missybriarwood Posted September 13, 2017 ID:1163176 Share Posted September 13, 2017 I have a friend who says that their PC was hacked and subsequently infected. Their firewall doesn't work, their PC is running incredibly slow, their antivirus is gone, and they can't download or install anything. They also run Windows 7 Ultimate if that helps with anything. They did tell me that, if nothing else works, they have no problem with formatting (however I'd prefer that to be a last resort if possible). Despite not being able to download anything I had them attempt to download Farbar to see if that would work at all. They were able to download FRST using a download manager so we're getting somewhere. They're still unable to install any programs, but they can at least use the download manager to download things. I also wanted to note that my friend and I can only communicate online at the moment, though we can still send files to each other just fine. I'm only mentioning this in case it's of any importance. Here are the Farbar logs: FRST.txt Addition.txt Link to post Share on other sites More sharing options...
missybriarwood Posted September 13, 2017 Author ID:1163278 Share Posted September 13, 2017 I had them attempt to install Malwarebytes and they were able to do so successfully. (Thank goodness!) It took probably about 3-4 hours to complete due to the lag. They're also quarantining the threats. Here's the MBAM scan log: Scan_log.txt Link to post Share on other sites More sharing options...
Aura Posted September 14, 2017 ID:1163283 Share Posted September 14, 2017 Hi missybriarwood My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Once your friend is done quarantining the threats detected by Malwarebytes, ask him to do the following. AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply RogueKiller Download the right version of RogueKiller for your Windows version (32 or 64-bit) Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner) Wait for the scan to complete On completion, the results will be displayed Check every single entry (threat found), and click on the Remove Selected button On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner) This will open the report in Notepad. Copy/paste its content in your next reply Your next reply(ies) should therefore contain: Copy/pasted AdwCleaner clean log Copy/pasted RogueKiller clean log Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163320 Share Posted September 14, 2017 (edited) Hello Aura! Thank you for taking the time to assist us! Unfortunately, my friend says that no AdwCleaner log appeared after a restart, however they did provide a scan log from the program which I will post in the next reply, in case it'll help a little better than having no log at all. I'll have to wait until tomorrow to send the RogueKiller log as it's taking a while for their scan to complete and I need to head to bed soon. I'll make sure to post it in the morning. Edited September 14, 2017 by missybriarwood Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163322 Share Posted September 14, 2017 # AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 01:24:21 2017 # Updated on 2017/29/08 by Malwarebytes # Database: 09-13-2017.1 # Running on Windows 7 Ultimate (X86) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** PUP.Optional.Legacy, BackupStack PUP.Optional.Legacy, NetHttpService PUP.Optional.Legacy, ServiceUpdater PUP.Optional.DefaultTab, DefaultTabSearch ***** [ Folders ] ***** Adware.Elex, C:\Windows\System32\SearchProtect PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver whiz PUP.Optional.Legacy, C:\ProgramData\driver whiz PUP.Optional.Legacy, C:\ProgramData\Application Data\driver whiz PUP.Optional.Legacy, C:\Users\All Users\driver whiz PUP.Optional.Legacy, C:\Users\m\AppData\Local\Mobogenie PUP.Optional.Legacy, C:\Users\m\AppData\Local\VirtualStore\Program Files\Mobogenie PUP.Optional.Legacy, C:\ProgramData\BetterSoft PUP.Optional.Legacy, C:\ProgramData\Application Data\BetterSoft PUP.Optional.Legacy, C:\Users\All Users\BetterSoft PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\BabSolution PUP.Optional.Legacy, C:\Users\m\AppData\Local\Temp\DProtect PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\dvdvideosoftiehelpers PUP.Optional.Legacy, C:\Users\m\AppData\Local\Temp\eIntaller PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\eIntaller PUP.Optional.Legacy, C:\Users\m\AppData\Local\genienext PUP.Optional.Legacy, C:\Users\m\AppData\Local\iLivid PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\iPumper PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper PUP.Optional.Legacy, C:\Users\m\AppData\Local\Temp\mt_ffx PUP.Optional.Legacy, C:\Program Files\OApps PUP.Optional.Legacy, C:\ProgramData\RightClick PUP.Optional.Legacy, C:\ProgramData\Application Data\RightClick PUP.Optional.Legacy, C:\Users\All Users\RightClick PUP.Optional.Legacy, C:\Program Files\SafeSaver PUP.Optional.Legacy, C:\ProgramData\StarApp PUP.Optional.Legacy, C:\ProgramData\Application Data\StarApp PUP.Optional.Legacy, C:\Users\All Users\StarApp PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue PUP.Optional.Legacy, C:\Program Files\Uniblue PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Uniblue PUP.Optional.Legacy, C:\Users\m\AppData\Local\Pokki PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\337 PUP.Optional.Conduit, C:\ProgramData\Conduit PUP.Optional.Conduit, C:\ProgramData\Application Data\Conduit PUP.Optional.Conduit, C:\Users\All Users\Conduit PUP.Optional.Conduit, C:\Users\m\AppData\Local\Conduit PUP.Optional.Conduit, C:\Users\m\AppData\LocalLow\Conduit PUP.Optional.PriceGong, C:\Users\m\AppData\LocalLow\PriceGong PUP.Optional.USTechSupport, C:\ProgramData\USTechSupport PUP.Optional.USTechSupport, C:\ProgramData\Application Data\USTechSupport PUP.Optional.USTechSupport, C:\Program Files\USTechSupport PUP.Optional.USTechSupport, C:\Users\All Users\USTechSupport PUP.Optional.USTechSupport, C:\Users\m\AppData\Roaming\USTechSupport PUP.Optional.MyPCBackup, C:\Program Files\MyPC Backup Rogue.ForcedExtension, C:\ProgramData\apn Rogue.ForcedExtension, C:\ProgramData\Application Data\apn Rogue.ForcedExtension, C:\Users\All Users\apn PUP.Optional.TidyNetwork.A, C:\Users\m\AppData\Local\TNT2 PUP.Optional.APNToolBar.Gen, C:\Users\m\AppData\Local\Temp\APN-Stub PUP.Optional.SoftwareUpdater.A, C:\Users\m\AppData\Local\SwvUpdater PUP.Optional.Vittalia, C:\Program Files\Vittalia PUP.Optional.DriverPack, C:\Program Files\DriverPack Notifier PUP.Optional.DriverPack, C:\Users\m\AppData\Roaming\DriverPack Notifier PUP.Optional.DriverPack, C:\Users\m\AppData\Roaming\DRPSu PUP.Optional.SysTweak, C:\Users\m\AppData\Roaming\Systweak PUP.Optional.TidyNetwork, C:\Users\m\AppData\Local\TNT2 PUP.Optional.MixiDJToolbar, C:\Users\m\AppData\LocalLow\mixidj PUP.Optional.TornTV, C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com PUP.Optional.SimilarSites, C:\Program Files\SimilarSites PUP.Optional.NextLive, C:\Users\m\AppData\Roaming\newnext.me PUP.Adware.Heuristic, C:\Program Files\Optimizer Pro ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Hao123.lnk PUP.Optional.Legacy, C:\Windows\System32\hfnapi.dll PUP.Optional.Legacy, C:\END PUP.Optional.Legacy, C:\Windows\System32\hfpapi.dll PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk PUP.Optional.Legacy, C:\Windows\System32\drivers\nethfdrv.sys PUP.Optional.Legacy, C:\Windows\System32\roboot.exe PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\invalidprefs.js PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\searchplugins\search-here.xml PUP.Optional.Uniblue, C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk PUP.Optional.NetworkUpdate, C:\Windows\System32\nethtsrv.exe PUP.Adware.Heuristic, C:\Windows\System32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys PUP.Adware.Heuristic, C:\Windows\System32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy, Windows Updater PUP.Optional.Legacy, gc_scheduler PUP.Optional.Legacy, up_scheduler PUP.Optional.Legacy, Escolade PUP.Optional.Legacy, Driver Whiz-RTMRules PUP.Optional.Legacy, Driver Whiz-RTMScan PUP.Optional.Legacy, Driver Whiz-RTMUpdater PUP.Optional.Legacy, windows updater PUP.Optional.Uniblue, dsmonitor PUP.Optional.RegCleanerPro, RegClean Pro ***** [ Registry ] ***** PUP.Optional.PCOptimizerPro, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownLite PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\DownLite PUP.Optional.Legacy, [Key] - HKCU\Software\DownLite PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\BABSOLUTION PUP.Optional.Legacy, [Key] - HKCU\Software\BABSOLUTION PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Cr_Installer PUP.Optional.Legacy, [Key] - HKCU\Software\Cr_Installer PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\dosearchessoftware PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\DProtect PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Escolade PUP.Optional.Legacy, [Key] - HKCU\Software\Escolade PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\FTdownloader V4.0 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTdownloader V4.0 PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\FTdownloader V4.0 PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\FTdownloader V4.0 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\ilivid PUP.Optional.Legacy, [Key] - HKCU\Software\ilivid PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\InstalledBrowserExtensions PUP.Optional.Legacy, [Key] - HKCU\Software\InstalledBrowserExtensions PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\PrivitizeVPNInstallDates PUP.Optional.Legacy, [Key] - HKCU\Software\PrivitizeVPNInstallDates PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SP Global PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SProtector PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\SProtector PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\SProtector PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\StartSearch PUP.Optional.Legacy, [Key] - HKCU\Software\StartSearch PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Uniblue PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A} PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | DisableAddonLoadTimePerformanceNotifications PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\DefaultTab PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\DefaultTab PUP.Optional.DefaultTab, [Key] - HKCU\Software\AppDataLow\Software\DefaultTab PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\Default Tab PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Default Tab PUP.Optional.DefaultTab, [Key] - HKCU\Software\Default Tab PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Conduit PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Conduit PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit PUP.Optional.Conduit, [Key] - HKCU\Software\AppDataLow\Software\Conduit PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\ConduitSearchScopes PUP.Optional.Conduit, [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes PUP.Optional.Uniblue, [Key] - HKLM\SOFTWARE\Uniblue\DriverScanner PUP.Optional.BetterSurf, [Key] - HKLM\SOFTWARE\Better-Surf PUP.Optional.PriceGong, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\PriceGong PUP.Optional.PriceGong, [Key] - HKCU\Software\AppDataLow\Software\PriceGong PUP.Optional.CrossRider, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider PUP.Optional.CrossRider, [Key] - HKCU\Software\AppDataLow\Software\Crossrider PUP.Optional.1ClickDownload, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload PUP.Optional.1ClickDownload, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\1ClickDownload PUP.Optional.1ClickDownload, [Key] - HKCU\Software\1ClickDownload PUP.Optional.383Media, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe PUP.Optional.Delta.ShrtCln, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta LTD PUP.Optional.Delta.ShrtCln, [Key] - HKCU\Software\delta LTD PUP.Optional.MyPCBackup, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup PUP.Optional.WebBar, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Toolbar PUP.Optional.WebBar, [Key] - HKCU\Software\AppDataLow\Toolbar PUP.Optional.WeDownLoadManager, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\WEDLMNGR PUP.Optional.WeDownLoadManager, [Key] - HKCU\Software\WEDLMNGR PUP.Optional.SofTonicAssistant, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Softonic PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Softonic PUP.Optional.Vittalia, [Key] - HKLM\SOFTWARE\Vittalia PUP.Optional.Vittalia, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia PUP.Optional.DriverPack, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverPack Notifier PUP.Optional.DriverPack, [Key] - HKLM\SOFTWARE\drpsu PUP.Optional.DriverPack, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\drpsu PUP.Optional.DriverPack, [Key] - HKCU\Software\drpsu PUP.Optional.InstallIQ, [Key] - HKLM\SOFTWARE\InstallIQ PUP.Optional.CrossRider.C, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider PUP.Optional.CrossRider.C, [Key] - HKCU\Software\AppDataLow\Software\Crossrider PUP.Optional.SysTweak, [Key] - HKLM\SOFTWARE\systweak PUP.Optional.SysTweak, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\systweak PUP.Optional.SysTweak, [Key] - HKCU\Software\systweak PUP.Optional.OpenSoftware.Updater, [Key] - HKLM\SOFTWARE\SoftwareUpdater PUP.Optional.TidyNetwork, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\TNT2 PUP.Optional.TidyNetwork, [Key] - HKCU\Software\TNT2 PUP.Optional.TidyNetwork, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A} PUP.Optional.RegCleanPro, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 PUP.Optional.Delta, [Key] - HKLM\SOFTWARE\delta PUP.Optional.Delta, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta PUP.Optional.Delta, [Key] - HKCU\Software\delta PUP.Optional.BrowseFox, [Key] - HKLM\SOFTWARE\LemurLeap PUP.Optional.BrowseFox, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\LemurLeap PUP.Optional.BrowseFox, [Key] - HKCU\Software\LemurLeap PUP.Optional.DefaultTab.A, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77} PUP.Optional.DefaultTab.A, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} PUP.Optional.BrowseFox.A, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} PUP.Optional.Webexp, [Key] - HKLM\SOFTWARE\Webexp Enhanced Trojan.Agent.E.Generic, [Key] - HKLM\SOFTWARE\hosts Trojan.Agent.E.Generic, [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\hosts Trojan.Agent.E.Generic, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\hosts Trojan.Agent.E.Generic, [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\hosts Trojan.Agent.E.Generic, [Key] - HKCU\Software\AppDataLow\Software\hosts PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO.1 PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox.1 PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3289075 PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup-r834-n-bi.exe PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Applications\iMeshSetup-r1443-n-bf.exe PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35c60f99-ae77-4499-a9ce-90b8ac96ac65} PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## Link to post Share on other sites More sharing options...
