is a word that's not in most folk's vocabulary :). Anyway Pete, have a great holiday season, wish you a very happy new year and catch you next time, Mike. p.s. I am working on voice commands to control pc and also my music library, if interested let me know, if I can make it successful I will fill you in. -
Dell laptop win10 virus/adware issues
mikehende replied to mikehende's topic in Tech Help and Discussions
Ohh, if you see this thread Pete, please ignore and delete as I have been able to access the Recovery on this machine and Resetting it now, sorry for any inconvenience, take it easy. -
Dell laptop win10 virus/adware issues
mikehende replied to mikehende's topic in Tech Help and Discussions
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016 Ran by Stephen (21-12-2016 12:29:55) Running from D:\AV Softwares Windows 10 Home Version 1607 (X64) (2016-09-28 09:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2244106997-2420280254-724524497-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2244106997-2420280254-724524497-503 - Limited - Disabled) Guest (S-1-5-21-2244106997-2420280254-724524497-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2244106997-2420280254-724524497-1002 - Limited - Enabled) Stephen (S-1-5-21-2244106997-2420280254-724524497-1000 - Administrator - Enabled) => C:\Users\Stephen ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated) Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software) Beats Updater (HKLM-x32\...\{4ECDA1EE-E189-4C62-96FD-3CF8C82618AE}) (Version: 2.1.62.0 - Apple Inc.) BlackBerry Desktop Software 4.5 (HKLM-x32\...\BlackBerry_{2D963679-1FC7-4E13-9A81-343F6F49BCC4}) (Version: 4.5.0.13 - Research In Motion Ltd.) BlackBerry Desktop Software 4.5 (x32 Version: 4.5.0.13 - Research In Motion Ltd.) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink AudioDirector 6 (HKLM-x32\...\{4CB7DDA7-1134-4BA5-841C-3D64C5A0DAA7}) (Version: 6.0.5902.0 - CyberLink Corp.) CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2820.0 - CyberLink Corp.) CyberLink PowerDirector Content Pack Essential (HKLM-x32\...\{F2D0453E-3783-490D-9D48-7CC648C4ADFB}) (Version: 1.0 - CyberLink Corp.) CyberLink Travel Pack 4 (HKLM-x32\...\{1F032B26-35A8-4A5C-AA9C-17298C01DF0D}) (Version: 4 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.29 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Google Chrome (HKU\S-1-5-21-2244106997-2420280254-724524497-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.69.5 - HTC) iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle) Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2244106997-2420280254-724524497-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue) PaperCut MF Client 12.1 (HKLM-x32\...\PaperCut MF Client_is1) (Version: - PaperCut Software International Pty Ltd) proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Renault Media Nav Toolbox (HKLM-x32\...\Renault Media Nav Toolbox) (Version: 3.18.5.647040 - NNG Llc.) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC) Windows Driver Package - Beats Electronics, LLC (KernelModeUSB) USBDevice (08/03/2015 11.13.37.619) (HKLM\...\C8D774814AD57905AFADFC0987F6CE54830F5DCD) (Version: 08/03/2015 11.13.37.619 - Beats Electronics, LLC) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. ) WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.14.0 - HTC) Wondershare Filmora(Build 7.2.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Video Converter Ultimate(Build 7.0.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 7.0.0.3 - Wondershare Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-2244106997-2420280254-724524497-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {005B5D5B-4947-4B10-8AAE-8F16ECE23122} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {04C69A08-7481-47F7-9632-0CCB112CC726} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {069C141E-391A-430D-B3D8-D596E2CD2A93} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {08D28CB7-88B8-40D8-8C93-3825BCFA0F4B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {131186DD-C66F-4ABB-8983-989122DFA5CF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {14DC9284-6D11-4E24-A5E7-243CC23652FA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6d84e11e-ab3d-448a-b751-bac7817aaf35 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {14E19124-D016-4694-9B7D-0DD7FD1E2AE4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-12-20] (Microsoft Corporation) Task: {1B290D4A-0BBF-405D-A99E-ED9D6266AA50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2244106997-2420280254-724524497-1000Core => C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.) Task: {1C2311CC-2345-4858-AD7A-C321E658B4C8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {28E5D6FB-B425-4B61-8AEB-2F093542A960} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {2D19507B-60ED-4441-9EF6-E28A5BB6A5AB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {35D59CD3-005B-4B32-AA8D-AA6B8E813B87} - System32\Tasks\avastBCLRestartS-1-5-21-2244106997-2420280254-724524497-1000 => Chrome.exe Task: {3F1863E6-1BE6-48B8-8B66-57A8687B2F20} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {4101FC5D-0A18-4064-A2A1-2273F3D60F19} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {46C401C6-EA2F-48BD-ABDF-194A64DC466A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {482787EE-F17E-441D-9FC1-FAA02D71B407} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {53D26010-EAD5-4E0B-8259-B219E6E8B3BB} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {57BE6AB5-5E42-4D8D-BD0C-2517EDC3E029} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {5A7545D2-1AE7-48C9-9A2E-D32DAFC11754} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {5DCD1A54-80C4-41BA-9476-665F1D86447B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {609FC49D-F27C-4B5E-AEEA-C24625DF84CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.) Task: {639451F7-9F4F-4CE1-A4B5-6AC9B5B42843} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {66724441-DBDB-4535-9187-C1A4DE3E1F9F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {6F35A5FE-FF3D-492E-9AAF-213E6C9DB1CD} - \SystemToolsDailyTest -> No File <==== ATTENTION Task: {71E1944A-63B3-4E0F-B73D-43A4BEA3C760} - System32\Tasks\SafeZone scheduled Autoupdate 1468699613 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {770F73E3-E89C-4298-B768-563865BF42FB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {7BCF2C13-D056-4215-84BD-46456C6042BA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {7DE72865-6E81-4738-8404-90F2646C158E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {7EC5B685-825F-4344-B04D-D51EF6050500} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {8085012A-6FC8-437D-BA15-70460F974281} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {80C45B1F-9DF7-4A6B-BB1A-37AAE0AB7078} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {8719EBF9-701F-4075-BF7B-8A4ECF16063E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {880ACA0C-E61D-4DFD-B962-424D35490592} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {8AE13115-CD90-479A-8D9C-626FA8956AFA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {8C7D0C80-BA0F-4577-B2BD-C984B872B4BB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {944BE738-845B-4F8D-ADEA-A6A24C86D76B} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [2016-12-19] (Microsoft Corporation) Task: {95908705-63B6-4E6A-A02F-3A2AA988556A} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {9B4C27F5-9B22-4A9C-9F8D-41BAF17E5023} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {9C486C5F-3ECD-4D52-867A-094316BADC6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-19] (Adobe Systems Incorporated) Task: {A74886F0-C8B8-4851-8CA8-C1AE1BFFAC51} - System32\Tasks\Google Updater and Installer => C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.) Task: {A8C1AE36-E4A7-4D41-A0EF-5358F617E586} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {A9D71752-9B22-4648-8F4E-3A44619131D9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2244106997-2420280254-724524497-1000UA1d25a6d26b6adbb => C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.) Task: {B89C4286-1701-4366-9B93-47BD0AED15BD} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated) Task: {BC3BE7A8-8F14-4D5F-BE55-7108930B1DD8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {BFE41BE4-A4F9-43A3-9C01-6ED843C45263} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.) Task: {C0616FDA-51BD-44F3-AD86-8591992D1D5C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C293CE66-2283-46AF-9BAB-C643689362F5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {C9957829-7DD0-484F-B19D-0A3F6877F6C4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {D12923C0-CCCA-4129-9093-47F7611A5F13} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {D3228588-A62C-4343-B4B2-14CE29BBEC04} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.) Task: {D3826D9B-1B06-47DD-AE93-6CEDEBDDE5E0} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9d07597f-fe4d-42cd-a883-28e393234728 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {D3EE12C9-AC4D-4288-AEE9-D8CD2A483169} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D42FA26A-6480-4206-9A3F-61EE5531DE47} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-15] (AVAST Software) Task: {D82AD0DB-968D-41AF-AEFE-F74681B940F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2244106997-2420280254-724524497-1000Core1d25a6d2538bc4b => C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.) Task: {E04501C2-B2D2-46AA-BE69-FA1D1DF507C5} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {E508A1BF-FED8-43EF-8ED2-30B3F4FDEFEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.) Task: {E704750A-30A9-4021-B762-B381738C0ADE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {EAFB6D86-D091-4372-972F-AE7A5688395D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {F64BCCF9-2ECC-4D9B-A351-B9AB89AC2738} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F99D02E1-DD7A-4FB7-AC97-BDC140B34C03} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {FE3FA459-8744-4528-B87B-AB72EF819597} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2244106997-2420280254-724524497-1000Core.job => C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6d84e11e-ab3d-448a-b751-bac7817aaf35.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9d07597f-fe4d-42cd-a883-28e393234728.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-09-29 17:58 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-22 00:07 - 2016-04-22 00:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2016-12-20 21:17 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-20 21:17 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-20 21:17 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2016-09-29 17:58 - 2016-09-15 19:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2015-06-13 20:17 - 2015-06-13 20:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2016-12-19 04:18 - 2016-12-19 04:18 - 01678560 _____ () C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2010-10-20 21:23 - 2010-10-20 21:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-01-12 02:45 - 2013-08-23 20:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll 2013-04-05 18:58 - 2013-04-05 18:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll 2016-03-09 11:58 - 2016-03-09 11:58 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe 2016-09-28 16:44 - 2016-09-28 16:44 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-11-25 18:46 - 2016-11-02 12:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-25 18:46 - 2016-11-02 12:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2016-11-25 18:45 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-25 18:45 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-25 18:45 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-25 18:45 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-25 18:45 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-25 18:45 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-06-13 20:16 - 2015-06-13 20:16 - 31404192 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2016-11-18 11:24 - 2016-11-18 12:36 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-11-18 11:24 - 2016-11-18 12:36 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-11-18 11:24 - 2016-11-18 12:36 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-07-15 11:45 - 2016-07-15 11:45 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-12-20 20:32 - 2016-12-20 20:32 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122001\algo.dll 2016-07-15 11:46 - 2016-07-15 11:46 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-03-09 11:58 - 2016-03-09 11:58 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2016-03-09 11:58 - 2016-03-09 11:58 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2016-03-09 11:58 - 2016-03-09 11:58 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2016-03-09 11:58 - 2016-03-09 11:58 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2016-03-09 11:58 - 2016-03-09 11:58 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2016-03-09 11:59 - 2016-03-09 11:59 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2016-03-09 12:00 - 2016-03-09 12:00 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2016-12-19 04:18 - 2016-12-19 04:18 - 01244376 _____ () C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-12-21 11:27 - 2016-12-21 11:27 - 00098816 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32api.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00110080 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\pywintypes27.dll 2016-12-21 11:27 - 2016-12-21 11:27 - 00364544 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\pythoncom27.dll 2016-12-21 11:27 - 2016-12-21 11:27 - 00320512 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32com.shell.shell.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00914432 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_hashlib.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 01176576 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._core_.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00806400 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._gdi_.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00816128 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._windows_.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 01067008 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._controls_.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00733184 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._misc_.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00682496 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\pysqlite2._sqlite.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00088064 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_ctypes.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00686080 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\unicodedata.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00119808 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32file.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00108544 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32security.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00007168 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\hashobjs_ext.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00017920 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\thumbnails_ext.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00088064 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\usb_ext.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00012800 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\common.time34.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00018432 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32event.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00167936 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32gui.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00046080 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_socket.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 01303552 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_ssl.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00128512 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_elementtree.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00127488 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\pyexpat.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00038912 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32inet.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00036864 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_psutil_windows.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00525208 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\windows._lib_cacheinvalidation.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00011264 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32crypt.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00123392 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._wizard.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00077312 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._html2.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00027648 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_multiprocessing.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00020480 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\_yappi.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00035840 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32process.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00078848 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\wx._animate.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00024064 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32pipe.