Aura Posted September 14, 2017 ID:1163446 Share Posted September 14, 2017 The logfile should be this one below, if he can grab it and send it to you C:\AdwCleaner\AdwCleaner[C0].txt Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163470 Share Posted September 14, 2017 Alright! I've let them know where they can find it. In the meantime here's the RogueKiller log. Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163474 Share Posted September 14, 2017 RogueKiller V12.11.14.0 [Sep 11 2017] (Free) ÈæÇÓØÉ ÈÑäÇãÌ Adlice ÇáÈÑíÏ ÇáÅáßÊÑæäí : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com ÇáãæÞÚ : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com äÙÇã ÇáÊÔÛíá : Windows 7 (6.1.7601 Service Pack 1) 32 bits version íÈÏà Ýí : ÇáãÓÊÎÏã : PANDA [ãÓÄæá] Started from : C:\Program Files\RogueKiller\RogueKiller.exe ÇáæÖÚ : ÝÍÕ -- Çáíæã : 09/14/2017 04:29:06 (Duration : 05:06:02) ¤¤¤ ÇáÚãáíÉ : 0 ¤¤¤ ¤¤¤ ÇáãÓÌá : 31 ¤¤¤ [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311551174} (C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322552274} (C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} (C:\Program Files\OApps\SelectionLinks.dll) -> ??? [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} (C:\ProgramData\Browase2saaVE\51658cb8edef5.dll) -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\babylontoolbar -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551174} (C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll) -> ??? [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} (C:\ProgramData\Browase2saaVE\51658cb8edef5.dll) -> ??? [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> ??? [VT.Unknown] HKEY_USERS\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : C:\AdwCleaner\AdwCleaner[C0].txt [-] -> ??? [PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> ??? [PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> ??? [PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DefaultTabSearch (C:\Program Files\DefaultTab\DefaultTabSearch.exe) -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DPService (C:\Users\m\AppData\Local\DProtect\DProtectSvc.exe) -> ??? [PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> ??? [PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> ??? [PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update LemurLeap ("C:\Program Files\LemurLeap\updateLemurLeap.exe") -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Util LemurLeap ("C:\Program Files\LemurLeap\bin\utilLemurLeap.exe") -> ??? [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ??? [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ??? [PUM.HomePage] HKEY_USERS\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 -> ??? [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ??? [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ??? [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ??? [PUM.HomePage] HKEY_USERS\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 -> ??? [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ??? [Root.ZeroAccess] HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | (default) : C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a\n. [x] -> ??? [Root.ZeroAccess] HKEY_CLASSES_ROOT\CLSID\{5839fca9-774d-42a1-acda-d6a79037f57f}\InprocServer32 | (default) : C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a\n. [x] -> ??? [Hj.Shortcut] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | (default) : C:\Program Files\Mozilla Firefox\firefox.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1379759180 -> ??? [Hj.Shortcut] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | (default) : C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1379759134 -> ??? [Hj.Shortcut] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command | (default) : "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1500242882 -> ??? ¤¤¤ ÇáãåÇã : 3 ¤¤¤ [PUP.Gen1] %WINDIR%\Tasks\FTdownloader V4.0-codedownloader.job -- C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe (/reinstallapp /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1381989767 /statsdomain=http://stats.datasrvstats.com /errorsdomain=http://errors.datasrvstats.com /codedownloaddomain=http://cr.install-daddy.com /allusers /externallog='') -> ??? [PUP.Gen1] %WINDIR%\Tasks\FTdownloader V4.0-enabler.job -- C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exe (/enablebho /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=http://stats.datasrvstats.com /errorsdomain=http://errors.datasrvstats.com /bhoguid=11111111-1111-1111-1111-110311551174 /allusers /externallog='') -> ??? [PUP.Gen1] %WINDIR%\Tasks\FTdownloader V4.0-updater.job -- C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-updater.exe (/runupdater /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=http://stats.datasrvstats.com /errorsdomain=http://errors.datasrvstats.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.datasrvstats.com /updaterversion=1 /externallog='') -> ??? ¤¤¤ ÇáãáÝÇÊ : 15 ¤¤¤ [PUP.Gen1][ãáÝ] C:\ProgramData\Babylon -> ??? [PUP.Gen1][ãáÝ] C:\ProgramData\Trymedia -> ??? [Hj.Shortcut][ãáÝ] C:\Users\m\Desktop\firefox - Shortcut.lnk [LNK@] C:\PROGRA~1\MOZILL~1\firefox.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1500242882 -> ??? [PUP.Gen1][ãáÝ] C:\Users\m\AppData\Roaming\Babylon -> ??? [PUP.Gen1][ãáÝ] C:\Users\m\AppData\Local\Babylon -> ??? [Tr.Gen0][ãáÝ] C:\Users\m\AppData\Local\Temp\1.txt -> ??? [PUP.Gen0][ãáÝ] C:\Users\m\AppData\Local\Temp\mrtA727.tmp\stdrt.exe -> ??? [PUP.Gen1][ãáÝ] C:\ProgramData\Babylon -> ??? [PUP.Gen1][ãáÝ] C:\ProgramData\Trymedia -> ??? [Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a\L -> ??? [Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a\U -> ??? [Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a\L -> ??? [Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a\U -> ??? [PUP.Gen3][ãáÝ] C:\Program Files\Mozilla Firefox\searchplugins\dosearches.xml -> ??? [Hj.Shortcut][ãáÝ] C:\Users\m\Desktop\firefox - Shortcut.lnk [LNK@] C:\PROGRA~1\MOZILL~1\firefox.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1500242882 -> ??? ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ ãáÝ ÇáåæÓÊ : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: ãÍãá) ¤¤¤ ¤¤¤ ÇáãÊÕÝÍ : 5 ¤¤¤ [PUM.HomePage][Firefox:Config] m78g5t0e.default : user_pref("browser.startup.homepage", "http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064"); -> ??? [PUM.NewTab][Firefox:Config] m78g5t0e.default : user_pref("browser.newtab.url", "http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064"); -> ??? [PUM.SearchEngine][Firefox:Config] m78g5t0e.default : user_pref("browser.search.selectedEngine", "dosearches"); -> ??? [PUM.SearchEngine][Firefox:Config] m78g5t0e.default : user_pref("browser.search.defaultenginename", "dosearches"); -> ??? [PUM.HomePage][Chrome:Config] Default : homepage [http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1403975740] -> ??? ¤¤¤ ÝÍÕ Çá MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++ --- User --- [MBR] a049eaa7f50472b2afd4437686db7019 [BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 47543 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 97369965 | Size: 429393 MB User = LL1 ... OK User = LL2 ... OK Link to post Share on other sites More sharing options...
Aura Posted September 14, 2017 ID:1163476 Share Posted September 14, 2017 Did he quarantine the threats detected by RogueKiller, or did he just run a scan? Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163477 Share Posted September 14, 2017 I'm not sure. I'll have to make sure he did that. Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163497 Share Posted September 14, 2017 He did indeed quarantine the scanned items. I also have the clean log for AdwCleaner now. He can't find the clean log for RogueKiller now though. Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163502 Share Posted September 14, 2017 # AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 01:42:16 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: BackupStack Deleted: NetHttpService Deleted: ServiceUpdater Deleted: DefaultTabSearch ***** [ Folders ] ***** Deleted: C:\Windows\System32\SearchProtect Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver whiz Deleted: C:\ProgramData\driver whiz Deleted: C:\ProgramData\Application Data\driver whiz Deleted: C:\Users\All Users\driver whiz Deleted: C:\Users\m\AppData\Local\Mobogenie Deleted: C:\Users\m\AppData\Local\VirtualStore\Program Files\Mobogenie Deleted: C:\ProgramData\BetterSoft Deleted: C:\ProgramData\Application Data\BetterSoft Deleted: C:\Users\All Users\BetterSoft Deleted: C:\Users\m\AppData\Roaming\BabSolution Deleted: C:\Users\m\AppData\Local\Temp\DProtect Deleted: C:\Users\m\AppData\Roaming\dvdvideosoftiehelpers Deleted: C:\Users\m\AppData\Local\Temp\eIntaller Deleted: C:\Users\m\AppData\Roaming\eIntaller Deleted: C:\Users\m\AppData\Local\genienext Deleted: C:\Users\m\AppData\Local\iLivid Deleted: C:\Users\m\AppData\Roaming\iPumper Deleted: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper Deleted: C:\Users\m\AppData\Local\Temp\mt_ffx Deleted: C:\Program Files\OApps Deleted: C:\ProgramData\RightClick Deleted: C:\ProgramData\Application Data\RightClick Deleted: C:\Users\All Users\RightClick Deleted: C:\Program Files\SafeSaver Deleted: C:\ProgramData\StarApp Deleted: C:\ProgramData\Application Data\StarApp Deleted: C:\Users\All Users\StarApp Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue Deleted: C:\Program Files\Uniblue Deleted: C:\Users\m\AppData\Roaming\Uniblue Deleted: C:\Users\m\AppData\Local\Pokki Deleted: C:\Users\m\AppData\Roaming\337 Deleted: C:\ProgramData\Conduit Deleted: C:\ProgramData\Application Data\Conduit Deleted: C:\Users\All Users\Conduit Deleted: C:\Users\m\AppData\Local\Conduit Deleted: C:\Users\m\AppData\LocalLow\Conduit Deleted: C:\Users\m\AppData\LocalLow\PriceGong Deleted: C:\ProgramData\USTechSupport Deleted: C:\ProgramData\Application Data\USTechSupport Deleted: C:\Program Files\USTechSupport Deleted: C:\Users\All Users\USTechSupport Deleted: C:\Users\m\AppData\Roaming\USTechSupport Deleted: C:\Program Files\MyPC Backup Deleted: C:\ProgramData\apn Deleted: C:\ProgramData\Application Data\apn Deleted: C:\Users\All Users\apn Deleted: C:\Users\m\AppData\Local\TNT2 Deleted: C:\Users\m\AppData\Local\Temp\APN-Stub Deleted: C:\Users\m\AppData\Local\SwvUpdater Deleted: C:\Program Files\Vittalia Deleted: C:\Program Files\DriverPack Notifier Deleted: C:\Users\m\AppData\Roaming\DriverPack Notifier Deleted: C:\Users\m\AppData\Roaming\DRPSu Deleted: C:\Users\m\AppData\Roaming\Systweak Deleted: C:\Users\m\AppData\Local\TNT2 Deleted: C:\Users\m\AppData\LocalLow\mixidj Deleted: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com Deleted: C:\Program Files\SimilarSites Deleted: C:\Users\m\AppData\Roaming\newnext.me Deleted: C:\Program Files\Optimizer Pro ***** [ Files ] ***** Deleted: C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk Deleted: C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Hao123.lnk Deleted: C:\Windows\System32\hfnapi.dll Deleted: C:\END Deleted: C:\Windows\System32\hfpapi.dll Deleted: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk Deleted: C:\Windows\System32\drivers\nethfdrv.sys Deleted: C:\Windows\System32\roboot.exe Deleted: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\invalidprefs.js Deleted: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\searchplugins\search-here.xml Deleted: C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk Deleted: C:\Windows\System32\nethtsrv.exe Deleted: C:\Windows\System32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys Deleted: C:\Windows\System32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Windows Updater Deleted: gc_scheduler Deleted: up_scheduler Deleted: Escolade Deleted: Driver Whiz-RTMRules Deleted: Driver Whiz-RTMScan Deleted: Driver Whiz-RTMUpdater Deleted: windows updater Deleted: dsmonitor Deleted: RegClean Pro ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownLite Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\DownLite Deleted: [Key] - HKCU\Software\DownLite Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\BABSOLUTION Deleted: [Key] - HKCU\Software\BABSOLUTION Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Cr_Installer Deleted: [Key] - HKCU\Software\Cr_Installer Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Deleted: [Key] - HKLM\SOFTWARE\dosearchessoftware Deleted: [Key] - HKLM\SOFTWARE\DProtect Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Escolade Deleted: [Key] - HKCU\Software\Escolade Deleted: [Key] - HKLM\SOFTWARE\FTdownloader V4.0 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTdownloader V4.0 Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\FTdownloader V4.0 Deleted: [Key] - HKCU\Software\AppDataLow\Software\FTdownloader V4.0 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\ilivid Deleted: [Key] - HKCU\Software\ilivid Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\InstalledBrowserExtensions Deleted: [Key] - HKCU\Software\InstalledBrowserExtensions Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\PrivitizeVPNInstallDates Deleted: [Key] - HKCU\Software\PrivitizeVPNInstallDates Deleted: [Key] - HKLM\SOFTWARE\SP Global Deleted: [Key] - HKLM\SOFTWARE\SProtector Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\SProtector Deleted: [Key] - HKCU\Software\AppDataLow\SProtector Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\StartSearch Deleted: [Key] - HKCU\Software\StartSearch Deleted: [Key] - HKLM\SOFTWARE\Uniblue Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Deleted: [Key] - HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88} Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} Deleted: [Key] - HKCU\Software\Classes\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A} Deleted: [Key] - HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Deleted: [Key] - HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications Deleted: [Key] - HKLM\SOFTWARE\DefaultTab Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\DefaultTab Deleted: [Key] - HKCU\Software\AppDataLow\Software\DefaultTab Deleted: [Key] - HKLM\SOFTWARE\Default Tab Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Default Tab Deleted: [Key] - HKCU\Software\Default Tab Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SOFTWARE\Conduit Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Conduit Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Conduit Deleted: [Key] - HKCU\Software\Conduit Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\ConduitSearchScopes Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes Deleted: [Key] - HKLM\SOFTWARE\Uniblue\DriverScanner Deleted: [Key] - HKLM\SOFTWARE\Better-Surf Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\PriceGong Deleted: [Key] - HKCU\Software\AppDataLow\Software\PriceGong Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\1ClickDownload Deleted: [Key] - HKCU\Software\1ClickDownload Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta LTD Deleted: [Key] - HKCU\Software\delta LTD Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Toolbar Deleted: [Key] - HKCU\Software\AppDataLow\Toolbar Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\WEDLMNGR Deleted: [Key] - HKCU\Software\WEDLMNGR Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Softonic Deleted: [Key] - HKCU\Software\Softonic Deleted: [Key] - HKLM\SOFTWARE\Vittalia Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverPack Notifier Deleted: [Key] - HKLM\SOFTWARE\drpsu Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\drpsu Deleted: [Key] - HKCU\Software\drpsu Deleted: [Key] - HKLM\SOFTWARE\InstallIQ Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider Deleted: [Key] - HKLM\SOFTWARE\systweak Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\systweak Deleted: [Key] - HKCU\Software\systweak Deleted: [Key] - HKLM\SOFTWARE\SoftwareUpdater Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\TNT2 Deleted: [Key] - HKCU\Software\TNT2 Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 Deleted: [Key] - HKLM\SOFTWARE\delta Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta Deleted: [Key] - HKCU\Software\delta Deleted: [Key] - HKLM\SOFTWARE\LemurLeap Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\LemurLeap Deleted: [Key] - HKCU\Software\LemurLeap Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Deleted: [Key] - HKLM\SOFTWARE\Webexp Enhanced Deleted: [Key] - HKLM\SOFTWARE\hosts Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\hosts Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\hosts Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\hosts Deleted: [Key] - HKCU\Software\AppDataLow\Software\hosts Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO.1 Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox.1 Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3289075 Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup-r834-n-bi.exe Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iMeshSetup-r1443-n-bf.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35c60f99-ae77-4499-a9ce-90b8ac96ac65} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [22890 B] - [2017/9/14 1:24:21] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Link to post Share on other sites More sharing options...