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00010240 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\select.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00025600 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32pdh.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00017408 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32profile.pyd 2016-12-21 11:27 - 2016-12-21 11:27 - 00022528 ____R () C:\Users\Stephen\AppData\Local\Temp\_MEI35842\win32ts.pyd 2016-07-15 11:47 - 2016-07-15 11:47 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-04-30 20:15 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-04-12 10:03 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2015-06-10 04:36 - 2015-06-10 04:36 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2016-12-19 04:38 - 2016-11-11 22:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-12-19 04:38 - 2016-11-11 22:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-12-19 04:38 - 2016-11-11 22:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-12-19 04:38 - 2016-11-11 22:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-12-19 04:38 - 2016-11-11 22:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-12-19 04:37 - 2016-11-11 22:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-12-19 04:37 - 2016-11-11 22:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-12-19 04:37 - 2016-11-11 22:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-12-19 04:38 - 2016-11-11 22:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-12-19 04:37 - 2016-11-11 22:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-12-19 04:37 - 2016-11-11 22:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-12-19 04:38 - 2016-11-11 22:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-12-19 04:38 - 2016-11-11 22:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-12-19 04:38 - 2016-11-11 22:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-12-19 04:38 - 2016-11-11 22:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-12-19 04:38 - 2016-11-11 22:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-12-19 04:38 - 2016-11-11 22:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-12-19 04:38 - 2016-11-11 22:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-12-19 04:38 - 2016-11-11 22:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-12-19 04:38 - 2016-11-11 22:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-12-19 04:38 - 2016-11-11 22:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-12-19 04:38 - 2016-11-11 22:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-12-19 04:38 - 2016-11-11 22:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-12-19 04:38 - 2016-11-11 22:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-12-19 04:37 - 2016-11-11 22:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-12-19 04:37 - 2016-12-12 16:16 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-12-19 04:37 - 2016-12-05 22:07 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-12-19 04:37 - 2016-12-12 16:16 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-12-19 04:37 - 2016-12-12 16:16 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-12-19 04:38 - 2016-11-11 22:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-12-19 04:37 - 2016-12-12 16:17 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-12-19 04:37 - 2016-12-12 16:17 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-12-19 04:37 - 2016-12-12 16:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-12-19 04:37 - 2016-11-11 22:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2016-12-19 04:37 - 2016-11-11 22:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2016-12-19 04:37 - 2016-12-12 16:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2016-12-19 04:37 - 2016-12-12 16:17 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2016-12-19 04:37 - 2016-12-12 16:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-12-19 04:38 - 2016-11-11 22:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-12-19 04:38 - 2016-12-12 16:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:30FD0CBD [138] AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125] AlternateDataStreams: C:\Users\Stephen\Desktop\Cyprus 2015-16 Games:com.dropbox.attributes [168] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2244106997-2420280254-724524497-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephen\Pictures\nwaukoni Challenge basket.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [uDP Query User{7B37B47D-9C98-4FD5-B498-20097A93A74F}C:\program files (x86)\beats by dr. dre\beats updater.exe] => (Block) C:\program files (x86)\beats by dr. dre\beats updater.exe FirewallRules: [TCP Query User{485DE9FF-C17A-4C67-9D9D-9CF7A988EB46}C:\program files (x86)\beats by dr. dre\beats updater.exe] => (Block) C:\program files (x86)\beats by dr. dre\beats updater.exe FirewallRules: [{DEF9ED83-9185-495E-8E68-DF40A7B92399}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE FirewallRules: [{08B0FBF1-523A-41F7-A02C-7EEF13220B1D}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{452B5F9D-B0FC-4127-9419-E51058EF6AAA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7AF072E7-7A82-4E54-A9B5-88A9F8E9C7F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2CBB2310-B87C-41D9-B3D3-A7BAC3915F03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{02C263BA-8909-487E-AE14-83AEDA196939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7A80E43B-7477-43C7-BF01-885BEBAAF248}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{EF13F961-96AA-4E50-900B-FD6A68FC84D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7A349AFD-95DD-49A4-A6C9-871EB6997CFA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6D24A157-4A4E-402D-93C7-654CF93C2A4F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6F0DC05A-AFCA-40EA-8ED5-AF89C804C78F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3FDDDDA3-71C6-481F-BD0C-C6A7672DBBAE}] => (Allow) C:\Users\Stephen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{38E7163C-36A5-420F-958A-CFA39E86A4E3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{91172207-24AF-484B-803A-7EBE31C1D6A2}] => (Allow) LPort=2869 FirewallRules: [{DC6E7692-EBCB-404C-839E-49ACC79B01CE}] => (Allow) LPort=1900 FirewallRules: [{B77B5219-2118-4D6B-8B67-C273AD777987}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{4A13A339-76FD-4C5C-B9FA-2F9FA3C82658}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [uDP Query User{543AF739-59DA-4CDA-A7EF-C87B9CDA5E5C}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{61C47030-EECB-458D-AF1D-76BA220CA849}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe FirewallRules: [uDP Query User{5D0A2DEA-6E7E-4161-8C99-00ED516A4DE6}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe FirewallRules: [TCP Query User{2F24431A-3226-432F-9E04-B1ADE867E283}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe FirewallRules: [uDP Query User{457A19D4-BC96-4404-A78D-C7B0460C9482}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe FirewallRules: [TCP Query User{446CA3B0-5B8A-4C48-99C4-162B19EF871B}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe FirewallRules: [uDP Query User{F2643411-D807-4497-B6AA-11E11F428060}C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\videoconverterultimate.exe FirewallRules: [TCP Query User{A0E7789F-DE8E-4574-942F-2A81C969ED44}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe FirewallRules: [uDP Query User{63BB67D6-76B0-4458-80C1-BA60F111FAF0}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe FirewallRules: [TCP Query User{788AAB49-A38A-40F8-94A7-C402731A67E8}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe FirewallRules: [uDP Query User{D9761860-195D-4888-8088-C04389E2BC4E}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe FirewallRules: [TCP Query User{838E61C3-46B2-4651-AED3-41BBA7926F76}C:\users\stephen\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\stephen\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe FirewallRules: [uDP Query User{383572A0-936F-45BE-8D94-2008620FB16B}C:\users\stephen\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\stephen\desktop\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe FirewallRules: [{7598B674-8B89-4304-887F-B7E7A1BF580D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0785A1AE-4664-4B4B-A5FB-30FB0A2402F9}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe FirewallRules: [{7B8CFCE4-6BE2-4E04-ACC6-7B6B7084A0FE}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe FirewallRules: [{9575D035-8D72-48C6-A47D-8521910424DE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{D882A81A-7444-44DA-9F0A-CBBDFAB6D604}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{27C4A742-40A3-45B5-A25C-8A837F08E2C7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 04-12-2016 11:12:36 Scheduled Checkpoint 20-12-2016 19:52:04 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/21/2016 11:25:58 AM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (12/21/2016 12:19:02 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (12/21/2016 12:17:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (12/21/2016 12:07:58 AM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (12/20/2016 11:48:48 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (12/20/2016 11:03:17 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Error: (12/20/2016 10:57:11 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2. The manifest file root element must be assembly. Error: (12/20/2016 10:45:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Stephen-PC) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/20/2016 10:45:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Stephen-PC) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/20/2016 10:25:38 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. System errors: ============= Error: (12/21/2016 11:26:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/21/2016 12:08:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/21/2016 12:06:44 AM) (Source: DCOM) (EventID: 10010) (User: Stephen-PC) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (12/21/2016 12:06:43 AM) (Source: DCOM) (EventID: 10010) (User: Stephen-PC) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (12/21/2016 12:06:42 AM) (Source: DCOM) (EventID: 10010) (User: Stephen-PC) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (12/21/2016 12:06:42 AM) (Source: DCOM) (EventID: 10010) (User: Stephen-PC) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (12/21/2016 12:06:41 AM) (Source: DCOM) (EventID: 10010) (User: Stephen-PC) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (12/21/2016 12:03:09 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (12/21/2016 12:02:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (12/21/2016 12:02:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-12-20 21:19:19.952 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2016-12-20 21:19:19.952 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2016-11-27 18:07:40.655 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-11-27 18:07:40.564 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-11-27 18:07:40.409 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2016-11-27 18:07:40.243 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-11-27 18:07:40.169 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-11-27 18:07:40.086 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2016-11-27 18:07:35.935 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-11-27 18:07:34.395 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 350 @ 2.27GHz Percentage of memory in use: 46% Total physical RAM: 3892.52 MB Available physical RAM: 2075.16 MB Total Virtual: 7860.52 MB Available Virtual: 5676.24 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.22 GB) (Free:215.94 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (2G-3) (Removable) (Total:1.91 GB) (Free:1.6 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7188B833) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=465.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=06) ==================== End of Addition.txt ============================ -
Dell laptop win10 virus/adware issues
mikehende replied to mikehende's topic in Tech Help and Discussions
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016 (ATTENTION: ====> FRSTversion is 95 days old and could be outdated) Ran by Stephen (administrator) on STEPHEN-PC (21-12-2016 12:28:04) Running from D:\AV Softwares Loaded Profiles: Stephen (Available Profiles: Stephen) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-09-24] (AVAST Software) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25778760 2016-12-12] (Dropbox, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2244106997-2420280254-724524497-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google) HKU\S-1-5-21-2244106997-2420280254-724524497-1000\...\Run: [Google Update] => C:\Users\Stephen\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-20] (Google Inc.) HKU\S-1-5-21-2244106997-2420280254-724524497-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll [2016-12-19] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll [2016-12-19] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll [2016-12-19] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-15] (AVAST Software) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll [2016-12-19] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll [2016-12-19] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stephen\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll [2016-12-19] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-10-06] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-10-06] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-10-06] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-2244106997-2420280254-724524497-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3d93efa5-1d04-40c2-aca3-74f0a35a6d0b}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{661a8d6d-3b16-48f9-b7c4-169539ad10cc}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2244106997-2420280254-724524497-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-2244106997-2420280254-724524497-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2244106997-2420280254-724524497-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2244106997-2420280254-724524497-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2244106997-2420280254-724524497-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-31] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-31] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated) BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2014-03-17] (Wondershare Software Co., Ltd.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-22] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-22] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2244106997-2420280254-724524497-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab FireFox: ======== FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\ufsdwrr7.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-19] () FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-31] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-19] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems) FF Plugin HKU\S-1-5-21-2244106997-2420280254-724524497-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.) FF Plugin HKU\S-1-5-21-2244106997-2420280254-724524497-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stephen\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.) FF Extension: (Printing Helper) - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\ufsdwrr7.default\extensions\sztsiyunhu@sztsiyunhu.org.xpi [2015-01-12] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-15] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-15] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt FF Extension: (Wondershare Video Converter Ultimate) - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2015-01-12] [not signed] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKU\S-1-5-21-2244106997-2420280254-724524497-1000\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1421082925&from=amt&uid=HitachiXHTS545050B9A300_100617PBN408B7HA4ZPLX CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1420558034&from=wpc&uid=HitachiXHTS545050B9A300_100617PBN408B7HA4ZPLX&q={searchTerms} CHR DefaultSearchKeyword: Default -> mystartsearch CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll => No File CHR Plugin: (Shockwave Flash) - C:\Users\Stephen\AppData\Local\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (Native Client) - C:\Users\Stephen\AppData\Local\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Stephen\AppData\Local\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File CHR Plugin: (Relevant-Knowledge) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins/rlcm.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File CHR Plugin: (Java Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Stephen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default [2016-07-16] CHR Extension: (Google Docs Offline) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08] CHR Extension: (Default Extension) - C:\Users\Stephen\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadgdfdgggdcdaggdcdbdbdgdedjdddh [2015-01-12] CHR HKU\S-1-5-21-2244106997-2420280254-724524497-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Stephen\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-30] CHR HKU\S-1-5-21-2244106997-2420280254-724524497-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-11] StartMenuInternet: Google Chrome.PWC3S3AE222XU5ZTBX7SJ6C3SA - C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-10] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-15] (AVAST Software) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-05] (Dropbox, Inc.) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-03] (CyberLink) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [82936 2016-09-24] (AVAST Software) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-15] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-15] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-15] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-06] (AVAST Software) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] () S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-20] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-21] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-21] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-21] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-21] (Malwarebytes) S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare) U4 aspnet_state; no ImagePath S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-21 12:27 - 2016-12-21 12:28 - 00000000 ____D C:\FRST 2016-12-21 12:19 - 2016-12-21 12:19 - 00002558 _____ C:\Users\Stephen\Desktop\mbam.txt 2016-12-21 00:24 - 2016-12-21 00:24 - 00002055 _____ C:\Users\Stephen\Desktop\JRT.txt 2016-12-20 23:56 - 2016-12-21 12:27 - 00000000 ____D C:\AdwCleaner 2016-12-20 22:51 - 2016-12-20 23:48 - 00000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9d07597f-fe4d-42cd-a883-28e393234728.job 2016-12-20 22:51 - 2016-12-20 23:48 - 00000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6d84e11e-ab3d-448a-b751-bac7817aaf35.job 2016-12-20 22:51 - 2016-12-20 22:51 - 00003770 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 9d07597f-fe4d-42cd-a883-28e393234728 2016-12-20 22:51 - 2016-12-20 22:51 - 00003688 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 6d84e11e-ab3d-448a-b751-bac7817aaf35 2016-12-20 22:51 - 2016-12-20 22:51 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-12-20 22:51 - 2016-12-20 22:51 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\SUPERAntiSpyware.com 2016-12-20 22:51 - 2016-12-20 22:51 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-12-20 22:51 - 2016-12-20 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-12-20 22:51 - 2016-12-20 22:51 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-12-20 21:19 - 2016-12-20 21:19 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2016-12-20 21:18 - 2016-12-21 11:26 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2016-12-20 21:18 - 2016-12-21 11:26 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2016-12-20 21:18 - 2016-12-21 11:26 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-12-20 21:17 - 2016-12-20 21:17 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-20 21:17 - 2016-12-20 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-20 21:17 - 2016-12-20 21:17 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-20 21:17 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2016-12-20 21:16 - 2016-12-20 21:17 - 54199488 _____ (Malwarebytes ) C:\Users\Stephen\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2016-12-20 19:59 - 2016-12-20 19:59 - 00000000 ____D C:\WINDOWS\PCHEALTH 2016-12-20 04:59 - 2016-12-20 04:59 - 00003710 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2244106997-2420280254-724524497-1000UA1d25a6d26b6adbb 2016-12-20 04:59 - 2016-12-20 04:59 - 00003442 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2244106997-2420280254-724524497-1000Core1d25a6d2538bc4b 2016-12-19 04:39 - 2016-12-19 04:41 - 147628976 _____ (Seagate) C:\Users\Stephen\Downloads\Seagate_Dashboard_Installer.exe 2016-12-19 04:38 - 2016-12-19 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-12-19 04:22 - 2016-12-19 04:22 - 00000000 ____D C:\Program Files (x86)\GUM92F9.tmp 2016-12-19 04:21 - 2016-12-19 04:21 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2016-12-19 04:17 - 2016-12-19 04:17 - 20364888 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-12-05 22:07 - 2016-12-05 22:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2016-12-05 22:07 - 2016-12-05 22:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2016-12-05 22:07 - 2016-12-05 22:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2016-12-05 22:07 - 2016-12-05 22:07 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2016-11-25 18:47 - 2016-11-02 13:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-11-25 18:47 - 2016-11-02 13:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-11-25 18:47 - 2016-11-02 13:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-11-25 18:47 - 2016-11-02 13:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-11-25 18:47 - 2016-11-02 13:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2016-11-25 18:47 - 2016-11-02 13:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll 2016-11-25 18:47 - 2016-11-02 13:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-11-25 18:47 - 2016-11-02 13:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2016-11-25 18:47 - 2016-11-02 13:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2016-11-25 18:47 - 2016-11-02 13:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-11-25 18:47 - 2016-11-02 13:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-11-25 18:47 - 2016-11-02 13:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-11-25 18:47 - 2016-11-02 12:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2016-11-25 18:47 - 2016-11-02 12:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-11-25 18:47 - 2016-11-02 12:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-11-25 18:47 - 2016-11-02 12:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll 2016-11-25 18:47 - 2016-11-02 12:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-11-25 18:47 - 2016-11-02 12:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll 2016-11-25 18:47 - 2016-11-02 12:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-11-25 18:47 - 2016-11-02 12:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-11-25 18:47 - 2016-11-02 12:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2016-11-25 18:47 - 2016-11-02 12:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-11-25 18:47 - 2016-11-02 12:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-11-25 18:47 - 2016-11-02 10:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml 2016-11-25 18:46 - 2016-11-02 14:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-11-25 18:46 - 2016-11-02 14:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-11-25 18:46 - 2016-11-02 13:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-11-25 18:46 - 2016-11-02 13:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-11-25 18:46 - 2016-11-02 13:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-11-25 18:46 - 2016-11-02 13:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-11-25 18:46 - 2016-11-02 13:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-11-25 18:46 - 2016-11-02 13:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-11-25 18:46 - 2016-11-02 13:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-11-25 18:46 - 2016-11-02 13:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-11-25 18:46 - 2016-11-02 13:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-11-25 18:46 - 2016-11-02 13:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-11-25 18:46 - 2016-11-02 13:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2016-11-25 18:46 - 2016-11-02 13:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-11-25 18:46 - 2016-11-02 13:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2016-11-25 18:46 - 2016-11-02 12:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-11-25 18:46 - 2016-11-02 12:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-11-25 18:46 - 2016-11-02 12:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-11-25 18:46 - 2016-11-02 12:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-11-25 18:46 - 2016-11-02 12:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-11-25 18:46 - 2016-11-02 12:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-11-25 18:46 - 2016-11-02 12:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-11-25 18:46 - 2016-11-02 12:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll 2016-11-25 18:46 - 2016-11-02 12:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-11-25 18:46 - 2016-11-02 12:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll 2016-11-25 18:46 - 2016-11-02 12:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2016-11-25 18:46 - 2016-11-02 12:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-11-25 18:46 - 2016-11-02 12:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll 2016-11-25 18:46 - 2016-11-02 12:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2016-11-25 18:46 - 2016-11-02 12:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-11-25 18:46 - 2016-11-02 12:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-11-25 18:46 - 2016-11-02 12:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-11-25 18:46 - 2016-11-02 12:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-11-25 18:46 - 2016-11-02 12:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll 2016-11-25 18:46 - 2016-11-02 12:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-11-25 18:46 - 2016-11-02 12:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2016-11-25 18:46 - 2016-11-02 12:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2016-11-25 18:46 - 2016-11-02 12:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-11-25 18:46 - 2016-11-02 12:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-11-25 18:46 - 2016-11-02 12:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2016-11-25 18:46 - 2016-11-02 12:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2016-11-25 18:46 - 2016-11-02 12:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-11-25 18:46 - 2016-11-02 12:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-11-25 18:46 - 2016-11-02 12:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2016-11-25 18:46 - 2016-11-02 12:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll 2016-11-25 18:46 - 2016-11-02 12:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll 2016-11-25 18:46 - 2016-11-02 12:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-11-25 18:46 - 2016-11-02 12:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-11-25 18:46 - 2016-11-02 12:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2016-11-25 18:46 - 2016-11-02 12:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2016-11-25 18:46 - 2016-11-02 12:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-11-25 18:46 - 2016-11-02 12:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll 2016-11-25 18:46 - 2016-11-02 12:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-11-25 18:46 - 2016-11-02 12:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2016-11-25 18:46 - 2016-11-02 12:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll 2016-11-25 18:46 - 2016-11-02 12:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2016-11-25 18:46 - 2016-11-02 12:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-11-25 18:46 - 2016-11-02 12:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2016-11-25 18:46 - 2016-11-02 12:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-11-25 18:46 - 2016-11-02 12:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-11-25 18:46 - 2016-11-02 12:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-11-25 18:46 - 2016-11-02 12:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll 2016-11-25 18:46 - 2016-11-02 12:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-11-25 18:46 - 2016-11-02 12:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll 2016-11-25 18:46 - 2016-11-02 12:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-11-25 18:46 - 2016-11-02 12:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-11-25 18:46 - 2016-11-02 12:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2016-11-25 18:46 - 2016-11-02 12:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-11-25 18:46 - 2016-11-02 12:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-11-25 18:46 - 2016-11-02 12:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-11-25 18:46 - 2016-11-02 12:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-11-25 18:46 - 2016-11-02 12:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll 2016-11-25 18:46 - 2016-11-02 12:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll 2016-11-25 18:46 - 2016-11-02 12:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll 2016-11-25 18:46 - 2016-11-02 12:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2016-11-25 18:46 - 2016-11-02 12:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-11-25 18:46 - 2016-11-02 12:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2016-11-25 18:46 - 2016-11-02 12:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2016-11-25 18:46 - 2016-11-02 12:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll 2016-11-25 18:46 - 2016-11-02 12:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2016-11-25 18:46 - 2016-11-02 12:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2016-11-25 18:46 - 2016-11-02 12:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-11-25 18:46 - 2016-11-02 12:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2016-11-25 18:46 - 2016-11-02 12:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll 2016-11-25 18:46 - 2016-11-02 12:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2016-11-25 18:46 - 2016-11-02 12:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2016-11-25 18:46 - 2016-11-02 12:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-11-25 18:45 - 2016-11-02 13:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-11-25 18:45 - 2016-11-02 13:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-11-25 18:45 - 2016-11-02 13:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-11-25 18:45 - 2016-11-02 13:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-11-25 18:45 - 2016-11-02 13:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-11-25 18:45 - 2016-11-02 13:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-11-25 18:45 - 2016-11-02 13:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-11-25 18:45 - 2016-11-02 13:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-11-25 18:45 - 2016-11-02 13:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-11-25 18:45 - 2016-11-02 13:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2016-11-25 18:45 - 2016-11-02 13:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2016-11-25 18:45 - 2016-11-02 13:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll 2016-11-25 18:45 - 2016-11-02 13:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-11-25 18:45 - 2016-11-02 13:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-11-25 18:45 - 2016-11-02 12:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2016-11-25 18:45 - 2016-11-02 12:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-11-25 18:45 - 2016-11-02 12:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-11-25 18:45 - 2016-11-02 12:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2016-11-25 18:45 - 2016-11-02 12:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2016-11-25 18:45 - 2016-11-02 12:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll 2016-11-25 18:45 - 2016-11-02 12:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-11-25 18:45 - 2016-11-02 12:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-11-25 18:45 - 2016-11-02 12:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-11-25 18:45 - 2016-11-02 12:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2016-11-25 18:45 - 2016-11-02 12:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll 2016-11-25 18:45 - 2016-11-02 12:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-11-25 18:45 - 2016-11-02 12:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-11-25 18:45 - 2016-11-02 12:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-11-25 18:45 - 2016-11-02 12:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll 2016-11-25 18:45 - 2016-11-02 12:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2016-11-25 18:45 - 2016-11-02 12:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll 2016-11-25 18:45 - 2016-11-02 12:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-11-25 18:45 - 2016-11-02 12:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2016-11-25 18:45 - 2016-11-02 12:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-11-25 18:45 - 2016-11-02 12:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-11-25 18:45 - 2016-11-02 12:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2016-11-25 18:45 - 2016-11-02 12:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-11-25 18:45 - 2016-11-02 12:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll 2016-11-25 18:45 - 2016-11-02 12:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-11-25 18:45 - 2016-11-02 12:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2016-11-25 18:45 - 2016-11-02 12:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2016-11-25 18:45 - 2016-11-02 12:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-11-25 18:45 - 2016-11-02 12:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-11-25 18:45 - 2016-11-02 12:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-11-25 18:45 - 2016-11-02 12:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-11-25 18:45 - 2016-11-02 12:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-11-25 18:45 - 2016-11-02 12:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll 2016-11-25 18:45 - 2016-11-02 12:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-11-25 18:45 - 2016-11-02 12:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll 2016-11-25 18:45 - 2016-11-02 12:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-11-25 18:45 - 2016-11-02 12:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-11-25 18:45 - 2016-11-02 12:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-11-25 18:45 - 2016-11-02 12:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-11-25 18:45 - 2016-11-02 12:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-11-25 18:45 - 2016-11-02 12:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-11-25 18:45 - 2016-11-02 12:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-11-25 18:45 - 2016-11-02 12:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-11-25 18:45 - 2016-11-02 12:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-11-25 18:45 - 2016-11-02 12:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2016-11-25 18:45 - 2016-11-02 12:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll 2016-11-25 18:45 - 2016-11-02 12:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-11-25 18:45 - 2016-11-02 12:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe 2016-11-25 18:45 - 2016-11-02 12:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2016-11-25 18:45 - 2016-11-02 12:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-11-25 18:45 - 2016-11-02 12:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll 2016-11-25 18:45 - 2016-11-02 12:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-11-25 18:45 - 2016-11-02 12:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-11-25 18:45 - 2016-11-02 12:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2016-11-25 18:45 - 2016-11-02 12:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-11-25 18:45 - 2016-11-02 12:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-11-25 18:45 - 2016-11-02 12:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2016-11-25 18:45 - 2016-11-02 12:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-11-25 18:45 - 2016-11-02 12:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-11-25 18:45 - 2016-11-02 12:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-11-25 18:45 - 2016-11-02 12:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-11-25 18:45 - 2016-11-02 12:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-11-25 18:45 - 2016-11-02 12:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-11-25 18:45 - 2016-11-02 12:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-11-25 18:45 - 2016-11-02 12:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2016-11-25 18:45 - 2016-11-02 12:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-11-25 18:45 - 2016-11-02 12:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-11-25 18:45 - 2016-11-02 12:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-11-25 18:45 - 2016-11-02 12:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-11-25 18:45 - 2016-11-02 12:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2016-11-25 18:45 - 2016-11-02 12:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-11-25 18:45 - 2016-11-02 12:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2016-11-25 18:45 - 2016-08-02 06:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-11-25 18:44 - 2016-11-02 13:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-11-25 18:44 - 2016-11-02 13:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-11-25 18:44 - 2016-11-02 13:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-11-25 18:44 - 2016-11-02 13:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-11-25 18:44 - 2016-11-02 13:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2016-11-25 18:44 - 2016-11-02 13:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-11-25 18:44 - 2016-11-02 13:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-11-25 18:44 - 2016-11-02 13:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-11-25 18:44 - 2016-11-02 13:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-11-25 18:44 - 2016-11-02 12:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2016-11-25 18:44 - 2016-11-02 12:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2016-11-25 18:44 - 2016-11-02 12:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-11-25 18:44 - 2016-11-02 12:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-11-25 18:44 - 2016-11-02 12:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll 2016-11-25 18:44 - 2016-11-02 12:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys 2016-11-25 18:44 - 2016-11-02 12:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll 2016-11-25 18:44 - 2016-11-02 12:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2016-11-25 18:44 - 2016-11-02 12:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-11-25 18:44 - 2016-11-02 12:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2016-11-25 18:44 - 2016-11-02 12:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-11-25 18:44 - 2016-11-02 12:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2016-11-25 18:44 - 2016-11-02 12:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-11-25 18:44 - 2016-11-02 12:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll 2016-11-25 18:44 - 2016-11-02 12:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-11-25 18:44 - 2016-11-02 12:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-11-25 18:44 - 2016-11-02 12:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll 2016-11-25 18:44 - 2016-11-02 12:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll 2016-11-25 18:44 - 2016-11-02 12:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe 2016-11-25 18:44 - 2016-11-02 12:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-11-25 18:44 - 2016-11-02 12:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-11-25 18:44 - 2016-11-02 12:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-11-25 18:44 - 2016-11-02 12:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-11-25 18:44 - 2016-11-02 12:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2016-11-25 18:44 - 2016-11-02 12:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-11-25 18:44 - 2016-11-02 12:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-11-25 18:44 - 2016-11-02 12:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll 2016-11-25 18:44 - 2016-11-02 12:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-11-25 18:44 - 2016-11-02 12:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-11-25 18:44 - 2016-11-02 12:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-11-25 18:44 - 2016-11-02 12:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-11-25 18:44 - 2016-11-02 12:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll 2016-11-25 18:44 - 2016-11-02 12:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2016-11-25 18:44 - 2016-11-02 12:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-11-25 18:44 - 2016-11-02 12:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2016-11-25 18:44 - 2016-11-02 12:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-11-25 18:44 - 2016-11-02 12:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-11-25 18:44 - 2016-11-02 12:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-11-25 18:44 - 2016-11-02 12:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-11-25 18:44 - 2016-11-02 11:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls 2016-11-25 18:44 - 2016-11-02 11:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-21 12:17 - 2016-09-28 05:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-21 11:34 - 2016-09-28 06:30 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-12-21 11:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-21 11:29 - 2015-07-08 19:24 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-12-21 11:27 - 2016-06-12 08:08 - 00000000 ____D C:\Users\Stephen\AppData\Local\HTC MediaHub 2016-12-21 11:26 - 2015-02-16 02:41 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-21 11:25 - 2016-09-28 06:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-21 00:46 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-12-20 23:45 - 2012-08-31 22:38 - 00000000 ____D C:\Users\Stephen\Desktop\iTunes 2016-12-20 22:15 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2016-12-20 22:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-12-20 21:18 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-20 21:17 - 2012-08-31 22:00 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-20 21:02 - 2015-12-17 22:12 - 00000000 ___RD C:\Users\Stephen\Dropbox 2016-12-20 21:01 - 2014-04-30 08:13 - 00000000 ___RD C:\Users\Stephen\Google Drive 2016-12-20 20:39 - 2016-09-28 06:01 - 00000000 ____D C:\Users\Stephen 2016-12-20 20:28 - 2013-09-16 02:03 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-12-20 20:06 - 2012-08-31 21:48 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-12-20 18:09 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-20 18:03 - 2012-08-31 20:27 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2244106997-2420280254-724524497-1000Core.job 2016-12-20 04:07 - 2016-10-27 19:30 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{30D1169E-5CDA-46CF-BF49-6821A4C40CA6} 2016-12-19 04:40 - 2015-12-17 20:00 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-12-19 04:24 - 2015-12-17 20:13 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-12-19 04:24 - 2015-12-17 20:13 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-12-19 04:24 - 2012-08-31 20:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-12-19 04:20 - 2016-01-20 01:23 - 00002409 _____ C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-19 04:20 - 2014-04-30 08:08 - 00000000 ___RD C:\Users\Stephen\OneDrive 2016-12-19 04:17 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-12-19 04:17 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-12-12 01:56 - 2016-10-29 01:00 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-12-12 01:56 - 2016-10-29 01:00 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-04 15:13 - 2016-09-28 06:30 - 00003970 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2016-12-04 15:13 - 2016-09-28 06:30 - 00003738 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2016-12-04 12:31 - 2012-08-31 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-03 17:43 - 2016-01-20 01:12 - 00000000 ____D C:\Users\Stephen\AppData\Local\Packages 2016-11-27 19:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache 2016-11-25 19:33 - 2016-01-20 00:32 - 01216640 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-25 19:29 - 2016-01-20 01:13 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-11-25 19:26 - 2016-09-28 05:53 - 00421488 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-11-25 19:23 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-11-25 19:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-11-25 19:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-11-25 19:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\migwiz 2016-11-25 19:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-11-25 19:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-11-25 18:59 - 2012-08-31 22:37 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\Skype 2016-11-25 16:15 - 2015-01-15 00:27 - 00000000 ____D C:\ProgramData\Skype 2016-11-25 16:14 - 2016-06-18 08:13 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Stephen\AppData\Roaming\REHHP 2015-01-07 02:48 - 2015-01-11 21:48 - 0000063 _____ () C:\Users\Stephen\AppData\Roaming\WB.CFG 2012-08-31 22:26 - 2016-01-18 23:08 - 0016896 _____ () C:\Users\Stephen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ZeroAccess: C:\Users\Stephen\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} Some files in TEMP: ==================== C:\Users\Stephen\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-21 11:36 ==================== End of FRST.txt ============================ -
Dell laptop win10 virus/adware issues
mikehende replied to mikehende's topic in Tech Help and Discussions
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/20/2016 at 11:45 PM Application Version : 6.0.1194 Database Version : 11920 Scan type : Complete Scan Total Scan Time : 00:53:09 Operating System Information Windows 8 64-bit (Build 6.02.9200) UAC On - Limited User Memory items scanned : 883 Memory threats detected : 0 Registry items scanned : 73937 Registry threats detected : 0 File items scanned : 25429 File threats detected : 12 Adware.Tracking Cookie C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\Q6I0CNRE.cookieC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\Q6I0CNRE.cookie [ /at.atwola.com ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\MXQANZ2L.cookieC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\MXQANZ2L.cookie [ /weborama.fr ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\NFCZUFTF.txtC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\NFCZUFTF.txt [ /adtech.de ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\GTUZY4X1.cookieC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\GTUZY4X1.cookie [ /cdn.at.atwola.com ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\JW9GTAQ9.cookieC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\JW9GTAQ9.cookie [ /doubleclick.net ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\DXN065VG.txtC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\DXN065VG.txt [ /smartadserver.com ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\2THDNA4T.txtC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\2THDNA4T.txt [ /histats.com ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\2NPMPTSG.txtC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\2NPMPTSG.txt [ /bs.serving-sys.com ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\EEDGRD5J.txtC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\EEDGRD5J.txt [ /serving-sys.com ] C:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\UIDF5R00.cookieC:\Users\Stephen\AppData\Local\Microsoft\Windows\INetCookies\UIDF5R00.cookie [ /advertising.com ] Adware.Conduit/Variant C:\USERS\STEPHEN\APPDATA\LOCAL\WHITELISTING\PLUGINSWHITELISTING.DLL Adware.ConvertAds/Variant C:\USERS\STEPHEN\DESKTOP\ITUNES\VOPACKAGE.EXE ============================ Unwanted Programs Detected ============================ WinCheck ============ End of Log ============ -
Dell laptop win10 virus/adware issues
mikehende replied to mikehende's topic in Tech Help and Discussions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Home x64 Ran by Stephen (Administrator) on Wed 12/21/2016 at 0:16:32.31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 5 Successfully deleted: C:\ProgramData\esellerate (Folder) Successfully deleted: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp (Folder) Successfully deleted: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\ufsdwrr7.default\extensions\staged (Folder) Successfully deleted: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\ufsdwrr7.default\searchplugins\bing-zugo.xml (File) Successfully deleted: C:\Program Files (x86)\GUT92FA.tmp (File) Deleted the following from C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\ufsdwrr7.default\prefs.js user_pref(browser.search.selectedEngine, WebSearch); user_pref(browser.search.order.1, WebSearch); user_pref(browser.search.defaultenginename, WebSearch); user_pref(browser.search.order.1,S, WebSearch); user_pref(browser.search.defaultenginename,S, WebSearch); user_pref(browser.search.selectedEngine,S, WebSearch); user_pref(browser.search.defaulturl, hxxp://websearch.searchfix.info/?pid=724&r=2015/01/06&hid=7078040786211916489&lg=EN&cc=PT&l=1&q=); user_pref(browser.search.order.1,S, WebSearch); user_pref(browser.search.defaultenginename,S, WebSearch); user_pref(browser.search.selectedEngine,S, WebSearch); Registry: 2 Successfully deleted: HKLM\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 12/21/2016 at 0:24:07.42 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Hey Pete, been a while, are you here? If so, having problems with this machine and can use your help please. Ran the normal scans a few times. ADWCleaner on first run showed a lot of adwares, on 2nd run turned up empty. Still can't connect to the net wireless. These are the logs: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/20/16 Scan Time: 9:21 PM Logfile: mbam.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.808 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: Stephen-PC\Stephen -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 474997 Time Elapsed: 35 min, 12 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\tbdelta.exetoolbar783881609.exe, Quarantined, [879], [311785],1.0.808 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9E65342A-1692-454D-90EB-46CDF73EF670}, Quarantined, [965], [335673],1.0.808 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FB179318-8ACF-40D1-B446-E6A350FD84D4}, Quarantined, [965], [335676],1.0.808 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\tbdelta.exetoolbar783881609.exe, Quarantined, [879], [311785],1.0.808 PUP.Optional.Tuto4PC, HKU\S-1-5-21-2244106997-2420280254-724524497-1000\SOFTWARE\Tutorials, Quarantined, [112], [315308],1.0.808 Registry Value: 4 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\tbdelta.exetoolbar783881609.exe|DEBUGGER, Quarantined, [879], [311785],1.0.808 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9E65342A-1692-454D-90EB-46CDF73EF670}|PATH, Quarantined, [965], [335673],1.0.808 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FB179318-8ACF-40D1-B446-E6A350FD84D4}|PATH, Quarantined, [965], [335676],1.0.808 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\tbdelta.exetoolbar783881609.exe|DEBUGGER, Quarantined, [879], [311785],1.0.808 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
-
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
Cool, once again thank you very much for the help, till next time, all the best! -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