Aura Posted September 14, 2017 ID:1163512 Share Posted September 14, 2017 Awesome Now, ask him to run a new scan with FRST, and to provide us a fresh set of logs (FRST.txt and Addition.txt). Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163523 Share Posted September 14, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2017 02 Ran by m (administrator) on M-PC (14-09-2017 17:36:26) Running from C:\Users\m\Desktop Loaded Profiles: m (Available Profiles: m) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe (Intel) C:\Program Files\Intel Driver Update Utility\DSAService.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe (Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe (Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe (Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe (Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1846384 2017-06-16] (Smadsoft) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2154096 2011-04-06] (VIA) HKLM\...\Run: [DSATray] => C:\Program Files\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel) HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [8221896 2017-06-16] (FreeDownloadManager.org) HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Policies\Explorer: [DisallowRun] 0 HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac496-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac4a5-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-06] (Microsoft Corporation) Startup: C:\Users\m\AppData\Local\Start\MyPC Backup.lnk [2014-07-16] ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File) GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{3EB0E13E-8E45-44F4-A10A-E9A7A210659F}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{675DCF96-BE84-4AB1-9C1A-79DC33B55311}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{841212F6-ACA9-439B-892E-F89B86FD40A8}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{848E9A04-C2AF-4161-821E-4F6DE4FDF04E}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{91F7C5A3-837D-4989-BD38-E98D67CD7D50}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{EC8B69B7-2A1B-489B-8AC1-1876D8627DE5}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{FFD0D415-57EB-4C71-B80A-CE53A5D1FB98}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabic.arabia.msn.com/?ocid=iehp HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 URLSearchHook: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File URLSearchHook: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms} SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=52461078D244774B&affID=120695&tsp=4954 SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1404551398&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {446F0CFE-F4F0-46E1-9000-A1756964F954} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282495&CUI=UN17744103336735511&UM=1 SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} URL = hxxp://search.us.com/serp?guid={8974B658-4B16-4498-AA13-1593888CFF35}&action=default_search&serpv=5&k={searchTerms} SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028 SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=225 BHO: FTdownloader V4.0 -> {11111111-1111-1111-1111-110311551174} -> C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll => No File BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2012-04-07] (RealPlayer) BHO: Media View -> {48dd38e3-4119-4895-8961-0d7bd17fe190} -> C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ie\MediaViewV1alpha4983.dll [2014-02-27] () BHO: . -> {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File BHO: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll => No File BHO: Browase2saaVE -> {A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} -> C:\ProgramData\Browase2saaVE\51658cb8edef5.dll => No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Toolbar: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File Toolbar: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> uTorrentControl_v6 Toolbar - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6 Freeware\RNetPin.dll No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default [2017-09-14] FF user.js: detected! => C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\user.js [2013-07-26] FF NewTab: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064 FF DefaultSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches FF SelectedSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches FF Homepage: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064 FF Session Restore: Mozilla\Firefox\Profiles\m78g5t0e.default -> is enabled. FF Extension: (Browase2saaVE) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\cmt0zpnvfv@kuiiiu.net [2012-04-10] [not signed] FF Extension: (alnaddyToolbar.com) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\ffxtlbr@alnaddyToolbar.com [2012-04-10] [not signed] FF Extension: (Fast Search by Surf Canyon) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} [2014-02-03] [not signed] FF Extension: (SuperSmashBros ) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{d1bf4285-e49f-447e-8249-976311c07344} [2014-07-02] [not signed] FF Extension: (Media View) - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff [2014-03-03] [not signed] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: (RealPlayer Browser Record Plugin) - C:\Program Files\Real\RealPlayer\browserrecord [2012-04-07] [not signed] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff => not found FF HKLM\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate FF Extension: (Mozilla Auto-Update) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-11-03] [not signed] FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff => not found FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff => not found FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha153.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha153\ff => not found FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha310.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha310\ff => not found FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha4983.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home6866.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home6866\ff => not found FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-05-26] [not signed] FF HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [No File] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File] FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File] FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-02] (Adobe Systems) FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tightropeinteractive.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll [No File] FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tnt2ghost.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-09] (Nullsoft, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [boipimhfjpakfgckhbljjengakjhkcbp] - C:\Users\m\AppData\Roaming\BabSolution\CR\mixiDj.crx <not found> CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx <not found> CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\m\AppData\Roaming\BabSolution\CR\Delta.crx <not found> CHR HKLM\...\Chrome\Extension: [gmdoiobfkangimkkodmdklhdlnkmpljc] - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ch\MediaViewV1alpha4983.crx [2014-02-27] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx <not found> CHR HKLM\...\Chrome\Extension: [iijdejcjlbgbpkdjanfjanndnffpkfdl] - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbar.crx <not found> CHR HKLM\...\Chrome\Extension: [jlnfdbbladgcmhhamgkioifhbobjaoof] - C:\Program Files\LemurLeap\jlnfdbbladgcmhhamgkioifhbobjaoof.crx <not found> CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx <not found> CHR HKLM\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files\FTDownloader.com\FTDownloader10.crx <not found> CHR HKLM\...\Chrome\Extension: [nohggfehlfggmhadohogpgfipdbegokp] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha153\ch\WebexpEnhancedV1alpha153.crx <not found> CHR HKLM\...\Chrome\Extension: [ojgckilddijehegemacdfpflendgdemi] - C:\Program Files\MediaWatchV1\MediaWatchV1home6866\ch\MediaWatchV1home6866.crx <not found> CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx <not found> CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found> CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx [2013-06-15] CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx [2013-05-29] Opera: ======= OPR Extension: (LemurLeap) - C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli [2017-06-30] StartMenuInternet: (HKLM) Opera - F:\برامج\المخزن\Opera.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1402902953 ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BAVSvc; C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe [1554280 2013-07-08] (Baidu, Inc.) S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.) S4 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.) S4 cFosSpeedS; C:\network\spd.exe [476504 2017-03-30] (cFos Software GmbH) R2 DSAService; C:\Program Files\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel) S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET) S4 Etisalat 3.75G USB Modem. RunOuc; F:\ETT\Etisalat 3.75G USB Modem\UpdateDog\ouc.exe [655712 2011-12-23] () R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] S4 GlassWire; C:\Program Files\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC) S4 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) S4 PCFasterSvc_{PCFaster_3.6.0.35848}; C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFasterSvc.exe [567792 2013-07-12] (Baidu Inc.) [File not signed] S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.) S4 cfos6linksrv; "C:\Program Files\cfos6link\cfos6link.exe" -service [X] S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2015-02-03] (BlueStack Systems) R3 cfos6link; C:\Windows\System32\DRIVERS\cfos6link.sys [525016 2010-05-03] (cFos Software GmbH) R3 cFosBC; C:\Windows\System32\DRIVERS\cfosbc6.sys [323288 2009-04-09] (cFos Software GmbH) S2 cFosNT; C:\Windows\System32\Drivers\cFosNT.sys [1314520 2014-02-05] (cFos Software GmbH) R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1099096 2017-03-30] (cFos Software GmbH) R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43344 2013-10-13] () R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET) S4 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET) R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-29] (SecureMix LLC) S3 hid7906; C:\Windows\System32\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation) S3 hid8101; C:\Windows\System32\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation) S3 hid8103; C:\Windows\System32\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-03-07] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2011-11-24] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [195072 2012-03-07] (Huawei Technologies Co., Ltd.) S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2013-06-03] () [File not signed] S3 NPF; C:\Windows\System32\drivers\npf.sys [32512 2005-08-03] (CACE Technologies) [File not signed] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2011-03-29] (VIA Technologies, Inc.) S3 h647906; system32\drivers\h647906.sys [X] S3 h648101; system32\drivers\h648101.sys [X] S3 h648103; system32\drivers\h648103.sys [X] S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S1 tghxxxuf; \??\C:\Windows\system32\drivers\tghxxxuf.