Yeah so very sorry, I had mentioned this option to him before taking his pc but some folks have different thoughts. BTW, I only now looked at it seems version 6 is now available: http://www.albumplayer.com/ -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
It's ok Pete, after all this work, the owner NOW decides he wants me to backup his data and reload the OS, so very sorry, only good thing which came off of this is I learned quite a lot so I thank you for that too! -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
Well Pete, all seems well now thank you very much, just one issue is the Microsoft SQL Server Desktop Engine popup which appears whenever the desktop loads, it does not uninstall from Programs nor Revo Uninstaller with the error message "An error has occured while removing the SQL Active Directory Helper Service". If it can't be uninstalled then how can I possibly prevent it from autoloading on startup please? -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
Thanks and sorry about the beard :) but no change, IE and chrome still doesn't open, when I try to open IE the same window pops up stating "iexplorer.exe - Entry Point Not Found". Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016 Ran by mostafa (17-09-2016 15:12:05) Run:1 Running from E:\AV Softwares Loaded Profiles: mostafa (Available Profiles: mostafa) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Policies\Explorer: [NoInternetIcon] 1 HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1 Startup: C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-10-31] ShortcutTarget: loons.lnk -> C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-518488637-833313989-2621144753-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File FF DefaultSearchEngine,S: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine,S: WebSearch FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Extension: (No Name) - C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net [not found] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found CHR StartupUrls: Default -> "hxxp://www.qauantumethod.org.bd/" CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Adblock Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Adblock for Youtube™) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (AdBlock) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Search Module Plus v2) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-08-01] CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Wallet) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Print Friendly PDF) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-07-11] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [mhajehkfbbhkfnfepjpadnejlamcembd] - <no Path/update_url> S2 4519cfe8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaMonitor\BocaMonitor.dll",serv S2 Strong Rise; "C:\Program Files (x86)\Strong Rise\Strong Rise.exe" [X] S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] S2 UpdateSvc; no ImagePath S0 98632471; system32\drivers\00560299.sys [X] S1 ydymrkdf; \??\C:\Windows\system32\drivers\ydymrkdf.sys [X] 2016-09-17 07:29 - 2015-08-01 16:35 - 00000998 _____ C:\Windows\Tasks\Zl6wqVw0j.job 2016-09-17 07:29 - 2015-08-01 16:14 - 00001022 _____ C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job 2016-09-17 07:29 - 2015-08-01 15:45 - 00001020 _____ C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job 2016-09-17 07:29 - 2015-08-01 15:31 - 00001008 _____ C:\Windows\Tasks\Mw31EXaU4OH8O2.job 2016-09-17 07:29 - 2015-08-01 14:37 - 00000998 _____ C:\Windows\Tasks\RqLdEdxeE.job 2016-09-17 07:29 - 2015-08-01 14:36 - 00000994 _____ C:\Windows\Tasks\kQjD6sW.job 2016-09-17 07:29 - 2015-08-01 11:32 - 00001020 _____ C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job 2016-09-17 07:29 - 2015-08-01 10:29 - 00001024 _____ C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job 2016-09-17 07:29 - 2015-08-01 09:29 - 00001030 _____ C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job 2016-09-17 07:29 - 2015-07-31 23:35 - 00000994 _____ C:\Windows\Tasks\e8CHJYS.job 2016-09-17 07:29 - 2015-07-21 11:28 - 00001004 _____ C:\Windows\Tasks\HLPDPCBXOsXR.job 2016-09-17 07:29 - 2015-07-21 10:59 - 00001012 _____ C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job 2016-09-17 07:29 - 2015-07-21 10:31 - 00001006 _____ C:\Windows\Tasks\pHG5o0vm7ufSS.job 2016-09-17 07:29 - 2015-07-21 09:15 - 00001004 _____ C:\Windows\Tasks\HDqSxfY03ASW.job 2016-09-17 07:29 - 2015-07-20 21:06 - 00001692 _____ C:\Windows\Tasks\YOXALEU.job 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj 2016-09-17 07:24 - 2016-09-17 07:24 - 0000020 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr2.bin 2015-06-14 10:31 - 2015-08-22 19:33 - 0000024 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr25.bin 2014-04-17 00:56 - 2014-05-25 00:56 - 0005265 _____ () C:\Users\mostafa\AppData\Roaming\callbanner.png 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\e8CHJYS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\kQjD6sW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\RqLdEdxeE 2014-08-12 22:01 - 2015-07-20 16:24 - 0000128 _____ () C:\Users\mostafa\AppData\Roaming\WB.CFG 2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\mostafa\AppData\Roaming\YOXALEU 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j 2015-07-20 21:09 - 2015-07-20 21:09 - 0260876 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsaF02F.tmp 2014-12-02 14:22 - 2014-12-02 14:22 - 0301608 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsl4F26.tmp 2014-12-23 18:22 - 2015-01-06 19:03 - 0000112 _____ () C:\ProgramData\s630Y6kiG.dat 2015-08-01 16:11 - 2015-08-01 16:11 - 0001491 _____ () C:\ProgramData\tempimage.bmp C:\ProgramData\s630Y6kiG.dat C:\Users\mostafa\AppData\Local\Temp\6477.exe C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe C:\Users\mostafa\AppData\Local\Temp\libeay32.dll C:\Users\mostafa\AppData\Local\Temp\links.exe C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll C:\Users\mostafa\AppData\Local\Temp\setacl.exe C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe Task: {06926D15-B537-4EFB-8942-8E064EE78768} - System32\Tasks\FactorTractor => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: {0A4EB2ED-3A76-41BF-A421-B03EEE4716DF} - System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: {0BB7549A-2EB5-44B2-91B0-CA703FAF480D} - System32\Tasks\kQjD6sW => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: {18D2BC74-0CEC-4123-8338-2C3B42B61630} - System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: {1CF734C3-8A98-44AD-9477-AD9F87160CFA} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION Task: {20F4DF97-8100-498B-966A-3D7AA6695103} - \YTDownloader -> No File <==== ATTENTION Task: {22C3700B-F28C-4A05-A173-5CC626A9839E} - \YTDownloaderUpd -> No File <==== ATTENTION Task: {39004268-7D2F-4CD4-BE26-7B875497E3E8} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION Task: {3948A097-AB47-4012-8932-342EEAA654D9} - System32\Tasks\pHG5o0vm7ufSS => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: {4D9D83CA-C646-423D-ADAE-7A7FDCC9F979} - \PastaQuotes -> No File <==== ATTENTION Task: {4F802C92-A420-43A9-AEFF-07DB234DD8D9} - \DTReg -> No File <==== ATTENTION Task: {531977ED-2B1E-4782-AD3C-8AAC52B3B014} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {664792EF-E98A-4815-93ED-9CD2BB753C4A} - System32\Tasks\HLPDPCBXOsXR => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: {674B05FA-1EF9-487F-A593-350F36E3C482} - System32\Tasks\GfIl6eXhzrtFCwN2 => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: {6A9416C5-F814-4122-9C65-CDF4979DA4DD} - System32\Tasks\SmartSpace => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: {71593A1F-057C-44D2-8A00-3A6A56CDC5BA} - \SrvDaily -> No File <==== ATTENTION Task: {739CA4A7-C20D-45B4-93E1-E61501F439E4} - \TunePro360 Updater -> No File <==== ATTENTION Task: {7A14A49C-97BE-4D8E-8F53-6B47E223B545} - System32\Tasks\RqLdEdxeE => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: {85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61} - \0 -> No File <==== ATTENTION Task: {9802DA1A-6198-4836-A7D5-5D2610620D2F} - \Secure Fast PC Auto Updater -> No File <==== ATTENTION Task: {987E0C95-25AB-430C-AF66-BAB47DF66D62} - System32\Tasks\Zl6wqVw0j => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION Task: {9B678731-D3B9-4081-9EEC-FE1933F915F4} - System32\Tasks\Mw31EXaU4OH8O2 => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: {9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION Task: {9F3C82D5-D909-44F8-B64D-75FD44E9D0B8} - System32\Tasks\YOXALEU => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: {A1160350-C215-4639-B8DD-39EF9AAEB844} - \SMWUpd -> No File <==== ATTENTION Task: {A6B956A7-6F99-47A6-B30D-292E500BE6A3} - System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => pcalua.exe -a "C:\Users\mostafa\Downloads\speesetup (2).exe" -d C:\Users\mostafa\Downloads Task: {AB24384E-EC36-4A3F-914F-3ED4A72850F8} - \Secure Fast PC Autorun -> No File <==== ATTENTION Task: {AB283D87-B031-4D01-AF83-C43689FB6F47} - \RunAsStdUser Task for VeohWebPlayer -> No File <==== ATTENTION Task: {B13592D6-D885-4C15-9084-CF012207E11C} - System32\Tasks\QaZwalXo7Y29RQRN0tTP => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: {B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB} - System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => pcalua.exe -a C:\Users\mostafa\Desktop\avira_antivir_personal_en(1).exe -d C:\Users\mostafa\Desktop Task: {B9045E8A-2890-45C5-8814-0FD886027470} - \DrspeedyPc Secure -> No File <==== ATTENTION Task: {C2EB8E87-3CCB-4159-B558-16A05E466F8F} - System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => C:\Users\mostafa\AppData\Roaming\ywy3yzbxmws4bwj\ywy3yzbxmws4bwj.exe Task: {C79D7E3B-A731-4B32-9B6A-910A08816DFA} - System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: {C8F5F136-6009-40A2-BE6E-47DDB4991F8F} - System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe <==== ATTENTION Task: {D549C481-6E1C-4198-BEC9-9DA129C511C1} - System32\Tasks\iG7r2wOvHDgnvS6oU1cw => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: {D5922277-0C90-4DE7-AC0F-5C2F21C601C5} - \Jarmeee -> No File <==== ATTENTION Task: {DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651} - System32\Tasks\HDqSxfY03ASW => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: {DE3BA38F-E0BB-463D-BE20-11A63DC9AE25} - \Smp -> No File <==== ATTENTION Task: {F5A6C0F1-2B26-4043-90F8-E6953A8487A9} - System32\Tasks\e8CHJYS => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: {FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D} - \Go for FilesUpdate -> No File <==== ATTENTION Task: C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: C:\Windows\Tasks\e8CHJYS.job => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: C:\Windows\Tasks\FactorTractor.job => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: C:\Windows\Tasks\HDqSxfY03ASW.job => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: C:\Windows\Tasks\HLPDPCBXOsXR.job => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: C:\Windows\Tasks\kQjD6sW.job => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: C:\Windows\Tasks\Mw31EXaU4OH8O2.job => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: C:\Windows\Tasks\pHG5o0vm7ufSS.job => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: C:\Windows\Tasks\RqLdEdxeE.job => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: C:\Windows\Tasks\SmartSpace.job => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: C:\Windows\Tasks\YOXALEU.job => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: C:\Windows\Tasks\Zl6wqVw0j.job => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118] AlternateDataStreams: C:\ProgramData\Temp:A4A25FD3 [260] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\webcompanion.com -> hxxp://webcompanion.com c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe C:\Users\mostafa\AppData\Roaming\YOXALEU.exe C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe C:\Users\mostafa\AppData\Roaming\YOXALEU.exe C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe CMD: ipconfig /flushdns EmptyTemp: Hosts: ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetIcon => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk => moved successfully C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe => not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => key removed successfully HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-518488637-833313989-2621144753-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKCR\PROTOCOLS\Handler\HTLFP" => key removed successfully HKCR\CLSID\{03B7A5D4-96B0-4316-95F8-072D326A58F1} => key not found. "HKCR\PROTOCOLS\Handler\vfsp" => key removed successfully HKCR\CLSID\{E4CB5121-E242-11D4-8ED6-00010219EB22} => key not found. Firefox DefaultSearchEngine,S removed successfully Firefox SearchEngineOrder.1 removed successfully Firefox SearchEngineOrder.1,S removed successfully Firefox SelectedSearchEngine,S removed successfully "HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found. "HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found. C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net => path removed successfully HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully Chrome StartupUrls => removed successfully C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => moved successfully C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge <==== ATTENTION => not found "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhajehkfbbhkfnfepjpadnejlamcembd" => key removed successfully 4519cfe8 => service removed successfully Strong Rise => service removed successfully TrustedInstaller => service removed successfully UpdateSvc => service removed successfully 98632471 => service removed successfully ydymrkdf => service removed successfully C:\Windows\Tasks\Zl6wqVw0j.job => moved successfully C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => moved successfully C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => moved successfully C:\Windows\Tasks\Mw31EXaU4OH8O2.job => moved successfully C:\Windows\Tasks\RqLdEdxeE.job => moved successfully C:\Windows\Tasks\kQjD6sW.job => moved successfully C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => moved successfully C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => moved successfully C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => moved successfully C:\Windows\Tasks\e8CHJYS.job => moved successfully C:\Windows\Tasks\HLPDPCBXOsXR.job => moved successfully C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => moved successfully C:\Windows\Tasks\pHG5o0vm7ufSS.job => moved successfully C:\Windows\Tasks\HDqSxfY03ASW.job => moved successfully C:\Windows\Tasks\YOXALEU.job => moved successfully C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj => moved successfully C:\Users\mostafa\AppData\Roaming\appdataFr2.bin => moved successfully C:\Users\mostafa\AppData\Roaming\appdataFr25.bin => moved successfully C:\Users\mostafa\AppData\Roaming\callbanner.png => moved successfully C:\Users\mostafa\AppData\Roaming\e8CHJYS => moved successfully C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON => moved successfully C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2 => moved successfully C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW => moved successfully C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR => moved successfully C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw => moved successfully C:\Users\mostafa\AppData\Roaming\kQjD6sW => moved successfully C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2 => moved successfully C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS => moved successfully C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn => moved successfully C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP => moved successfully C:\Users\mostafa\AppData\Roaming\RqLdEdxeE => moved successfully C:\Users\mostafa\AppData\Roaming\WB.CFG => moved successfully C:\Users\mostafa\AppData\Roaming\YOXALEU => moved successfully C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j => moved successfully C:\Users\mostafa\AppData\Local\nsaF02F.tmp => moved successfully C:\Users\mostafa\AppData\Local\nsl4F26.tmp => moved successfully C:\ProgramData\s630Y6kiG.dat => moved successfully C:\ProgramData\tempimage.bmp => moved successfully "C:\ProgramData\s630Y6kiG.dat" => not found. C:\Users\mostafa\AppData\Local\Temp\6477.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\links.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\setacl.