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w; system32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys [X] S1 {910baceb-efc0-4fe2-bc67-ee485894a7c4}w; system32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-07 16:31 - 2017-11-07 16:31 - 000002626 _____ C:\Users\m\Downloads\legitcheck.hta 2017-09-14 17:36 - 2017-09-14 17:41 - 000025205 _____ C:\Users\m\Desktop\FRST.txt 2017-09-14 17:31 - 2017-09-14 17:31 - 001794048 _____ (Farbar) C:\Users\m\Desktop\FRST.exe 2017-09-14 17:31 - 2017-09-14 17:31 - 000000000 ____D C:\Users\m\Desktop\FRST-OlderVersion 2017-09-14 04:29 - 2017-09-14 04:29 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-09-14 04:28 - 2017-09-14 10:26 - 000000000 ____D C:\ProgramData\RogueKiller 2017-09-14 04:26 - 2017-09-14 04:26 - 000001008 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-09-14 04:26 - 2017-09-14 04:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-09-14 04:25 - 2017-09-14 17:02 - 000000000 ____D C:\Program Files\RogueKiller 2017-09-14 04:18 - 2017-09-11 10:46 - 035835424 _____ (Adlice Software ) C:\Users\m\Desktop\setup.exe 2017-09-14 03:12 - 2017-09-14 03:42 - 000000000 ____D C:\AdwCleaner 2017-09-14 00:56 - 2017-09-14 17:14 - 000006054 _____ C:\Users\m\Desktop\SMADAV log.txt 2017-09-13 21:39 - 2017-09-14 14:18 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-13 21:37 - 2017-09-14 14:18 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-13 21:36 - 2017-09-14 14:17 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-13 21:36 - 2017-09-13 21:36 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-13 21:36 - 2017-09-13 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-13 21:36 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-13 19:17 - 2017-09-14 17:36 - 000000000 ____D C:\FRST 2017-09-09 19:34 - 2017-09-09 19:34 - 000000000 ____D C:\Users\m\AppData\Roaming\com.mcleodgaming.ssf2 2017-09-09 19:02 - 2017-09-09 19:02 - 000001060 _____ C:\Users\Public\Desktop\Super Smash Flash 2 Beta.lnk 2017-09-09 19:02 - 2017-09-09 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Smash Flash 2 Beta 2017-09-09 18:53 - 2017-09-09 19:02 - 000000000 ____D C:\Program Files\Super Smash Flash 2 Beta 2017-09-09 05:57 - 2017-09-09 06:00 - 000000000 ____D C:\ProgramData\Intel 2017-09-09 05:56 - 2017-09-09 06:00 - 000000000 ____D C:\Program Files\Intel Driver Update Utility 2017-09-09 05:56 - 2017-09-09 05:56 - 000001125 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.9.lnk 2017-09-09 05:56 - 2017-09-09 05:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility 2017-09-09 02:29 - 2004-09-27 22:25 - 000081920 _____ C:\Windows\system32\xmltok.dll 2017-09-09 02:29 - 2004-09-27 22:25 - 000053248 _____ C:\Windows\system32\xmlparse.dll 2017-09-09 02:29 - 2003-10-08 15:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.dll 2017-09-09 02:29 - 2003-10-08 15:29 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.dll 2017-09-06 04:40 - 2017-07-24 21:09 - 000786912 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2017-09-06 04:40 - 2017-07-24 21:09 - 000109024 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll 2017-08-25 00:39 - 2017-08-25 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (February 2010) 2017-08-25 00:39 - 2010-02-04 20:22 - 002719064 _____ (Microsoft Corporation) C:\Windows\system32\d3d9d.dll 2017-08-25 00:39 - 2010-02-04 20:22 - 000955224 _____ (Microsoft Corporation) C:\Windows\system32\XAudioD2_6.dll 2017-08-25 00:39 - 2010-02-04 20:22 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineD3_6.dll 2017-08-25 00:39 - 2010-02-04 20:22 - 000132952 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFXD1_4.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 005516120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCSXd_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 003795800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9d_33.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 002149208 _____ (Microsoft Corporation) C:\Windows\system32\D3dx9d_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000500056 _____ (Microsoft Corporation) C:\Windows\system32\D3D11Ref.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000497496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX10d_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000496472 _____ (Microsoft Corporation) C:\Windows\system32\D3D11SDKLayers.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000442712 _____ (Microsoft Corporation) C:\Windows\system32\D3D10SDKLayers.DLL 2017-08-25 00:39 - 2010-02-04 20:21 - 000434008 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineA3_6.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Ref.DLL 2017-08-25 00:39 - 2010-02-04 20:21 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\d3dref9.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000252248 _____ (Microsoft Corporation) C:\Windows\system32\D3DX11d_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000045400 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudioD1_7.dll 2017-08-25 00:37 - 2017-08-25 00:39 - 000000000 ____D C:\Program Files\Microsoft DirectX SDK (February 2010) 2017-08-25 00:37 - 2017-08-25 00:36 - 000118104 _____ (Microsoft Corporation) C:\Windows\dxsdkuninst.exe 2017-08-24 21:24 - 2017-08-24 21:29 - 000001089 _____ C:\Users\m\Desktop\Continue XePlayer_Setup Installation.lnk 2017-08-24 17:55 - 2017-08-24 18:04 - 000000000 ____D C:\Users\m\AppData\Local\Zone Builder 2017-08-24 17:53 - 2017-08-24 17:53 - 000000000 ____D C:\Program Files\Zone Builder 2017-08-22 23:59 - 2017-08-22 23:59 - 000000000 ____D C:\Users\m\AppData\Local\doomseeker 2017-08-22 23:58 - 2017-08-23 00:02 - 000000000 ____D C:\Users\m\AppData\Roaming\.doomseeker 2017-08-21 18:12 - 2017-08-21 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SLADE 2017-08-20 17:08 - 2017-09-09 02:39 - 000000000 ____D C:\Program Files\SLADE 2017-08-20 17:07 - 2017-08-22 02:53 - 000000000 ____D C:\Users\m\AppData\Roaming\SLADE3 2017-08-20 17:07 - 2015-07-18 15:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-08-20 17:00 - 2017-09-09 05:55 - 000000000 ____D C:\ProgramData\Package Cache ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-14 17:13 - 2016-12-21 01:51 - 000000000 ____D C:\Program Files\SMADAV 2017-09-14 17:02 - 2012-04-10 17:43 - 000000820 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2017-09-14 14:17 - 2013-10-17 08:04 - 000001210 _____ C:\Windows\Tasks\FTdownloader V4.0-updater.job 2017-09-14 14:17 - 2013-10-17 08:04 - 000001204 _____ C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job 2017-09-14 14:17 - 2013-10-17 08:04 - 000001114 _____ C:\Windows\Tasks\FTdownloader V4.0-enabler.job 2017-09-14 14:17 - 2012-04-10 17:43 - 000000816 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2017-09-14 14:17 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-14 09:45 - 2017-06-30 08:55 - 000001441 _____ C:\Users\m\Desktop\firefox - Shortcut.lnk 2017-09-14 08:57 - 2012-04-07 09:44 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-09-14 05:42 - 2013-11-04 07:00 - 000000000 ____D C:\Users\m\AppData\Local\CrashDumps 2017-09-14 04:18 - 2017-06-30 12:25 - 000000000 ____D C:\Users\m\AppData\Local\Free Download Manager 2017-09-14 03:39 - 2013-10-15 19:04 - 000000000 ____D C:\Users\m\AppData\Local\GC 2017-09-14 02:14 - 2014-01-31 14:15 - 000000000 ____D C:\Program Files\MediaPlayerV1 2017-09-14 01:25 - 2013-07-27 00:10 - 000000000 ____D C:\Users\m\AppData\LocalLow\Delta 2017-09-14 01:25 - 2013-07-26 01:01 - 000000000 ____D C:\Program Files\Delta 2017-09-12 19:46 - 2017-06-30 19:39 - 000000000 ____D C:\Users\m\AppData\Roaming\discord 2017-09-12 14:52 - 2017-07-01 08:34 - 000000000 ____D C:\Windows\pss 2017-09-12 14:52 - 2013-05-24 18:10 - 024547056 _____ C:\Windows\ntbtlog.txt 2017-09-10 20:16 - 2013-07-04 14:34 - 000000000 ____D C:\Users\m\AppData\Local\ElevatedDiagnostics 2017-09-10 18:46 - 2012-04-07 08:41 - 000006362 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-10 14:03 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-09 19:33 - 2014-06-17 06:28 - 000000000 ____D C:\Users\m\Documents\GTA Vice City User Files 2017-09-09 19:33 - 2013-10-17 12:25 - 000000000 ___RD C:\Users\m\Desktop\net 2017-09-09 19:33 - 2013-08-17 22:18 - 000000000 ____D C:\Users\m\Desktop\New folder 2017-09-09 19:26 - 2013-06-24 15:04 - 000000000 ____D C:\Users\m\Desktop\super sonic 2017-09-09 19:26 - 2012-04-24 07:53 - 000000000 ____D C:\Users\m\Documents\bloons 2017-09-09 17:35 - 2017-07-15 22:17 - 000000661 _____ C:\Users\m\Desktop\klcp_codec_log.txt 2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagwrn.xml 2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagerr.xml ==================== Files in the root of some directories ======= 2005-04-08 04:16 - 2017-07-16 18:26 - 000014065 ____H () C:\Users\m\AppData\Roaming\mlog.dat 2013-08-16 00:50 - 2013-08-16 00:50 - 000024232 _____ () C:\Users\m\AppData\Roaming\UserTile.png 2013-05-31 17:20 - 2014-07-16 10:24 - 000016896 _____ () C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-30 11:16 - 2017-07-01 15:47 - 000007597 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg 2013-09-05 12:51 - 2013-09-05 12:51 - 000048402 ___SH () C:\Users\m\AppData\Local\ws_updater.exe ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a Some files in TEMP: ==================== 2017-07-16 00:37 - 2017-07-16 00:37 - 000438272 _____ () C:\Users\m\AppData\Local\Temp\1600929_Server-Remote3.exe 2013-09-21 12:21 - 2013-09-21 12:27 - 013540568 _____ (Mozilla) C:\Users\m\AppData\Local\Temp\25535-662733-mozilla-firefox.exe 2017-08-24 17:56 - 2017-08-24 17:56 - 000099328 _____ () C:\Users\m\AppData\Local\Temp\3908698273.dll 2014-07-16 09:57 - 2014-07-16 10:16 - 063210976 _____ (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\39874-673288-microsoft-powerpoint-viewer-2003.exe 2014-07-16 09:56 - 2014-07-16 09:56 - 000906056 _____ () C:\Users\m\AppData\Local\Temp\74QQINSTALLER.EXE 2014-07-16 09:56 - 2014-07-16 09:56 - 000572432 _____ () C:\Users\m\AppData\Local\Temp\74QQLoading.EXE 2014-02-03 10:20 - 2014-02-03 10:20 - 000036864 _____ () C:\Users\m\AppData\Local\Temp\7lyh2g2-.dll 2014-03-29 20:20 - 2014-03-29 20:20 - 000649723 _____ (Media Watch) C:\Users\m\AppData\Local\Temp\appinstall.exe 2013-07-01 23:54 - 2014-01-27 08:36 - 010355400 _____ () C:\Users\m\AppData\Local\Temp\BackupSetup.exe 2013-12-01 09:14 - 2013-12-01 09:14 - 000490391 _____ (Better-Surf) C:\Users\m\AppData\Local\Temp\Better-Surf.exe 2013-11-22 10:59 - 2013-11-22 10:59 - 000487007 _____ (BetterSurf) C:\Users\m\AppData\Local\Temp\BetterSurf.exe 2013-12-15 09:14 - 2013-12-15 09:14 - 000949472 _____ (Better Surf) C:\Users\m\AppData\Local\Temp\BetterSurfPlusV1Installer.exe 2013-09-25 20:26 - 2013-09-25 20:26 - 000545576 _____ () C:\Users\m\AppData\Local\Temp\binary.exe 2014-07-03 20:49 - 2014-07-03 20:49 - 013142271 _____ ( ) C:\Users\m\AppData\Local\Temp\ChickenInvaders3Setup29695.exe 2013-09-09 09:19 - 2014-02-04 10:18 - 000346000 _____ (Adobe Systems Incorporated) C:\Users\m\AppData\Local\Temp\Creative Cloud Helper.exe 2013-07-18 11:11 - 2013-07-18 11:11 - 000826280 _____ (Baidu Inc.) C:\Users\m\AppData\Local\Temp\crp6318.exe 2013-07-18 11:11 - 2013-07-18 11:11 - 000294352 _____ (Baidu.com) C:\Users\m\AppData\Local\Temp\crp6922.exe 2017-09-14 04:28 - 2013-08-29 03:50 - 001289096 _____ (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\dllnt_dump.dll 2013-12-11 13:08 - 2013-12-11 13:08 - 001338136 _____ (@) C:\Users\m\AppData\Local\Temp\DownloadManager.exe 2014-07-11 21:51 - 2014-07-11 21:51 - 000485376 _____ () C:\Users\m\AppData\Local\Temp\drvinstal1.exe 2012-04-12 12:56 - 2012-04-12 13:05 - 017605512 _____ (Adobe Systems Incorporated) C:\Users\m\AppData\Local\Temp\fp_pl_pfs_installer.exe 2014-03-14 19:57 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\m\AppData\Local\Temp\GLF3150.EXE 2014-03-14 20:02 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\m\AppData\Local\Temp\GLF8317.EXE 2014-03-14 19:57 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\m\AppData\Local\Temp\GLFDF0C.EXE 2013-10-24 19:18 - 2013-10-24 19:18 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\GUR6039.exe 2013-10-17 20:16 - 2013-10-17 20:17 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\GURA218.exe 2013-10-15 16:17 - 2013-10-15 16:17 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\GURF565.exe 2013-03-28 12:09 - 2013-03-28 12:09 - 000291056 _____ (Baidu.com) C:\Users\m\AppData\Local\Temp\hao123inst_ar.exe 2013-07-08 21:31 - 2013-07-08 21:55 - 001011840 _____ () C:\Users\m\AppData\Local\Temp\hiplayer_8352_hao123_ar.exe 2013-10-12 17:15 - 2013-10-12 17:15 - 000947200 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Users\m\AppData\Local\Temp\htmlayout.dll 2013-08-19 10:10 - 2013-08-19 10:10 - 001182936 _____ () C:\Users\m\AppData\Local\Temp\ICReinstall_speed_up_my_pc.exe 2017-08-24 21:24 - 2017-08-24 21:29 - 001543648 _____ (Sucanaba ) C:\Users\m\AppData\Local\Temp\ICReinstall_XePlayer_Setup.exe 2013-07-03 17:52 - 2013-07-03 17:52 - 002515024 ____T (Conduit Ltd.) C:\Users\m\AppData\Local\Temp\iet145A.tmp.exe 2013-07-22 02:51 - 2013-07-23 17:42 - 000089248 ___SH (Adobe Systems, Inc.) C:\Users\m\AppData\Local\Temp\InstallFlashPlayer.exe 2014-02-09 21:56 - 2014-02-10 09:15 - 000469256 _____ (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\InstallManager_GEN_GEN.exe 2013-09-19 17:19 - 2013-09-19 17:19 - 000378648 _____ () C:\Users\m\AppData\Local\Temp\instloffer.exe 2014-04-18 08:03 - 2014-04-18 08:03 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\iPumperUpdater__7428_il2177516.exe 2013-08-28 18:09 - 2013-08-28 18:09 - 000913832 _____ (Oracle Corporation) C:\Users\m\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe 2013-10-08 20:27 - 2013-10-08 20:27 - 000915368 _____ (Oracle Corporation) C:\Users\m\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2014-07-16 09:55 - 2014-07-16 09:55 - 000572432 _____ () C:\Users\m\AppData\Local\Temp\K74QLoading.EXE 2013-07-26 00:40 - 2013-07-26 00:40 - 000196608 _____ () C:\Users\m\AppData\Local\Temp\mp3el2.exe 2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsb4773.exe 2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsbB306.exe 2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsg5153.exe 2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsgA751.exe 2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsl59FB.exe 2013-12-16 11:01 - 2013-12-16 11:01 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsq1538.exe 2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsqAD4A.exe 2014-07-16 09:58 - 2014-07-16 10:01 - 005464192 _____ () C:\Users\m\AppData\Local\Temp\OnlineBackup.exe 2013-06-20 09:48 - 2013-06-20 09:48 - 000875200 _____ (Baidu Inc.) C:\Users\m\AppData\Local\Temp\PC_Faster_Setup_Mini_E58.exe 2014-02-01 21:57 - 2014-02-01 21:57 - 000065451 _____ () C:\Users\m\AppData\Local\Temp\SCC.dll 2014-03-03 22:35 - 2014-03-03 22:36 - 000647902 _____ (Media View) C:\Users\m\AppData\Local\Temp\setapp.exe 2013-05-02 16:21 - 2003-10-25 11:33 - 001867776 ____N (SonicTeam) C:\Users\m\AppData\Local\Temp\Setup.exe 2014-01-10 19:14 - 2014-01-10 19:14 - 001024499 _____ (Video Player) C:\Users\m\AppData\Local\Temp\Setup1.exe 2014-01-31 14:14 - 2014-01-31 14:15 - 000965997 _____ (Media Player) C:\Users\m\AppData\Local\Temp\Setup2.exe 2013-10-12 17:31 - 2013-10-12 17:31 - 000152096 _____ (Amonetizé Ltd) C:\Users\m\AppData\Local\Temp\setup__1546.exe 2013-11-04 20:35 - 2013-11-04 20:35 - 000072960 _____ (SimilarSites) C:\Users\m\AppData\Local\Temp\SimilarBundleGenericDl.exe 2013-07-17 18:32 - 2013-07-17 18:36 - 021045248 _____ () C:\Users\m\AppData\Local\Temp\SkypeSetup.exe 2013-07-26 20:51 - 2009-11-16 22:26 - 003024966 _____ () C:\Users\m\AppData\Local\Temp\Sonic - The Tails Nightmare.exe 2013-12-16 11:10 - 2013-12-16 11:10 - 005737408 _____ (Conduit) C:\Users\m\AppData\Local\Temp\SPSetup.exe 2014-02-01 21:56 - 2014-02-01 21:56 - 000166224 _____ (Symantec Corporation) C:\Users\m\AppData\Local\Temp\SymCCIS.dll 2013-08-17 10:57 - 2013-08-17 10:57 - 000782832 _____ () C:\Users\m\AppData\Local\Temp\tbdelta.exe 2013-11-03 15:05 - 2013-11-03 15:05 - 000106407 _____ () C:\Users\m\AppData\Local\Temp\temp.exe 2017-09-13 17:32 - 2017-09-13 17:32 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp11EC.tmp.exe 2017-07-02 22:23 - 2017-07-02 22:23 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp1372.tmp.exe 2014-06-26 20:25 - 2014-06-26 20:25 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmp1592.tmp.exe 2014-07-16 01:35 - 2014-07-16 01:35 - 000179712 _____ () C:\Users\m\AppData\Local\Temp\tmp1B5C.tmp.exe 2017-09-11 17:52 - 2017-09-11 17:52 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp258C.tmp.exe 2017-07-10 17:52 - 2017-07-10 17:52 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp27AF.tmp.exe 2017-09-09 05:45 - 2017-09-09 05:45 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp2867.tmp.exe 2013-10-15 19:03 - 2013-10-15 19:04 - 000453694 _____ () C:\Users\m\AppData\Local\Temp\tmp2BE0.tmp.exe 2013-10-12 17:16 - 2013-10-12 17:16 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmp3861.exe 2017-08-10 18:55 - 2017-08-10 18:55 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp3B7.tmp.exe 2017-07-02 22:33 - 2017-07-02 22:33 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp4108.tmp.exe 2014-07-05 00:34 - 2014-07-05 00:35 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmp4411.tmp.exe 2017-09-09 17:32 - 2017-09-09 17:32 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp4695.tmp.exe 2017-07-17 18:54 - 2017-07-17 18:54 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp4E60.tmp.exe 2017-09-13 17:43 - 2017-09-13 17:43 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp517C.tmp.exe 2017-07-01 17:33 - 2017-07-01 17:33 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp52D0.tmp.exe 2017-09-10 17:32 - 2017-09-10 17:32 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp585F.tmp.exe 2014-06-30 14:45 - 2014-06-30 14:45 - 000099328 _____ () C:\Users\m\AppData\Local\Temp\tmp5E74.tmp.exe 2017-07-01 17:32 - 2017-07-01 17:32 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp6289.tmp.exe 2013-10-12 17:32 - 2013-10-12 17:32 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmp6486.exe 2017-07-15 17:35 - 2017-07-15 17:35 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp6A8C.tmp.exe 2017-07-01 17:54 - 2017-07-01 17:54 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp6E9C.tmp.exe 2017-09-09 05:55 - 2017-09-09 05:55 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp7178.tmp.exe 2017-09-09 17:42 - 2017-09-09 17:42 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp7332.tmp.exe 2014-07-01 17:33 - 2014-07-01 17:33 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmp7BE9.tmp.exe 2017-09-10 17:42 - 2017-09-10 17:42 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp8401.tmp.exe 2017-09-13 17:53 - 2017-09-13 17:53 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp893F.tmp.exe 2014-07-20 01:21 - 2014-07-20 01:21 - 000179713 _____ () C:\Users\m\AppData\Local\Temp\tmp8A92.tmp.exe 2013-10-12 17:31 - 2013-10-12 17:31 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmp8CF9.exe 2017-08-11 17:32 - 2017-08-11 17:32 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp92AD.tmp.exe 2014-07-17 01:41 - 2014-07-17 01:41 - 000179712 _____ () C:\Users\m\AppData\Local\Temp\tmp9A8A.tmp.exe 2013-11-03 18:04 - 2013-11-03 18:04 - 000005632 _____ () C:\Users\m\AppData\Local\Temp\tmpAE4B.tmp.exe 2013-10-12 17:15 - 2013-10-12 17:15 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmpAF54.exe 2017-09-09 17:52 - 2017-09-09 17:53 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpB5CE.tmp.exe 2014-07-17 02:42 - 2014-07-17 02:42 - 000208384 _____ () C:\Users\m\AppData\Local\Temp\tmpB6C2.tmp.exe 2017-09-10 17:52 - 2017-09-10 17:52 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpB83C.tmp.exe 2017-07-01 17:43 - 2017-07-01 17:44 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpB886.tmp.exe 2017-08-11 17:42 - 2017-08-11 17:42 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmpBDF3.tmp.exe 2014-07-16 02:36 - 2014-07-16 02:36 - 000208384 _____ () C:\Users\m\AppData\Local\Temp\tmpC8DB.tmp.exe 2017-09-11 17:32 - 2017-09-11 17:32 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpCAFC.tmp.exe 2017-07-17 18:34 - 2017-07-17 18:34 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpCD9A.tmp.exe 2017-07-10 17:32 - 2017-07-10 17:32 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpD098.tmp.exe 2014-07-03 19:36 - 2014-07-03 19:36 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmpDC98.tmp.exe 2017-09-09 06:05 - 2017-09-09 06:06 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpDD94.tmp.exe 2017-07-02 22:13 - 2017-07-02 22:13 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpE5EB.tmp.exe 2017-08-11 17:52 - 2017-08-11 17:52 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmpE995.tmp.exe 2014-07-19 15:13 - 2014-07-19 15:13 - 000208385 _____ () C:\Users\m\AppData\Local\Temp\tmpF112.tmp.exe 2017-09-11 17:42 - 2017-09-11 17:42 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpF6FC.tmp.exe 2014-04-18 07:57 - 2014-04-18 07:57 - 000007168 _____ () C:\Users\m\AppData\Local\Temp\tmpF8CF.tmp.exe 2014-07-21 02:49 - 2014-07-21 02:49 - 000179713 _____ () C:\Users\m\AppData\Local\Temp\tmpFACB.tmp.exe 2017-07-17 18:44 - 2017-07-17 18:44 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpFBBD.tmp.exe 2017-07-10 17:42 - 2017-07-10 17:42 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpFC0C.tmp.exe 2014-07-19 14:08 - 2014-07-19 14:09 - 000179713 _____ () C:\Users\m\AppData\Local\Temp\tmpFD47.tmp.exe 2013-07-09 11:34 - 2013-07-08 22:16 - 000245408 ____N (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\unicows.dll 2013-08-17 13:28 - 2014-01-22 10:03 - 000104130 _____ () C:\Users\m\AppData\Local\Temp\Uninstall.exe 2013-06-17 10:39 - 2003-10-17 10:26 - 000634880 ____N () C:\Users\m\AppData\Local\Temp\unsetup.exe 2013-07-18 11:11 - 2013-07-18 11:11 - 000826280 _____ () C:\Users\m\AppData\Local\Temp\uti629A.exe 2013-07-18 11:11 - 2013-07-18 11:11 - 000294352 _____ () C:\Users\m\AppData\Local\Temp\uti6902.exe 2013-07-03 17:46 - 2013-07-03 17:52 - 008228864 _____ () C:\Users\m\AppData\Local\Temp\uttE69A.tmp.exe 2013-03-11 21:19 - 2013-03-11 21:19 - 000401408 _____ () C:\Users\m\AppData\Local\Temp\wget.exe 2014-07-16 01:36 - 2014-07-21 02:54 - 000353504 _____ () C:\Users\m\AppData\Local\Temp\WindowsUpdateKB12695__7428_il77.exe 2014-02-01 13:09 - 2014-02-01 13:24 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\{0685CD90-9150-472F-860A-EC09E8AE8AF5}-setup.exe 2014-01-31 20:01 - 2014-01-31 20:13 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\{32C4B43D-4A35-4D9F-9019-7DF7F5126D6F}-setup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2017-09-10 20:08 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
missybriarwood Posted September 14, 2017 Author ID:1163525 Share Posted September 14, 2017 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02 Ran by m (14-09-2017 17:47:42) Running from C:\Users\m\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2012-04-07 07:02:32) Boot Mode: ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1375491003-1713059225-295888860-500 - Administrator - Disabled) Guest (S-1-5-21-1375491003-1713059225-295888860-501 - Limited - Disabled) m (S-1-5-21-1375491003-1713059225-295888860-1000 - Administrator - Enabled) => C:\Users\m ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . . (HKLM\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden µTorrent (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Air Force Missions (HKLM\...\Air Force Missions_is1) (Version: 1.0 - MyPlayCity, Inc.) Alnaddy.com toolbar on IE and Chrome (HKLM\...\alnaddyToolbar) (Version: - Alnaddy.com) Any Video Converter 5.0.9 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version: - ) Baidu PC Faster (HKLM\...\Baidu PC Faster 3.6.0.35848) (Version: 3.6.0.35848 - Baidu, Inc.) Ben 10 Savage Pursuit (HKLM\...\{450B1A83-2A1E-4433-A031-207F66AB7116}_is1) (Version: - ePlaybus.com) BitTorrent (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.) BlueStacks Notification Center (HKLM\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.) BrowseToSave 1.74 (HKLM\...\SP_48c708f2) (Version: - ) <==== ATTENTION Burrito Bison Revenge (HKLM\...\Burrito Bison Revenge_is1) (Version: - Shmehao.com) Butterfly Escape 1.2 (HKLM\...\Butterfly Escape_is1) (Version: - Genimo Interactive LLC) CCProxy 7.3 (HKLM\...\CCProxy_is1) (Version: - Youngzsoft, Inc.) cFos 2000/XP/Vista DSL/ISDN Driver 8.00.3101 (HKLM\...\cFos) (Version: 8.00.3101 - cFos Software GmbH, Bonn) cFos Broadband Connect v1.06 (HKLM\...\cFos Broadband Connect) (Version: 1.06 - cFos Software GmbH, Bonn) cFos IPv6 Link v2.52 (HKLM\...\cFos IPv6 Link) (Version: 2.52 - cFos Software GmbH, Bonn) cFos Outlook DAV v1.10 (HKLM\...\cFos Outlook DAV) (Version: 1.10 - cFos Software GmbH, Bonn) cFos Personal Net v3.00 (HKLM\...\cFos Personal Net) (Version: 3.00 - cFos Software GmbH, Bonn) cFosSpeed v10.22 (HKLM\...\cFosSpeed) (Version: 10.22 - cFos Software GmbH, Bonn) Chicken Invaders 3 (HKLM\...\Chicken Invaders 3_is1) (Version: - ) Chicken Invaders 4: Ultimate Omelette Uninstaller (HKLM\...\Chicken Invaders 4: Ultimate Omelette Uninstaller) (Version: - ) Chicken Invaders: Cluck of the Dark Side demo v5.00 (HKLM\...\Chicken Invaders: Cluck of the Dark Side demo_is1) (Version: - InterAction studios) ClearWeb (HKLM\...\{A1325A81-3FFA-481A-80DF-2E0B902C56DA}) (Version: 2.1.0 - ClearWeb Internet Solutions) Client for Google Translate (HKLM\...\Translate Client) (Version: 6.0.612 - ) Debut Video Capture Software (HKLM\...\Debut) (Version: 1.82 - NCH Software) Discord (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Discord) (Version: 0.0.298 - Discord Inc.) Document.Editor 2013.26 (HKLM\...\Document.Editor) (Version: 2013.26 - Semagsoft) Driver Whiz (HKLM\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz) DriverPack Solution Updater (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\DRPSu Updater) (Version: 0.0.25 - DriverPack Solution) Easy WiFi Radar 1.0.5 (HKLM\...\Easy WiFi Radar) (Version: 1.0.5 - Makayama Interactive) ESET NOD32 Antivirus (HKLM\...\{083ABCCD-D0A1-4068-A2B1-A4D06E0B9951}) (Version: 5.2.9.1 - ESET, spol. s r.o.) Etisalat 3.75G USB Modem (HKLM\...