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06926D15-B537-4EFB-8942-8E064EE78768}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06926D15-B537-4EFB-8942-8E064EE78768}" => key removed successfully C:\Windows\System32\Tasks\FactorTractor => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FactorTractor" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A4EB2ED-3A76-41BF-A421-B03EEE4716DF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A4EB2ED-3A76-41BF-A421-B03EEE4716DF}" => key removed successfully C:\Windows\System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6Ns0l0RtECVrF4N1Wdgdj" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BB7549A-2EB5-44B2-91B0-CA703FAF480D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB7549A-2EB5-44B2-91B0-CA703FAF480D}" => key removed successfully C:\Windows\System32\Tasks\kQjD6sW => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kQjD6sW" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18D2BC74-0CEC-4123-8338-2C3B42B61630}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D2BC74-0CEC-4123-8338-2C3B42B61630}" => key removed successfully C:\Windows\System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\q2BLvt7fLsZQzHF1w5oRKn" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CF734C3-8A98-44AD-9477-AD9F87160CFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CF734C3-8A98-44AD-9477-AD9F87160CFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20F4DF97-8100-498B-966A-3D7AA6695103}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20F4DF97-8100-498B-966A-3D7AA6695103}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22C3700B-F28C-4A05-A173-5CC626A9839E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C3700B-F28C-4A05-A173-5CC626A9839E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39004268-7D2F-4CD4-BE26-7B875497E3E8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39004268-7D2F-4CD4-BE26-7B875497E3E8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3948A097-AB47-4012-8932-342EEAA654D9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3948A097-AB47-4012-8932-342EEAA654D9}" => key removed successfully C:\Windows\System32\Tasks\pHG5o0vm7ufSS => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pHG5o0vm7ufSS" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D9D83CA-C646-423D-ADAE-7A7FDCC9F979}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D9D83CA-C646-423D-ADAE-7A7FDCC9F979}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F802C92-A420-43A9-AEFF-07DB234DD8D9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F802C92-A420-43A9-AEFF-07DB234DD8D9}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{531977ED-2B1E-4782-AD3C-8AAC52B3B014}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531977ED-2B1E-4782-AD3C-8AAC52B3B014}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{664792EF-E98A-4815-93ED-9CD2BB753C4A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664792EF-E98A-4815-93ED-9CD2BB753C4A}" => key removed successfully C:\Windows\System32\Tasks\HLPDPCBXOsXR => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HLPDPCBXOsXR" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{674B05FA-1EF9-487F-A593-350F36E3C482}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{674B05FA-1EF9-487F-A593-350F36E3C482}" => key removed successfully C:\Windows\System32\Tasks\GfIl6eXhzrtFCwN2 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GfIl6eXhzrtFCwN2" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A9416C5-F814-4122-9C65-CDF4979DA4DD}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9416C5-F814-4122-9C65-CDF4979DA4DD}" => key removed successfully C:\Windows\System32\Tasks\SmartSpace => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSpace" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71593A1F-057C-44D2-8A00-3A6A56CDC5BA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71593A1F-057C-44D2-8A00-3A6A56CDC5BA}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SrvDaily => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{739CA4A7-C20D-45B4-93E1-E61501F439E4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{739CA4A7-C20D-45B4-93E1-E61501F439E4}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A14A49C-97BE-4D8E-8F53-6B47E223B545}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A14A49C-97BE-4D8E-8F53-6B47E223B545}" => key removed successfully C:\Windows\System32\Tasks\RqLdEdxeE => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RqLdEdxeE" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9802DA1A-6198-4836-A7D5-5D2610620D2F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9802DA1A-6198-4836-A7D5-5D2610620D2F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Auto Updater" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{987E0C95-25AB-430C-AF66-BAB47DF66D62}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{987E0C95-25AB-430C-AF66-BAB47DF66D62}" => key removed successfully C:\Windows\System32\Tasks\Zl6wqVw0j => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Zl6wqVw0j" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B678731-D3B9-4081-9EEC-FE1933F915F4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B678731-D3B9-4081-9EEC-FE1933F915F4}" => key removed successfully C:\Windows\System32\Tasks\Mw31EXaU4OH8O2 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mw31EXaU4OH8O2" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordShark Auto Updater 1.10.0.20 Pending Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F3C82D5-D909-44F8-B64D-75FD44E9D0B8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F3C82D5-D909-44F8-B64D-75FD44E9D0B8}" => key removed successfully C:\Windows\System32\Tasks\YOXALEU => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YOXALEU" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1160350-C215-4639-B8DD-39EF9AAEB844}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1160350-C215-4639-B8DD-39EF9AAEB844}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6B956A7-6F99-47A6-B30D-292E500BE6A3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6B956A7-6F99-47A6-B30D-292E500BE6A3}" => key removed successfully C:\Windows\System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB24384E-EC36-4A3F-914F-3ED4A72850F8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB24384E-EC36-4A3F-914F-3ED4A72850F8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Autorun" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB283D87-B031-4D01-AF83-C43689FB6F47}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB283D87-B031-4D01-AF83-C43689FB6F47}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task for VeohWebPlayer" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B13592D6-D885-4C15-9084-CF012207E11C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B13592D6-D885-4C15-9084-CF012207E11C}" => key removed successfully C:\Windows\System32\Tasks\QaZwalXo7Y29RQRN0tTP => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QaZwalXo7Y29RQRN0tTP" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB}" => key removed successfully C:\Windows\System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B516C27F-CE30-40E1-A9B8-23AD7031C149}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9045E8A-2890-45C5-8814-0FD886027470}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9045E8A-2890-45C5-8814-0FD886027470}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DrspeedyPc Secure => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2EB8E87-3CCB-4159-B558-16A05E466F8F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2EB8E87-3CCB-4159-B558-16A05E466F8F}" => key removed successfully C:\Windows\System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlobalUpdate-ywy3yzbxmws4bwj" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C79D7E3B-A731-4B32-9B6A-910A08816DFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C79D7E3B-A731-4B32-9B6A-910A08816DFA}" => key removed successfully C:\Windows\System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eSVgwTq0ljf8i6XknwRH549ON" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8F5F136-6009-40A2-BE6E-47DDB4991F8F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8F5F136-6009-40A2-BE6E-47DDB4991F8F}" => key removed successfully C:\Windows\System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\E1DAF600-A02A-4CA0-B471-C240C9D1CA60" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D549C481-6E1C-4198-BEC9-9DA129C511C1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D549C481-6E1C-4198-BEC9-9DA129C511C1}" => key removed successfully C:\Windows\System32\Tasks\iG7r2wOvHDgnvS6oU1cw => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iG7r2wOvHDgnvS6oU1cw" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5922277-0C90-4DE7-AC0F-5C2F21C601C5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5922277-0C90-4DE7-AC0F-5C2F21C601C5}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jarmeee => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651}" => key removed successfully C:\Windows\System32\Tasks\HDqSxfY03ASW => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDqSxfY03ASW" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE3BA38F-E0BB-463D-BE20-11A63DC9AE25}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3BA38F-E0BB-463D-BE20-11A63DC9AE25}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5A6C0F1-2B26-4043-90F8-E6953A8487A9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5A6C0F1-2B26-4043-90F8-E6953A8487A9}" => key removed successfully C:\Windows\System32\Tasks\e8CHJYS => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e8CHJYS" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate => key not found. C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => not found. C:\Windows\Tasks\e8CHJYS.job => not found. C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => not found. C:\Windows\Tasks\FactorTractor.job => moved successfully C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => not found. C:\Windows\Tasks\HDqSxfY03ASW.job => not found. C:\Windows\Tasks\HLPDPCBXOsXR.job => not found. C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => not found. C:\Windows\Tasks\kQjD6sW.job => not found. C:\Windows\Tasks\Mw31EXaU4OH8O2.job => not found. C:\Windows\Tasks\pHG5o0vm7ufSS.job => not found. C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => not found. C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => not found. C:\Windows\Tasks\RqLdEdxeE.job => not found. C:\Windows\Tasks\SmartSpace.job => moved successfully C:\Windows\Tasks\YOXALEU.job => not found. C:\Windows\Tasks\Zl6wqVw0j.job => not found. C:\ProgramData\Temp => ":373E1720" ADS removed successfully. C:\ProgramData\Temp => ":A4A25FD3" ADS removed successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\16559628.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\46237229.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\55456837.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\63755908.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\69534146.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\98632471.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => key removed successfully "HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully "c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe" => not found. "C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe" => not found. "C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe" => not found. "C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe" => not found. "c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe" => not found. "C:\Users\mostafa\AppData\Roaming\YOXALEU.exe" => not found. "C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe" => not found. "C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe" => not found. "C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe" => not found. "C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe" => not found. "c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe" => not found. "C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe" => not found. "C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe" => not found. "C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe" => not found. "C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe" => not found. "C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe" => not found. "c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\YOXALEU.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe" => not found. ========= ipconfig /flushdns ========= ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 241246323 B Java, Flash, Steam htmlcache => 2326 B Windows/system/drivers => 503568549 B Edge => 0 B Chrome => 49703362 B Firefox => 17572062 B Opera => 1672600 B Temp, IE cache, history, cookies, recent: Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 477562153 B systemprofile32 => 99028446 B LocalService => 128 B NetworkService => 14172 B mostafa => 1821661397 B RecycleBin => 194147915 B EmptyTemp: => 3.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:18:45 ==== -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
That's fine Pete, take care of the car first, good luck. Aside from the browser issues, I am only seeing 2 other popups now on startup, "itunes helper" stating Apple Application Support was not found and "SQL Server service manager", thanks. -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016 Ran by mostafa (17-09-2016 07:33:58) Running from E:\AV Softwares Windows 7 Home Premium Service Pack 1 (X64) (2012-08-30 22:24:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-518488637-833313989-2621144753-500 - Administrator - Disabled) Guest (S-1-5-21-518488637-833313989-2621144753-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-518488637-833313989-2621144753-1002 - Limited - Enabled) mostafa (S-1-5-21-518488637-833313989-2621144753-1000 - Administrator - Enabled) => C:\Users\mostafa ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Athan Basic 4.4 (HKLM-x32\...\Athan) (Version: - ) bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell) Dell System Detect (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated) Dropbox (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Google Chrome (HKLM-x32\...\{94A83681-EBE7-383A-A070-DE2225F853C1}) (Version: 53.0.2785.116 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Google+ Auto Backup (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.) GUPlayer (remove only) (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\GUPlayer) (Version: - ) <==== ATTENTION Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version: - Microsoft Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) Java 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server Desktop Engine (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PricceeMionUsu (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION ProcessGeneration (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{71538ab}) (Version: - Software Publisher) <==== ATTENTION QuickTest Add-in for Quality Center (HKLM-x32\...\{A339A99A-1DBC-467F-B932-A9617743F888}) (Version: 10.00.00.00 - HP) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) SoapUI 5.0.0 5.0.0 (HKLM-x32\...\5517-2803-0637-4585) (Version: 5.0.0 - SmartBear Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06926D15-B537-4EFB-8942-8E064EE78768} - System32\Tasks\FactorTractor => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: {0859D0AE-CF8B-446F-871B-014BF138C534} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {0A4EB2ED-3A76-41BF-A421-B03EEE4716DF} - System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: {0BB7549A-2EB5-44B2-91B0-CA703FAF480D} - System32\Tasks\kQjD6sW => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: {0F187394-65FC-44EA-B711-557348E31F85} - System32\Tasks\cv => C:\Users\mostafa\Desktop\Regression_testing.vbs Task: {15D73607-E309-4E66-9CA6-B10A65929156} - System32\Tasks\{FE86151C-03B1-4958-9BC5-B9DCE9696365} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {18D2BC74-0CEC-4123-8338-2C3B42B61630} - System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: {18F988A9-09A8-463C-8E6E-A98F2F5A9634} - System32\Tasks\DS regression testing => C:\QTP\Tests\Driver Script\regressiontestingpractice1.vbs Task: {1CF734C3-8A98-44AD-9477-AD9F87160CFA} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION Task: {20F4DF97-8100-498B-966A-3D7AA6695103} - \YTDownloader -> No File <==== ATTENTION Task: {22C3700B-F28C-4A05-A173-5CC626A9839E} - \YTDownloaderUpd -> No File <==== ATTENTION Task: {234C70A0-9510-4406-8BFA-1C4C1C4ED46E} - System32\Tasks\{FFA56E06-F725-4C4C-A45C-4DD82AD11EFC} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {245ED950-1B3D-4285-A01D-E111085E7E3F} - System32\Tasks\regressiontestingdriverscript => C:\Users\mostafa\Desktop\RegressiontestingonDS.vbs Task: {292DF875-5CB4-4C72-8E32-3E0B9F9C13C3} - System32\Tasks\n => C:\Users\mostafa\Desktop\DriverScript.vbs Task: {2A1CC49A-A97B-4BCC-8EA4-3E243AFB3A3E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation) Task: {39004268-7D2F-4CD4-BE26-7B875497E3E8} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION Task: {3948A097-AB47-4012-8932-342EEAA654D9} - System32\Tasks\pHG5o0vm7ufSS => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: {4D9D83CA-C646-423D-ADAE-7A7FDCC9F979} - \PastaQuotes -> No File <==== ATTENTION Task: {4F802C92-A420-43A9-AEFF-07DB234DD8D9} - \DTReg -> No File <==== ATTENTION Task: {531977ED-2B1E-4782-AD3C-8AAC52B3B014} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {5B0055E1-8D1C-420D-B241-FF249885E035} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.) Task: {6489DDD5-797A-40DF-8636-2D3DB2FFDA6B} - System32\Tasks\{C67A3FB7-C990-4C91-869F-4A5ACC0C8103} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {664792EF-E98A-4815-93ED-9CD2BB753C4A} - System32\Tasks\HLPDPCBXOsXR => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: {674B05FA-1EF9-487F-A593-350F36E3C482} - System32\Tasks\GfIl6eXhzrtFCwN2 => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: {67849C74-159F-4785-9B1D-715886885712} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {67CC633B-15B3-4210-BAFE-237A644209A5} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-05-27] (Glarysoft Ltd) Task: {696724AD-DDE6-4B42-B010-1A23BD83D89D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6A9416C5-F814-4122-9C65-CDF4979DA4DD} - System32\Tasks\SmartSpace => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: {6B009E06-BD4E-488F-A825-CD96D615EEC8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.) Task: {6B50436C-B94F-4A71-A6BE-F0910F986084} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {6EBA229C-CDAA-4620-960E-5D7A2F581540} - System32\Tasks\DriverScript => C:\Users\mostafa\Desktop\DriverScript.vbs Task: {71593A1F-057C-44D2-8A00-3A6A56CDC5BA} - \SrvDaily -> No File <==== ATTENTION Task: {739CA4A7-C20D-45B4-93E1-E61501F439E4} - \TunePro360 Updater -> No File <==== ATTENTION Task: {75ACD787-46F3-420C-B349-F809EF73D8D2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {78C2762B-8C37-4641-9503-8A949C5BE47E} - System32\Tasks\vb => C:\Users\mostafa\Desktop\RegressiontestingonDS.vbs Task: {7A14A49C-97BE-4D8E-8F53-6B47E223B545} - System32\Tasks\RqLdEdxeE => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: {7D99140D-80CA-42E1-ACD6-18A47072A579} - System32\Tasks\Trigger KMS Activation => C:\movie\KMSNano v15 Offline Office and Windows KMS Activator\Get Your Software Here\TriggerKMS.exe Task: {85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61} - \0 -> No File <==== ATTENTION Task: {8634A9AB-6952-4E5B-981F-E74B1EC55FCA} - System32\Tasks\na => C:\Users\mostafa\Desktop\DriverScript.vbs Task: {864305F8-1C5D-4629-8711-817B887341DB} - System32\Tasks\{2720132F-AFDB-49A5-AE9F-A8F8911E4A1B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {8A05B514-88DF-4672-9D70-4BD91D9AEC6E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {9136B2F4-F83C-4183-8A39-744547D655C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-11-01] (Microsoft Corporation) Task: {9802DA1A-6198-4836-A7D5-5D2610620D2F} - \Secure Fast PC Auto Updater -> No File <==== ATTENTION Task: {987E0C95-25AB-430C-AF66-BAB47DF66D62} - System32\Tasks\Zl6wqVw0j => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION Task: {9B678731-D3B9-4081-9EEC-FE1933F915F4} - System32\Tasks\Mw31EXaU4OH8O2 => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: {9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION Task: {9F3C82D5-D909-44F8-B64D-75FD44E9D0B8} - System32\Tasks\YOXALEU => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: {A03CBC09-5680-4E79-AD04-652BC1C6A42D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {A1160350-C215-4639-B8DD-39EF9AAEB844} - \SMWUpd -> No File <==== ATTENTION Task: {A242D276-1040-452A-9454-842E21607461} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-11-01] (Microsoft Corporation) Task: {A4703617-E1C1-44A4-9A14-856C9DE8DCF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {A6B956A7-6F99-47A6-B30D-292E500BE6A3} - System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => pcalua.exe -a "C:\Users\mostafa\Downloads\speesetup (2).exe" -d C:\Users\mostafa\Downloads Task: {AB24384E-EC36-4A3F-914F-3ED4A72850F8} - \Secure Fast PC Autorun -> No File <==== ATTENTION Task: {AB283D87-B031-4D01-AF83-C43689FB6F47} - \RunAsStdUser Task for VeohWebPlayer -> No File <==== ATTENTION Task: {AFAAE557-A681-470B-A3A6-1EA9183196AC} - System32\Tasks\{21C2C291-AF4D-4F68-9159-1E13D5BAF185} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {B13592D6-D885-4C15-9084-CF012207E11C} - System32\Tasks\QaZwalXo7Y29RQRN0tTP => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: {B3573691-9C93-46AE-ABDE-C93106E72749} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation) Task: {B59CBAC9-BD68-41B9-8517-C7EFA955595D} - System32\Tasks\nbB => C:\QTP\Tests\Driver Script\regressiontestingpractice1.vbs Task: {B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB} - System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => pcalua.exe -a C:\Users\mostafa\Desktop\avira_antivir_personal_en(1).exe -d C:\Users\mostafa\Desktop Task: {B9045E8A-2890-45C5-8814-0FD886027470} - \DrspeedyPc Secure -> No File <==== ATTENTION Task: {C1C99090-6280-40CD-BBC7-431CD13901E5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {C2886577-0940-49E7-8109-3F1E64A1B4FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {C2EB8E87-3CCB-4159-B558-16A05E466F8F} - System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => C:\Users\mostafa\AppData\Roaming\ywy3yzbxmws4bwj\ywy3yzbxmws4bwj.exe Task: {C4F59BDB-28ED-4FE2-B61C-D4A4DE29F1D2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.) Task: {C79D7E3B-A731-4B32-9B6A-910A08816DFA} - System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: {C8F5F136-6009-40A2-BE6E-47DDB4991F8F} - System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe <==== ATTENTION Task: {CA458640-5B25-41B4-963E-09E9C538E660} - System32\Tasks\{D17B719E-3EA9-4101-A120-E38EF6742E71} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {CF56B95A-207E-43E0-AF79-05EE8B2B4F12} - System32\Tasks\4928 => Wscript.exe C:\Users\mostafa\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {D33A107F-58AC-415C-B2A7-D0580702FEC5} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {D549C481-6E1C-4198-BEC9-9DA129C511C1} - System32\Tasks\iG7r2wOvHDgnvS6oU1cw => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: {D5922277-0C90-4DE7-AC0F-5C2F21C601C5} - \Jarmeee -> No File <==== ATTENTION Task: {DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651} - System32\Tasks\HDqSxfY03ASW => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: {DE3BA38F-E0BB-463D-BE20-11A63DC9AE25} - \Smp -> No File <==== ATTENTION Task: {E70E36DB-39E3-43A3-BE56-198D98BF6151} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.) Task: {E8D1D386-A84E-44E4-BF4A-5E0B98544D56} - System32\Tasks\RegressionTest => C:\Users\mostafa\Desktop\Regression_testing.vbs Task: {F3271291-BB06-4979-B362-E99A6344DFDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation) Task: {F478A6EB-AA17-42F2-9B31-C597A5F50633} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {F5A6C0F1-2B26-4043-90F8-E6953A8487A9} - System32\Tasks\e8CHJYS => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: {FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D} - \Go for FilesUpdate -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: C:\Windows\Tasks\e8CHJYS.job => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: C:\Windows\Tasks\FactorTractor.job => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HDqSxfY03ASW.job => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: C:\Windows\Tasks\HLPDPCBXOsXR.job => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: C:\Windows\Tasks\kQjD6sW.job => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: C:\Windows\Tasks\Mw31EXaU4OH8O2.job => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: C:\Windows\Tasks\pHG5o0vm7ufSS.job => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: C:\Windows\Tasks\RqLdEdxeE.job => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: C:\Windows\Tasks\SmartSpace.job => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\YOXALEU.job => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: C:\Windows\Tasks\Zl6wqVw0j.job => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-12-06 11:10 - 2011-07-20 09:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2015-10-07 22:44 - 2015-11-01 03:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2011-12-06 10:21 - 2011-09-22 12:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2011-09-15 20:28 - 2011-09-15 20:28 - 00340240 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 2006-02-02 01:43 - 2006-02-02 01:43 - 00006144 _____ () c:\oraclexe\app\oracle\product\10.2.0\server\bin\orajox10.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118] AlternateDataStreams: C:\ProgramData\Temp:A4A25FD3 [260] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-07-20 20:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-518488637-833313989-2621144753-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 4.2.2.2 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^mostafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Athan => C:\Program Files (x86)\Athan\Athan.exe MSCONFIG\startupreg: Avro Keyboard => C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: ROC_roc_ssl_v12 => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: Sendori Tray => "C:\Program Files (x86)\Sendori\SendoriTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Weather => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 22-02-2016 22:52:07 Windows Backup 16-09-2016 21:16:57 Windows Backup Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/17/2016 07:30:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 07:30:32 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. Error: (09/17/2016 07:25:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 07:25:13 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. Error: (09/17/2016 07:09:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 944 Start Time: 01d210d3c19a79b6 Termination Time: 4 Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Report Id: 3f63617a-7cc7-11e6-ae9f-4c80932b161d Error: (09/17/2016 07:07:54 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1578 Start Time: 01d210d2cc93081b Termination Time: 10 Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Report Id: f7d2cfe9-7cc6-11e6-ae9f-4c80932b161d Error: (09/17/2016 06:58:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 06:58:03 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. Error: (09/17/2016 06:47:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 06:47:21 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. System errors: ============= Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/17/2016 07:30:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/17/2016 07:30:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/17/2016 07:30:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: 98632471 Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UpdateSvc service failed to start due to the following error: The system cannot find the path specified. Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Strong Rise service failed to start due to the following error: The system cannot find the file specified. Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error ==================== Memory info =========================== Processor: Intel® Core i3-2330M CPU @ 2.20GHz Percentage of memory in use: 51% Total physical RAM: 3990.17 MB Available physical RAM: 1930.03 MB Total Virtual: 7978.52 MB Available Virtual: 5201.46 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:161.52 GB) NTFS Drive e: (2G-3) (Removable) (Total:1.91 GB) (Free:1.48 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=06) ==================== End of Addition.txt ============================ -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016 Ran by mostafa (administrator) on MOSTAFA-PC (17-09-2016 07:31:52) Running from E:\AV Softwares Loaded Profiles: mostafa (Available Profiles: mostafa) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Oracle Corporation) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor) HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation) HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [Google+ Auto Backup] => "C:\Users\mostafa\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\mostafa\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [GoogleChromeAutoLaunch_E608B80824651D113E6B7511C53058BB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [967496 2016-09-13] (Google Inc.) HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.) HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware) HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Policies\Explorer: [NoInternetIcon] 1 HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellExecuteHooks-x32: ShHook Class - {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\Windows\SysWOW64\ShellHook.dll [147456 2009-01-01] (Mercury Interactive (Israel) Ltd.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2015-10-31] ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SQL Server.lnk [2016-03-23] ShortcutTarget: SQL Server.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\scm.exe (Microsoft Corporation) Startup: C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-10-31] ShortcutTarget: loons.lnk -> C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{57492ED1-4AFC-4679-ACD0-672DF90D912E}: [NameServer] 0.0.0.0 Tcpip\..\Interfaces\{91794A27-4BAD-47A9-A4BA-EAE7117D1D15}: [NameServer] 4.2.2.2,8.8.8.8 Tcpip\..\Interfaces\{91794A27-4BAD-47A9-A4BA-EAE7117D1D15}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CC9D3702-65DA-4B5C-BB0F-14371749D2F1}: [DhcpNameServer] 97.64.168.12 97.64.183.165 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {6C38CD4F-4B28-4693-A8D7-4EC16D74A0AE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-518488637-833313989-2621144753-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File FireFox: ======== FF ProfilePath: C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine,S: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: Bing FF SelectedSearchEngine,S: WebSearch FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\file\java\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\file\java\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Extension: (No Name) - C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net [not found] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.qauantumethod.org.bd/" CHR Profile: C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23] CHR Extension: (Google Drive) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-08-24] CHR Extension: (YouTube) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-08-24] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-30] CHR Extension: (Ad.Block.Pro) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafdmgkjbpmgbnhgiopdbnocjlnjdoop [2015-08-31] CHR Extension: (Ad Block Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojlnaiknmeeddcghnlbhnfplpiimjk [2015-08-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23] CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-08-24] CHR Extension: (Gmail) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24] CHR Profile: C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (YouTube) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19] CHR Extension: (Adblock Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Adblock for Youtube™) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Search) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19] CHR Extension: (encaiiljifbdbjlphpgpiimidegddhic) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2015-08-01] CHR Extension: (AdBlock) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Search Module Plus v2) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-08-01] CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20] CHR Extension: (Google Wallet) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Print Friendly PDF) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-07-11] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Cinemax Video 1.9cV20.07) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-07-20] CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Gmail) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM-x32\...\Chrome\Extension: [mhajehkfbbhkfnfepjpadnejlamcembd] - <no Path/update_url> Opera: ======= OPR Extension: (cnjfgbikbkcmickdalamlmpmkhmbollm) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjfgbikbkcmickdalamlmpmkhmbollm [2015-08-01] OPR Extension: (ehhkfhegcenpfoanmgfpfhnmdmflkbgk) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2015-08-01] OPR Extension: (encaiiljifbdbjlphpgpiimidegddhic) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2015-08-01] OPR Extension: (fnbmdojpgjpmjjmnjdnbobcdhenmmgod) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnbmdojpgjpmjjmnjdnbobcdhenmmgod [2015-08-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) R2 MSSQLSERVER; C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed] R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed] S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed] R2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed] S3 SharedAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 SharedAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 4519cfe8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaMonitor\BocaMonitor.dll",serv S2 Strong Rise; "C:\Program Files (x86)\Strong Rise\Strong Rise.exe" [X] S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] S2 UpdateSvc; no ImagePath ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2014-11-19] (Windows ® Codename Longhorn DDK provider) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S2 paldrv; C:\Windows\SysWOW64\pal_drv.sys [11107 2009-01-01] (Mercury Interactive Corp.) [File not signed] R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-01-21] (Sony Ericsson Mobile Communications) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S0 98632471; system32\drivers\00560299.sys [X] S1 ydymrkdf; \??\C:\Windows\system32\drivers\ydymrkdf.