\Etisalat 3.75G USB Modem) (Version: 23.003.07.05.135 - Huawei Technologies Co.,Ltd) Farm Frenzy 2 (HKLM\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.) Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG) Fishdom (HKLM\...\Fishdom_is1) (Version: 1.0 - Media Contact LLC) Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG) Garden TD (HKLM\...\{908450B6-FED3-4981-958D-EDFEA09BA3D7}_is1) (Version: - ePlaybus.com) GC (HKLM\...\GC) (Version: - ) <==== ATTENTION GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.102 - SecureMix LLC) Google Chrome (HKLM\...\Google Chrome) (Version: 26.0.1410.64 - Google Inc.) Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.153 - Google Inc.) Hidden GTA San Andreas Control Center v2.1.1 (HKLM\...\GTA San Andreas Control Center v2.1.1) (Version: Release 2.1.1 - open source) Hao123-Client (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\hao123desk-ar) (Version: 1.0.0.1111 - Baidu Online Network Technology (Beijing) Co., Ltd.) <==== ATTENTION ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel® Driver Update Utility (HKLM\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel) Internet Music Capture 6.2.5.6 (HKLM\...\{24F91F2A-AE77-4E45-A82F-26E3460BE7C2}) (Version: 6.2.5.6 - E-Soft) Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040F0}) (Version: 7.0.400 - Oracle) Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) K-Lite Mega Codec Pack 7.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - ) MAGIX Movie Edit Pro 17 Download Version (HKLM\...\{B2C8ABEF-C3D4-493C-8AB1-179FF999F64A}) (Version: 10.0.0.1 - MAGIX AG) Hidden MAGIX Movie Edit Pro 17 Download Version (HKLM\...\MAGIX_MSI_Videodeluxe17) (Version: 10.0.0.1 - MAGIX AG) MAGIX Screenshare (HKLM\...\{624A1753-9DA0-4CC2-A695-303A9F224B45}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed 2 (MSI) (HKLM\...\{BEF2491B-A1B5-463B-92E6-370C9548E065}) (Version: 6.0.1.2 - MAGIX AG) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Mario Forever 3.0 (HKLM\...\Mario Forever) (Version: 3.0 - Buziol Games) Mario Forever Galaxy (HKLM\...\Mario Forever Galaxy) (Version: - Buziol Games) Media View (HKLM\...\MediaViewV1alpha4983) (Version: 1.1 - Media View) <==== ATTENTION Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft DirectX SDK (February 2010) (HKLM\...\Microsoft DirectX SDK (February 2010)) (Version: 9.28.1886.0 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) MixiDJ chrome Toolbar (HKLM\...\MixiDJ chrome Toolbar) (Version: - MixiDJ) <==== ATTENTION MovieEditor (HKLM\...\{65C10CA0-1E88-4CCC-836C-7B44ED1E9E8A}) (Version: 1.20.0000 - LhK-Soft) Mozilla Firefox 5.0.1 (x86 ar) (HKLM\...\Mozilla Firefox 5.0.1 (x86 ar)) (Version: 5.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.07 - NCH Software) Neighbours From Hell Online Demo (HKLM\...\{5945A4B9-CB8F-4960-9C66-690780BEF4D4}) (Version: 1.0 - JoWooD Studio Vienna) Office Animation Runtime (HKLM\...\{AEEB3643-71DE-414d-9E3F-1159177FE211}) (Version: 11.0.5510.0 - Microsoft Corporation) Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation) PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: 2.36 - NCH Software) PhotoStage Slideshow Producer (HKLM\...\PhotoStage) (Version: 2.24 - NCH Software) Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Hidden Potty Racers 3 (HKLM\...\Potty Racers 3_is1) (Version: - Shmehao.com) Prism Video File Converter (HKLM\...\Prism) (Version: 2.01 - NCH Software) PrivitizeVPN (HKLM\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks) RogueKiller version 12.11.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.14.0 - Adlice Software) SafeSaver 1.74 (HKLM\...\SP_0bdf5975) (Version: - ) <==== ATTENTION Search Assistant WebSearch 1.74 (HKLM\...\SP_b0285714) (Version: - ) <==== ATTENTION Search.us.com (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\{550DA8CA-6DD3-4E37-A562-CE7F3950F181}) (Version: - Search.us.com) Search.us.com (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\{8974B658-4B16-4498-AA13-1593888CFF35}) (Version: - Search.us.com) Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.) SLADE version 3.1.1.5 (HKLM\...\{3EFD0AA9-5156-40DB-9646-360180FF5DFA}_is1) (Version: 3.1.1.5 - ) SMADAV version 11.5 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.5 - Smadsoft) Smurfs (HKLM\...\Smurfs_is1) (Version: - GameFabrique) Sonic - The Tails Nightmare (HKLM\...\Sonic - The Tails Nightmare) (Version: - ) Sonic 3D Blast (HKLM\...\Sonic 3D Blast_is1) (Version: - GameFabrique) Sonic Adventure 2 (c) SEGA version 1 (HKLM\...\Sonic Adventure 2 (c) SEGA_is1) (Version: 1 - ) SONIC ADVENTURE DX-Director's Cut Demo A Version (HKLM\...\SONICADVDX_DEMO_A) (Version: - ) Sonic and Knuckles 2 1.0 (HKLM\...\Sonic and Knuckles 2_is1) (Version: - ) Sonic and Knuckles 3 1.0 (HKLM\...\Sonic and Knuckles 3_is1) (Version: - ) Sonic Generations (HKLM\...\Sonic Generations_is1) (Version: 1.0 - SEGA) Sonic Generations version 1.0 (HKLM\...\{4B7IL77L-LKS1-75B1-SONIC-18CD6E6334R1}_is1) (Version: 1.0 - SEGA) SONIC HEROES TRIAL (HKLM\...\SONICHEROESTRIAL) (Version: - ) Sonic Riders 1.00 (HKLM\...\Sonic Riders 1.00) (Version: - ) Sonic the Hedgehog (HKLM\...\Sonic the Hedgehog_is1) (Version: - GameFabrique) Sonic the Hedgehog 2 (HKLM\...\Sonic the Hedgehog 2_is1) (Version: - ) Sonic the Hedgehog 3 (HKLM\...\Sonic the Hedgehog 3_is1) (Version: - ) Subway Surfers 1.0 (HKLM\...\Subway Surfers 1.0) (Version: 1.0 - Cat-A-Cat) Super Mario Bros. X version 1.3 (HKLM\...\{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1) (Version: 1.3 - SuperMarioBrothers.org) Super Mario Kart (HKLM\...\Super Mario Kart_is1) (Version: - Shmehao.com) Super Smash Flash 2 Beta (HKLM\...\{7603695C-A9FF-48D5-BE83-CD07DB80E957}_is1) (Version: 1.0.0.0 - McLeodGaming, Inc.) Toad for Oracle 10.6 Freeware (HKLM\...\{B7B361DE-C9E6-4047-AF83-2C9CCE0AF4F3}) (Version: 10.6.0.42 - Quest Software, Inc.) Turbo Fiesta (HKLM\...\Turbo Fiesta_is1) (Version: - GameFools) Turbo Subs (HKLM\...\Turbo Subs_is1) (Version: - GameFools) Turbo Trio (HKLM\...\Turbo Trio_is1) (Version: - Games Of The Month) Turtix (HKLM\...\Turtix_is1) (Version: 1.0 - MyPlayCity, Inc.) USB Network Driver (HKLM\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - ) uTorrentControl_v6 Toolbar (HKLM\...\uTorrentControl_v6 Toolbar) (Version: 6.13.3.505 - uTorrentControl_v6) <==== ATTENTION VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Video Capture SDK Delphi TRIAL (HKLM\...\{3D46BD05-CA91-46C9-9C78-FBF10A65D471}) (Version: 8.0.2.0 - VisioForge) Hidden Video Capture SDK Delphi TRIAL (HKLM\...\Video Capture SDK Delphi TRIAL 8.0.2.0) (Version: 8.0.2.0 - VisioForge) Video Download Capture V4.6.5 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.6.5 - Apowersoft) VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.04 - NCH Software) Viscom Store Audio Capture to MP3 (HKLM\...\Viscom Store Audio Capture to MP3_is1) (Version: - Viscom Software) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) Vodafone Wi-Fi (HKLM\...\{F08DBC61-FBFC-4D26-997F-74B42C51DC56}) (Version: 2.0.9.48121 - Vodafone) WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.55 - NCH Software) Winamp (HKLM\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WirelessMon V4.0 (HKLM\...\WirelessMon_is1) (Version: - PassMark Software ®) ZiggyTV (HKLM\...\ZiggyTV) (Version: - ) Zone Builder 2.6 (HKLM\...\Zone Builder_is1) (Version: - MascaraSnake) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\old_chrome.exe (Google Inc.) <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\CLSID\{999937BC-30FE-11D4-BA52-00C04F6843FA}\InprocServer32 -> no filepath ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ContextMenuHandlers1: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.) ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ContextMenuHandlers6: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.) ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07A468F3-2B0D-4982-B74F-779897DF4AC9} - System32\Tasks\{E904F735-E5C9-446C-89F4-8065C9D04CCB} => F:\games\OpenURL.exe Task: {098E017C-02F5-4AF1-9B22-E2D391597602} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] () Task: {1B6FF82A-DF2A-4FCF-92FA-14A2E25F07B7} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Cloud Security\BavUpdater.exe [2013-07-08] (Baidu, Inc.) Task: {33352777-A6D2-494A-8363-79BC065EA1CB} - System32\Tasks\cFos\cfospnet\cFos Personal Net Port Monitoring => F:\برامج\network\setup.exe Task: {487AF48A-E4B3-4E64-8F35-B2649A1F851B} - System32\Tasks\{3B31C0C8-BA7F-4DFD-A8D7-FC1694ED8E3E} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] () Task: {58416E09-F255-41C2-A2D5-05B7DDA1291D} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\google\chrome\application\old_chrome.exe "hxxp://localhost:1487/cfosspeed/console.htm" Task: {5D3F6B74-8582-4632-B051-4D6C6F4D117E} - System32\Tasks\Driver Whiz-RTMScanRunOnce => F:\برامج\وايرليس\DriverWhiz.exe Task: {625685A0-C04C-4598-ADEA-8D545C4A0F60} - System32\Tasks\{F219436C-CF36-43D4-B478-503DAC6B2E79} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\NCH Software\Debut\debutfilterinstallerx86.exe" -d "C:\Program Files\NCH Software\Debut" Task: {62A381CF-C2CA-4F29-9930-2D281F1EA676} - System32\Tasks\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => C:\Windows\system32\pcalua.exe -a "F:\games\sonic games\Mettrix-SAGE08\LAUNCH.EXE" -d "F:\games\sonic games\Mettrix-SAGE08" Task: {69C710EC-D8EA-47DB-8976-81608A761BAF} - \FTdownloader V4.0-codedownloader -> No File <==== ATTENTION Task: {6ECB8FD2-0FD4-4EA6-B10E-13980E77ABEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated) Task: {6EF111F8-9829-4DAF-AF39-75967D02D3C2} - System32\Tasks\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => C:\Windows\system32\pcalua.exe -a "F:\ألعاب\games mario\Super Mario 64 DS\NO$GBA.EXE" -d "F:\ألعاب\games mario\Super Mario 64 DS" Task: {80C23D04-B7BB-4261-93BC-B20F7109B7A5} - System32\Tasks\{8C4E4B5B-5E09-4976-98E4-BEF866DF75AE} => D:\ألعاب متسممة\SMBX\smbx.exe Task: {A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} - System32\Tasks\{113A9539-30CF-4336-9715-83664CFA6DD9} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\NO$GBA.EXE -d C:\Users\m\Desktop Task: {BC27A08E-31F7-4D43-A173-84D5BD87DD94} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2017-06-16] (Smadsoft) Task: {BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} - System32\Tasks\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => C:\Windows\system32\pcalua.exe -a D:\Mettrix-SAGE08\LAUNCH.EXE -d D:\Mettrix-SAGE08 Task: {CE1C98BC-C9AC-41C2-B059-1E560837DEE6} - System32\Tasks\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => C:\Windows\system32\pcalua.exe -a F:\برامج\وايرليس\ISUninstall.exe -d F:\برامج\وايرليس Task: {D13CF6BD-8570-4B1F-8F70-97E4C206D56C} - System32\Tasks\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => C:\Windows\system32\pcalua.exe -a "F:\games\Commandos 2\Destination Paris Mod v1.34\C2DP1.34.exe" -d "F:\games\Commandos 2\Destination Paris Mod v1.34" Task: {D863E55F-7899-4196-AFAD-5E2054A69AA8} - System32\Tasks\cFos\cfospnet\cFos Personal Net Start at Login => F:\برامج\network\cfospnet.exe Task: {D88F769C-00AB-4E22-B33A-223B0906569F} - System32\Tasks\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\vpsupd.exe -d C:\Users\m\Desktop Task: {DC531842-781D-4BFD-81AC-9381B0173DA4} - \EPUpdater -> No File <==== ATTENTION Task: {E5208A81-D6BE-4152-AC3E-0144B83E2BD2} - System32\Tasks\{A31E5E0E-59F5-44C1-8108-4547C531E291} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Downloads\Mario_Forever_Galaxy_Setup_102308.exe -d "C:\Program Files\Mozilla Firefox" Task: {E57E2849-5426-4B21-BCAB-D0F2163EA22F} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-06-16] (FreeDownloadManager.org) Task: {E67C12FD-0FAD-4088-AD2F-9158C67F632C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.) Task: {ED1BA7B4-109C-45FD-9709-3C69C34C5795} - \FTdownloader V4.0-enabler -> No File <==== ATTENTION Task: {EF1CAE8C-481F-42F6-B5C3-6E6A240FFC2E} - System32\Tasks\{7D5AA710-08D3-4C54-BC10-14E87F8E5090} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] () Task: {EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} - \schedule!3036567561 -> No File <==== ATTENTION Task: {F0198F2E-D7A0-4D7B-898D-7D2BDE09D850} - System32\Tasks\{A8FC80F4-0EB5-4686-B0AB-85B548A28FFC} => C:\Users\m\Desktop\Sonic Generations.exe Task: {F9142D59-893F-4E79-A3CC-E4980135A503} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.) Task: {FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} - System32\Tasks\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => C:\Windows\system32\pcalua.exe -a "F:\games\gta\setup gta VC\setup.exe" -d "F:\games\gta\setup gta VC" Task: {FD4F824F-368F-4136-9A4C-140319DBF71D} - \FTdownloader V4.0-updater -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exeƱ/reinstallapp /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /codedownloaddomain=hxxp:/cr.install-daddy.com <==== ATTENTION Task: C:\Windows\Tasks\FTdownloader V4.0-enabler.