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-17 07:31 - 2016-09-17 07:31 - 00000000 ____D C:\FRST 2016-09-17 07:24 - 2016-09-17 07:24 - 00000020 _____ C:\Users\mostafa\AppData\Roaming\appdataFr2.bin 2016-09-17 05:47 - 2016-09-17 06:46 - 00000000 ____D C:\SUPERDelete 2016-09-17 05:46 - 2016-09-17 06:46 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d.job 2016-09-17 05:46 - 2016-09-17 06:46 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c.job 2016-09-17 05:46 - 2016-09-17 05:46 - 00003600 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c 2016-09-17 05:46 - 2016-09-17 05:46 - 00003526 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d 2016-09-17 05:46 - 2016-09-17 05:46 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\SUPERAntiSpyware.com 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-17 07:32 - 2012-09-02 10:01 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-09-17 07:30 - 2011-12-06 10:25 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2016-09-17 07:30 - 2011-12-06 10:25 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2016-09-17 07:30 - 2011-12-06 10:20 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-09-17 07:29 - 2016-03-23 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-17 07:29 - 2015-08-01 16:35 - 00000998 _____ C:\Windows\Tasks\Zl6wqVw0j.job 2016-09-17 07:29 - 2015-08-01 16:14 - 00001022 _____ C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job 2016-09-17 07:29 - 2015-08-01 15:45 - 00001020 _____ C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job 2016-09-17 07:29 - 2015-08-01 15:31 - 00001008 _____ C:\Windows\Tasks\Mw31EXaU4OH8O2.job 2016-09-17 07:29 - 2015-08-01 14:37 - 00000998 _____ C:\Windows\Tasks\RqLdEdxeE.job 2016-09-17 07:29 - 2015-08-01 14:36 - 00000994 _____ C:\Windows\Tasks\kQjD6sW.job 2016-09-17 07:29 - 2015-08-01 11:32 - 00001020 _____ C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job 2016-09-17 07:29 - 2015-08-01 10:29 - 00001024 _____ C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job 2016-09-17 07:29 - 2015-08-01 09:29 - 00001030 _____ C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job 2016-09-17 07:29 - 2015-07-31 23:35 - 00000994 _____ C:\Windows\Tasks\e8CHJYS.job 2016-09-17 07:29 - 2015-07-21 11:28 - 00001004 _____ C:\Windows\Tasks\HLPDPCBXOsXR.job 2016-09-17 07:29 - 2015-07-21 10:59 - 00001012 _____ C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job 2016-09-17 07:29 - 2015-07-21 10:31 - 00001006 _____ C:\Windows\Tasks\pHG5o0vm7ufSS.job 2016-09-17 07:29 - 2015-07-21 09:15 - 00001004 _____ C:\Windows\Tasks\HDqSxfY03ASW.job 2016-09-17 07:29 - 2015-07-20 21:06 - 00001692 _____ C:\Windows\Tasks\YOXALEU.job 2016-09-17 07:29 - 2014-11-19 20:06 - 00000031 _____ C:\Windows\system32\bbcap.err 2016-09-17 07:29 - 2012-09-28 12:52 - 00000328 _____ C:\Windows\Tasks\GlaryInitialize.job 2016-09-17 07:29 - 2012-08-30 19:36 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\Skype 2016-09-17 07:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-17 07:28 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-17 07:28 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-17 07:22 - 2015-01-05 13:11 - 00000000 ____D C:\AdwCleaner 2016-09-17 07:10 - 2015-08-01 16:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-17 07:08 - 2016-03-23 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-17 07:04 - 2009-07-14 01:13 - 00088058 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-17 07:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-09-17 06:51 - 2012-10-20 23:31 - 00000000 ____D C:\Users\mostafa\AppData\LocalLow\Yahoo! 2016-09-17 06:51 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System 2016-09-17 05:35 - 2016-03-23 19:31 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\BitTorrent 2016-09-17 05:34 - 2011-12-06 10:45 - 00000000 ____D C:\ProgramData\Sonic 2016-09-17 05:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas 2016-09-17 05:20 - 2015-08-24 20:49 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-17 05:20 - 2015-08-24 20:49 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-17 05:05 - 2014-12-28 17:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-17 05:03 - 2016-03-23 19:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-17 05:03 - 2016-03-23 19:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-17 05:00 - 2012-10-24 20:02 - 00000000 ____D C:\Users\mostafa\AppData\LocalLow\Temp 2016-09-17 04:54 - 2015-11-16 20:20 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2016-09-17 04:54 - 2012-09-01 14:01 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\PCDr 2016-09-17 04:44 - 2015-08-01 16:35 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-17 04:44 - 2015-08-01 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-17 04:44 - 2015-08-01 16:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-16 22:08 - 2014-04-16 00:56 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-09-16 22:08 - 2013-08-14 12:19 - 00000258 __RSH C:\Users\mostafa\ntuser.pol 2016-09-16 22:08 - 2012-08-30 18:24 - 00000000 ____D C:\Users\mostafa 2016-09-16 22:03 - 2015-06-06 07:41 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\Alarmed Clan 2016-09-16 21:56 - 2014-11-03 00:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer ==================== Files in the root of some directories ======= 2014-10-25 21:01 - 2014-10-25 21:00 - 0843304 _____ () C:\Program Files (x86)\chrome-update.exe 2015-07-05 12:42 - 2015-07-05 12:42 - 0931408 _____ (Google Inc.) C:\Program Files (x86)\ChromeSetup.exe 2014-08-28 15:14 - 2014-08-28 15:14 - 0244120 _____ () C:\Program Files (x86)\Firefox Setup Stub 31.0.exe 2015-05-12 19:22 - 2015-05-12 19:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico 2014-10-08 14:52 - 2014-10-08 14:52 - 0000288 _____ () C:\Users\mostafa\AppData\Roaming\.backup.dm 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj 2016-09-17 07:24 - 2016-09-17 07:24 - 0000020 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr2.bin 2015-06-14 10:31 - 2015-08-22 19:33 - 0000024 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr25.bin 2014-04-17 00:56 - 2014-05-25 00:56 - 0005265 _____ () C:\Users\mostafa\AppData\Roaming\callbanner.png 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\e8CHJYS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\kQjD6sW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\RqLdEdxeE 2014-08-12 22:01 - 2015-07-20 16:24 - 0000128 _____ () C:\Users\mostafa\AppData\Roaming\WB.CFG 2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\mostafa\AppData\Roaming\YOXALEU 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j 2015-07-20 21:09 - 2015-07-20 21:09 - 0260876 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsaF02F.tmp 2014-12-02 14:22 - 2014-12-02 14:22 - 0301608 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsl4F26.tmp 2015-07-11 12:33 - 2015-07-11 12:33 - 0000000 _____ () C:\Users\mostafa\AppData\Local\Temp.dat 2014-12-23 18:22 - 2015-01-06 19:03 - 0000112 _____ () C:\ProgramData\s630Y6kiG.dat 2015-08-01 16:11 - 2015-08-01 16:11 - 0001491 _____ () C:\ProgramData\tempimage.bmp ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install Files to move or delete: ==================== C:\ProgramData\s630Y6kiG.dat Some files in TEMP: ==================== C:\Users\mostafa\AppData\Local\Temp\6477.exe C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe C:\Users\mostafa\AppData\Local\Temp\libeay32.dll C:\Users\mostafa\AppData\Local\Temp\links.exe C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll C:\Users\mostafa\AppData\Local\Temp\setacl.exe C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll [2011-12-06 11:30] - [2015-07-20 20:47] - 0357888 _____ (Microsoft Corporation) 3ABBFD64E4FFF6A0D99E93ECD288127F C:\Windows\SysWOW64\dnsapi.dll [2011-12-06 11:30] - [2015-07-20 20:48] - 0270336 ____N (Microsoft Corporation) F0E7F233ABC7CBB6ACFB6210ECE3D5B1 C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2016-02-16 22:31 ==================== End of FRST.txt ============================ -
Heavily infected win7 Dell machine
mikehende replied to mikehende's topic in Tech Help and Discussions
# AdwCleaner v6.020 - Logfile created 17/09/2016 at 07:22:34 # Updated on 14/09/2016 by ToolsLib # Database : 2016-09-17.1 [server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : mostafa - MOSTAFA-PC # Running from : E:\AV Softwares\AdwCleaner.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File deleted: C:\Users\mostafa\AppData\Roaming\appdataFr2.bin ***** [ DLL ] ***** [!] File not disinfected: C:\Windows\System32\dnsapi.dll [!] File not disinfected: C:\Windows\SysWOW64\dnsapi.dll ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [!] Task not deleted: RunAsStdUser Task for VeohWebPlayer [!] Task not deleted: Secure Fast PC Auto Updater [!] Task not deleted: Secure Fast PC Autorun [!] Task not deleted: YTDownloader [!] Task not deleted: YTDownloaderUpd [!] Task not deleted: Microsoft\Windows\Multimedia\SMupdate3 [!] Task not deleted: Microsoft\Windows\Maintenance\SMupdate2 [!] Task not deleted: 0 ***** [ Registry ] ***** [#] Key deleted on reboot: HKLM\SOFTWARE\076d8b5f-a755-4da5-a5ba-cbb57f301128 [#] Key deleted on reboot: HKLM\SOFTWARE\09f40017-2bc6-4d67-9e7f-beceee00cf7d [#] Key deleted on reboot: HKLM\SOFTWARE\1bf8e8a5-9def-424d-858d-4ebb8ad4821f [#] Key deleted on reboot: HKLM\SOFTWARE\40e97be2-3cf7-4df0-aeb7-0fbd80b53f4e [#] Key deleted on reboot: HKLM\SOFTWARE\4cc93419-f013-44cf-952f-fca8ceb1a86c [#] Key deleted on reboot: HKLM\SOFTWARE\79780c0b-152c-428c-a9b2-ed599a44e62d [#] Key deleted on reboot: HKLM\SOFTWARE\94af48d0-240e-43ee-a287-117229f80267 [#] Key deleted on reboot: HKLM\SOFTWARE\9aee7b62-ff08-4ac3-90a5-d4347c0b5f93 [#] Key deleted on reboot: HKLM\SOFTWARE\9d359427-2ddb-e538-b5d6-3dee3bf7d717 [#] Key deleted on reboot: HKLM\SOFTWARE\b4a36f4f-4903-4387-b9b2-9c1658a7e152 [#] Key deleted on reboot: HKLM\SOFTWARE\be02515d-c866-446b-a162-98083dd195d6 [#] Key deleted on reboot: HKLM\SOFTWARE\d0ee02c1-0297-4c0d-9957-37299f816763 [#] Key deleted on reboot: HKLM\SOFTWARE\ebc956f4-11e1-434c-b671-6464a7d33bf2 [#] Key deleted on reboot: HKLM\SOFTWARE\ed41810f-e3c5-4fa9-b719-90c46eeb999d [#] Key deleted on reboot: HKLM\SOFTWARE\f44b7b4f-1641-46ef-ae69-f2e10e86e233 [#] Key deleted on reboot: HKLM\SOFTWARE\fd14bed6-7255-415c-8172-78e946a940aa [#] Key deleted on reboot: HKLM\SOFTWARE\fee66025-5b6a-4778-b666-21336946a6ec [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1(1).exe [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}_is1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Features\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Classes\TornTvDownloader.File [#] Key deleted on reboot: HKCU\Software\Classes\TornTvDownloader.File [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\pc-mechanic [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.BrowserHandler [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TornTvDownloader.File [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [#] Key deleted on reboot: [x64] HKCU\Software\Classes\TornTvDownloader.File [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\pc-mechanic [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TornTvDownloader.File [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} [#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C} [#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} [#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{672B1330-7E4A-4D61-BE04-E2A132F04E1E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [#] Key deleted on reboot: HKU\.DEFAULT\Software\IBUpdaterService [#] Key deleted on reboot: HKU\.DEFAULT\Software\IM [#] Key deleted on reboot: HKU\.DEFAULT\Software\ImInstaller [#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ [#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 [#] Key deleted on reboot: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\canortic [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\eSupport.com [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\GlobalUpdate [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\InstalledBrowserExtensions [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Tinstalls [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\NpApp [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Reg\Clean [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Store [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\tstamptoken [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\WeatherAlerts [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\WEBAPP [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Yahoo\Companion [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\Software\Yahoo\Companion [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\BabylonToolbar [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\IM [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Iminent [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\spd [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\SweetIM [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Updater By Sweetpacks [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\WNLT [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 [#] Key deleted on reboot: HKU\S-1-5-18\Software\IBUpdaterService [#] Key deleted on reboot: HKU\S-1-5-18\Software\IM [#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 [#] Key deleted on reboot: HKCU\Software\canortic [#] Key deleted on reboot: HKCU\Software\eSupport.com [#] Key deleted on reboot: HKCU\Software\GlobalUpdate [#] Key deleted on reboot: HKCU\Software\InstalledBrowserExtensions [#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls [#] Key deleted on reboot: HKCU\Software\NpApp [#] Key deleted on reboot: HKCU\Software\Reg\Clean [#] Key deleted on reboot: HKCU\Software\Store [#] Key deleted on reboot: HKCU\Software\tstamptoken [#] Key deleted on reboot: HKCU\Software\WeatherAlerts [#] Key deleted on reboot: HKCU\Software\WEBAPP [#] Key deleted on reboot: HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Shop For Rewards [#] Key deleted on reboot: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks [#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion [#] Key deleted on reboot: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} [#] Key deleted on reboot: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [#] Key deleted on reboot: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: HKLM\SOFTWARE\GlobalUpdate [#] Key deleted on reboot: HKLM\SOFTWARE\NpApp [#] Key deleted on reboot: HKLM\SOFTWARE\Reg\Clean [#] Key deleted on reboot: HKLM\SOFTWARE\SearchModule [#] Key deleted on reboot: HKLM\SOFTWARE\Taronja [#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue [#] Key deleted on reboot: HKLM\SOFTWARE\Universal [#] Key deleted on reboot: HKLM\SOFTWARE\Yahoo\Companion [#] Key deleted on reboot: HKLM\SOFTWARE\Lavasoft\Web Companion [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36BA0E82-2B7D-79E6-9AC9-572294FDA2BB} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\BabylonToolbar [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\IM [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Iminent [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\spd [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\SweetIM [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Updater By Sweetpacks [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\WNLT [#] Key deleted on reboot: [x64] HKCU\Software\canortic [#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com [#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate [#] Key deleted on reboot: [x64] HKCU\Software\InstalledBrowserExtensions [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls [#] Key deleted on reboot: [x64] HKCU\Software\NpApp [#] Key deleted on reboot: [x64] HKCU\Software\Reg\Clean [#] Key deleted on reboot: [x64] HKCU\Software\Store [#] Key deleted on reboot: [x64] HKCU\Software\tstamptoken [#] Key deleted on reboot: [x64] HKCU\Software\WeatherAlerts [#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-518488637-833313989-2621144753-1000\Products\363FB0CBBA367FF4E81FEAD0F717B142 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Optimizer Pro [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ROC_roc_ssl_v12 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} [#] Key deleted on reboot: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [34605 Bytes] - [17/09/2016 06:55:14] C:\AdwCleaner\AdwCleaner[C2].txt - [28378 Bytes] - [17/09/2016 07:22:34] C:\AdwCleaner\AdwCleaner[R0].txt - [70089 Bytes] - [05/01/2015 13:11:31] C:\AdwCleaner\AdwCleaner[R1].txt - [1472 Bytes] - [05/01/2015 14:01:45] C:\AdwCleaner\AdwCleaner[s0].txt - [68878 Bytes] - [05/01/2015 13:22:31] C:\AdwCleaner\AdwCleaner[s1].txt - [30149 Bytes] - [17/09/2016 06:51:32] C:\AdwCleaner\AdwCleaner[s2].txt - [25183 Bytes] - [17/09/2016 07:21:12] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [28821 Bytes] ########## -
Hey Pete, how's it going, been a while, hope all is well? I can use some help with this heavily infected pc please. I ran mbam 2 times, found a lot of stuff but showed ok on 3rd run. SAS did not show any infections. Adwcleaner I ran twice and showed infections but JRT won't run. IE and Chrome has issues opening and functioning properly on the net. I have attached the logs I am able to run. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/17/2016 Scan Time: 5:53 AM Logfile: mbam og.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.17.03 Rootkit Database: v2016.08.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: mostafa Scan Type: Threat Scan Result: Completed Objects Scanned: 424805 Time Elapsed: 31 min, 32 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
-
Large Backup file on other disk?
mikehende replied to mikehende's topic in Tech Help and Discussions
Owner is not pc savvy, it's not an issue, I was just curios. -
Large Backup file on other disk?
mikehende replied to mikehende's topic in Tech Help and Discussions
This pc's license came with win7 Home but Pro is installed, I am guessing they had made a backup of either OS and that is why the file was that large? -
Large Backup file on other disk?
mikehende replied to mikehende's topic in Tech Help and Discussions
Not understanding, image file of? -
Hey guys, I had worked on an Acer machine which HDD showed a full but could not see any large docs, files, pis e.t.c anywhere on the HDD. I did see a file named "PC" which as a whopping 297GB file but when i tried to open it it kept asking to "connect to the disk on which the files are located". Does this mean that file might have been an image file of another pc please?
-
How to get to Internet Options in IE?
mikehende replied to mikehende's topic in Tech Help and Discussions
Ohh sorry, YES, that works nicely, thanks! -
How to get to Internet Options in IE?
mikehende replied to mikehende's topic in Tech Help and Discussions
That video did not work. Don't know about cortana screen. On the bottom of my screen is the start tab, next to it is contana showing "I'm cortana. Ask me anything." -
How to get to Internet Options in IE?
mikehende replied to mikehende's topic in Tech Help and Discussions
Did everything, restarted but edge is still there