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exeƋ/enablebho /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com <==== ATTENTION Task: C:\Windows\Tasks\FTdownloader V4.0-updater.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-updater.exeƻ/runupdater /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.datasrvstats.com <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\m\Desktop\Continue Supreme Downloader.lnk -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe (@) -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe " /PID=3708 /SUBPID=0 /DISTID=4575 /NETWORDK=1 /CID=0 /PRODUCT_ID=4366 /SERVER_URL=hxxp://installer.ppdownload.com " ==================== Loaded Modules (Whitelisted) ============== 2017-06-30 12:22 - 2017-06-15 18:41 - 000023552 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll 2014-01-31 16:45 - 2014-01-31 16:45 - 000597360 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll 2017-08-11 00:46 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\ffmpeg.dll 2017-08-11 00:46 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libglesv2.dll 2017-08-11 00:46 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libegl.dll 2017-08-11 01:34 - 2017-08-31 10:59 - 009622008 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node 2017-08-11 01:34 - 2017-08-11 01:34 - 001440248 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node 2017-09-14 14:20 - 2017-09-14 14:20 - 000148992 _____ () \\?\C:\Users\m\AppData\Local\Temp\A15D.tmp.node 2017-08-09 22:14 - 2017-08-09 22:14 - 002658296 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node 2017-08-11 11:54 - 2017-08-11 11:54 - 002673656 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:05816AFA [131] AlternateDataStreams: C:\ProgramData\TEMP:4F636E25 [145] AlternateDataStreams: C:\ProgramData\TEMP:77846FFE [141] AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [145] AlternateDataStreams: C:\ProgramData\TEMP:EBA3B6EA [127] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3" e" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2017-01-23 03:59 - 000011962 _____ C:\Windows\system32\Drivers\etc\hosts 173.83.222.101 tomshardware.co.uk 173.83.222.101 www.tomshardware.co.uk 173.83.222.101 www.gmail.com 173.83.222.101 gmail.com 173.83.222.101 www.hotmail.com 173.83.222.101 hotmail.com 173.83.222.101 www.mail.ru 173.83.222.101 mail.ru 173.83.222.101 www.torrentz.eu 173.83.222.101 torrentz.eu 173.83.222.101 www.kat.ph 173.83.222.101 kat.ph 173.83.222.101 www.thepiratebay.se 173.83.222.101 thepiratebay.se 173.83.222.101 www.thepiratebay.org 173.83.222.101 thepiratebay.org 173.83.222.101 www.ehow.com 173.83.222.101 ehow.com 173.83.222.101 www.imeetzu.com 173.83.222.101 imeetzu.com 173.83.222.101 www.omegle.com 173.83.222.101 omegle.com 173.83.222.101 www.runescape.com 173.83.222.101 runescape.com 173.83.222.101 google.com 173.83.222.101 www.google.com 173.83.222.101 leagueoflegends.com 173.83.222.101 www.leagueoflegends.com 173.83.222.101 www.google.ae 173.83.222.101 www.google.com.af There are 345 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\m\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: BAVSvc => 2 MSCONFIG\Services: BstHdAndroidSvc => 2 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: DPService => 2 MSCONFIG\Services: ekrn => 2 MSCONFIG\Services: Etisalat 3.75G USB Modem. RunOuc => 2 MSCONFIG\Services: FirebirdServerMAGIXInstance => 3 MSCONFIG\Services: GlassWire => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HWDeviceService.exe => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: PCFasterSvc_{PCFaster_3.6.0.35848} => 2 MSCONFIG\Services: Update LemurLeap => 2 MSCONFIG\Services: Util LemurLeap => 2 MSCONFIG\Services: VIAKaraokeService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Driver Auto Setup Launcher.lnk => C:\Windows\pss\Driver Auto Setup Launcher.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Translate Client.lnk => C:\Windows\pss\Translate Client.lnk.CommonStartup MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: Baidu PC Faster 3.6.0.35848 => "C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFaster.exe" -auto -start MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: cfos6link Daemon => C:\Program Files\cfos6link\w6link.exe MSCONFIG\startupreg: cFosBC Daemon => C:\Program Files\cFosBC\wbc.exe MSCONFIG\startupreg: cFosDNT => C:\Program Files\cFos\cFosDNT.exe MSCONFIG\startupreg: cFosSpeed => C:\network\cFosSpeed.exe MSCONFIG\startupreg: Discord => C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe MSCONFIG\startupreg: Driver Whiz => F:\برامج\وايرليس\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe --run startup MSCONFIG\startupreg: DrvUpdater => C:\Users\m\AppData\Roaming\DRPSu\DrvUpdater.exe /hide MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice MSCONFIG\startupreg: Free Download Manager => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized MSCONFIG\startupreg: GlassWire => "C:\Program Files\GlassWire\glasswire.exe" -hide MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\m\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l MSCONFIG\startupreg: NTRedirect => C:\Windows\system32\rundll32.exe "C:\Users\m\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files\Smadav\SMΔRTP.exe rts MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: test => C:\Windows\bat_starter.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Download_Version\TrayServer.exe MSCONFIG\startupreg: USB Gamepad => C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot MSCONFIG\startupreg: uTorrent => "C:\Users\m\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: VodafoneMobileWiFi => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: cFosNT Description: cFosNT Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: cFosNT Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Link-Layer Topology Discovery Responder Description: Link-Layer Topology Discovery Responder Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: rspndr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w Description: {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Link-Layer Topology Discovery Mapper I/O Driver Description: Link-Layer Topology Discovery Mapper I/O Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: lltdio Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: {910baceb-efc0-4fe2-bc67-ee485894a7c4}w Description: {910baceb-efc0-4fe2-bc67-ee485894a7c4}w Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: {910baceb-efc0-4fe2-bc67-ee485894a7c4}w Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: nethfdrv Description: nethfdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: nethfdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ehdrv Description: ehdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ehdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2017 05:15:22 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\SMADAV\SmadavProtect64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.6000.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/14/2017 02:21:02 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error: (09/14/2017 10:13:24 AM) (Source: System Restore) (EventID: 8211) (User: ) Description: The scheduled restore point could not be created. Additional information: (0x8007043c). Error: (09/14/2017 10:13:24 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8007043c). Error: (09/14/2017 05:41:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23 Faulting module name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23 Exception code: 0x40000015 Fault offset: 0x0009d802 Faulting process id: 0xd88 Faulting application start time: 0x01d32d0b2622df1f Faulting application path: C:\Program Files\NCH Software\Debut\debut.exe Faulting module path: C:\Program Files\NCH Software\Debut\debut.exe Report Id: 9d16a30d-98fe-11e7-acd7-001e101f0000 Error: (09/14/2017 03:51:57 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error: (09/14/2017 02:28:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988be8a Faulting module name: CleanControllerImpl.dll_unloaded, version: 0.0.0.0, time stamp: 0x599e0281 Exception code: 0xc0000005 Fault offset: 0x51bc78b0 Faulting process id: 0x9a4 Faulting application start time: 0x01d32cc7a42fcf25 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: CleanControllerImpl.dll Report Id: a8cb7e45-98e3-11e7-bd18-001e101f0000 Error: (09/14/2017 01:15:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23 Faulting module name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23 Exception code: 0x40000015 Fault offset: 0x0009d802 Faulting process id: 0xfb0 Faulting application start time: 0x01d32ce5e4eb625b Faulting application path: C:\Program Files\NCH Software\Debut\debut.exe Faulting module path: C:\Program Files\NCH Software\Debut\debut.exe Report Id: 6b8b5f58-98d9-11e7-bd18-001e101f0000 Error: (09/13/2017 09:40:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71 Faulting module name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71 Exception code: 0x40000015 Fault offset: 0x00009176 Faulting process id: 0x8b8 Faulting application start time: 0x01d32cc68dd2b6d7 Faulting application path: C:\Users\m\AppData\Local\GC\Runner.exe Faulting module path: C:\Users\m\AppData\Local\GC\Runner.exe Report Id: 594d6b07-98bb-11e7-bd18-001e101f0000 Error: (09/13/2017 09:28:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71 Faulting module name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71 Exception code: 0x40000015 Fault offset: 0x00009176 Faulting process id: 0x874 Faulting application start time: 0x01d32cb477a2b141 Faulting application path: C:\Users\m\AppData\Local\GC\Runner.exe Faulting module path: C:\Users\m\AppData\Local\GC\Runner.exe Report Id: ba87dc9a-98b9-11e7-bd18-001e101f0000 System errors: ============= Error: (09/14/2017 02:21:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: The system cannot find the file specified. Error: (09/14/2017 02:19:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/14/2017 02:19:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/14/2017 02:18:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ehdrv nethfdrv spldr {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w {910baceb-efc0-4fe2-bc67-ee485894a7c4}w Error: (09/14/2017 02:18:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Intel(R) Driver and Support Assistant service hung on starting. Error: (09/14/2017 02:17:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. Error: (09/14/2017 02:17:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error: (09/14/2017 02:17:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error: (09/14/2017 02:17:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. Error: (09/14/2017 02:17:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of memory in use: 46% Total physical RAM: 1981.24 MB Available physical RAM: 1051.24 MB Total Virtual: 4262.48 MB Available Virtual: 3213.12 MB ==================== Drives ================================ Drive c: (MEMOREY) (Fixed) (Total:46.43 GB) (Free:4.83 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (FILMS ) (Fixed) (Total:141.58 GB) (Free:78.62 GB) NTFS Drive e: (WIN_UPDATES) (Fixed) (Total:139.33 GB) (Free:130.95 GB) NTFS Drive f: (MY FILES ) (Fixed) (Total:138.42 GB) (Free:44.75 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=46.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=419.3 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted September 14, 2017 ID:1163536 Share Posted September 14, 2017 I don't know how your friend uses his computer, but he should be more careful from now on. One of the most infected system I've seen in a while. Ask him to uninstall the following programs: Alnaddy.com toolbar on IE and DChrome Baidu PC Faster BrowseToSave 1.74 Driver Whiz DriverPack Solution Updater GC Hao123-Client Java 7 Update 40 Java 7 Update 45 Media View MixiDJ chrome Toolbar MovieEditor PrivitizeVPN SafeSaver 1.74 Search Assistance WebSearch 1.74 Search.us.com uTorrentControl_v6 Toolbar And to follow these instructions. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
missybriarwood Posted September 15, 2017 Author ID:1163730 Share Posted September 15, 2017 Sorry for the delay. Link to post Share on other sites More sharing options...
missybriarwood Posted September 15, 2017 Author ID:1163731 Share Posted September 15, 2017 Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02 Ran by m (14-09-2017 21:59:00) Run:1 Running from C:\Users\m\Desktop Loaded Profiles: m (Available Profiles: m) Boot Mode: ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gmdoiobfkangimkkodmdklhdlnkmpljc" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iijdejcjlbgbpkdjanfjanndnffpkfdl" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nohggfehlfggmhadohogpgfipdbegokp" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojgckilddijehegemacdfpflendgdemi" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco" /f DeleteJunctionsIndirectory: C:\Program Files\Windows Defender HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION Startup: C:\Users\m\AppData\Local\Start\MyPC Backup.lnk [2014-07-16] ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File) GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabic.arabia.msn.com/?ocid=iehp HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 URLSearchHook: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File URLSearchHook: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms} SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=52461078D244774B&affID=120695&tsp=4954 SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1404551398&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {446F0CFE-F4F0-46E1-9000-A1756964F954} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282495&CUI=UN17744103336735511&UM=1 SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} URL = hxxp://search.us.com/serp?guid={8974B658-4B16-4498-AA13-1593888CFF35}&action=default_search&serpv=5&k={searchTerms} SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028 SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=225 BHO: FTdownloader V4.0 -> {11111111-1111-1111-1111-110311551174} -> C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll => No File BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File BHO: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll => No File BHO: Browase2saaVE -> {A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} -> C:\ProgramData\Browase2saaVE\51658cb8edef5.dll => No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Toolbar: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File Toolbar: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> uTorrentControl_v6 Toolbar - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File FF NewTab: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064 FF DefaultSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches FF SelectedSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches FF Homepage: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064 FF Extension: (Browase2saaVE) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\cmt0zpnvfv@kuiiiu.net [2012-04-10] [not signed] FF Extension: (alnaddyToolbar.com) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\ffxtlbr@alnaddyToolbar.com [2012-04-10] [not signed] FF Extension: (Fast Search by Surf Canyon) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} [2014-02-03] [not signed] FF Extension: (SuperSmashBros ) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{d1bf4285-e49f-447e-8249-976311c07344} [2014-07-02] [not signed] FF Extension: (Media View) - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff [2014-03-03] [not signed] FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff => not found FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff => not found FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha153.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha153\ff => not found FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha310.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha310\ff => not found FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha4983.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home6866.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home6866\ff => not found CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx [2013-06-15] CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx [2013-05-29] OPR Extension: (LemurLeap) - C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli [2017-06-30] StartMenuInternet: (HKLM) Opera - F:\برامج\المخزن\Opera.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1402902953 S4 cfos6linksrv; "C:\Program Files\cfos6link\cfos6link.exe" -service [X] S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X] S3 h647906; system32\drivers\h647906.sys [X] S3 h648101; system32\drivers\h648101.sys [X] S3 h648103; system32\drivers\h648103.sys [X] S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S1 tghxxxuf; \??\C:\Windows\system32\drivers\tghxxxuf.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w; system32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys [X] S1 {910baceb-efc0-4fe2-bc67-ee485894a7c4}w; system32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys [X] HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\old_chrome.exe (Google Inc.) <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\CLSID\{999937BC-30FE-11D4-BA52-00C04F6843FA}\InprocServer32 -> no filepath Task: {62A381CF-C2CA-4F29-9930-2D281F1EA676} - System32\Tasks\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => C:\Windows\system32\pcalua.exe -a "F:\games\sonic games\Mettrix-SAGE08\LAUNCH.EXE" -d "F:\games\sonic games\Mettrix-SAGE08" Task: {69C710EC-D8EA-47DB-8976-81608A761BAF} - \FTdownloader V4.0-codedownloader -> No File <==== ATTENTION Task: {6EF111F8-9829-4DAF-AF39-75967D02D3C2} - System32\Tasks\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => C:\Windows\system32\pcalua.exe -a "F:\ألعاب\games mario\Super Mario 64 DS\NO$GBA.EXE" -d "F:\ألعاب\games mario\Super Mario 64 DS" Task: {A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} - System32\Tasks\{113A9539-30CF-4336-9715-83664CFA6DD9} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\NO$GBA.EXE -d C:\Users\m\Desktop Task: {BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} - System32\Tasks\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => C:\Windows\system32\pcalua.exe -a D:\Mettrix-SAGE08\LAUNCH.EXE -d D:\Mettrix-SAGE08 Task: {CE1C98BC-C9AC-41C2-B059-1E560837DEE6} - System32\Tasks\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => C:\Windows\system32\pcalua.exe -a F:\برامج\وايرليس\ISUninstall.exe -d F:\برامج\وايرليس Task: {D13CF6BD-8570-4B1F-8F70-97E4C206D56C} - System32\Tasks\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => C:\Windows\system32\pcalua.exe -a "F:\games\Commandos 2\Destination Paris Mod v1.34\C2DP1.34.exe" -d "F:\games\Commandos 2\Destination Paris Mod v1.34" Task: {D88F769C-00AB-4E22-B33A-223B0906569F} - System32\Tasks\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\vpsupd.exe -d C:\Users\m\Desktop Task: {DC531842-781D-4BFD-81AC-9381B0173DA4} - \EPUpdater -> No File <==== ATTENTION Task: {E5208A81-D6BE-4152-AC3E-0144B83E2BD2} - System32\Tasks\{A31E5E0E-59F5-44C1-8108-4547C531E291} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Downloads\Mario_Forever_Galaxy_Setup_102308.exe -d "C:\Program Files\Mozilla Firefox" Task: {ED1BA7B4-109C-45FD-9709-3C69C34C5795} - \FTdownloader V4.0-enabler -> No File <==== ATTENTION Task: {EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} - \schedule!3036567561 -> No File <==== ATTENTION Task: {FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} - System32\Tasks\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => C:\Windows\system32\pcalua.exe -a "F:\games\gta\setup gta VC\setup.exe" -d "F:\games\gta\setup gta VC" Task: C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exeƱ/reinstallapp /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /codedownloaddomain=hxxp:/cr.install-daddy.com <==== ATTENTION Task: C:\Windows\Tasks\FTdownloader V4.0-enabler.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exeƋ/enablebho /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com <==== ATTENTION Task: C:\Windows\Tasks\FTdownloader V4.0-updater.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-updater.exeƻ/runupdater /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.datasrvstats.com <==== ATTENTION ShortcutWithArgument: C:\Users\m\Desktop\Continue Supreme Downloader.lnk -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe (@) -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe " /PID=3708 /SUBPID=0 /DISTID=4575 /NETWORDK=1 /CID=0 /PRODUCT_ID=4366 /SERVER_URL=hxxp://installer.ppdownload.com " AlternateDataStreams: C:\ProgramData\TEMP:05816AFA [131] AlternateDataStreams: C:\ProgramData\TEMP:4F636E25 [145] AlternateDataStreams: C:\ProgramData\TEMP:77846FFE [141] AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [145] AlternateDataStreams: C:\ProgramData\TEMP:EBA3B6EA [127] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3" MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\m\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l MSCONFIG\startupreg: NTRedirect => C:\Windows\system32\rundll32.exe "C:\Users\m\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run MSCONFIG\startupreg: test => C:\Windows\bat_starter.exe C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a C:\Program Files\Alnaddy.com C:\Program Files\BetterSurf C:\Program Files\cfos6link C:\Program Files\DefaultTab C:\Program Files\FTDownloader.com C:\Program Files\LemurLeap C:\Program Files\MediaViewV1 C:\Program Files\MediaPlayerV1 C:\Program Files\MediaWatchV1 C:\Program Files\MyPC Backup C:\Program Files\uTorrentControl_v6 C:\Program Files\WebexpEnhancedV1 C:\ProgramData\Browase2saaVE C:\Users\m\AppData\Local\ws_updater.exe C:\Users\m\AppData\Roaming\BabSolution C:\Users\m\AppData\Roaming\newnext.me C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli C:\Windows\bat_starter.exe Hosts: EmptyTemp: ***************** Processes closed successfully. Error: Restore point can only be created in normal mode. ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gmdoiobfkangimkkodmdklhdlnkmpljc" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iijdejcjlbgbpkdjanfjanndnffpkfdl" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nohggfehlfggmhadohogpgfipdbegokp" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojgckilddijehegemacdfpflendgdemi" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco" /f ========= The operation completed successfully. ========= End of Reg: ========= "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started: "C:\Program Files\Windows Defender\en-US" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpAsDesc.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpClient.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpCmdRun.exe" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpCommu.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpEvMsg.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpOAV.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpRTP.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpSvc.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MSASCui.exe" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MsMpCom.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MsMpLics.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MsMpRes.dll" =>Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender" =>Deleting reparse point and unlocking completed. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully. C:\Users\m\AppData\Local\Start\MyPC Backup.lnk => moved successfully C:\Program Files\MyPC Backup\MyPC Backup.exe => not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Google => key removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Policies\Google => key removed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{96f454ea-9d38-474f-b504-56193e00c1a5} => value removed successfully. HKLM\Software\Classes\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => key removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{96f454ea-9d38-474f-b504-56193e00c1a5} => value removed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully. HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully. HKLM\Software\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key removed successfully. HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key removed successfully. HKLM\Software\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully. HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{446F0CFE-F4F0-46E1-9000-A1756964F954} => key removed successfully. HKLM\Software\Classes\CLSID\{446F0CFE-F4F0-46E1-9000-A1756964F954} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully. HKLM\Software\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} => key removed successfully. HKLM\Software\Classes\CLSID\{D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key removed successfully. HKLM\Software\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} => key removed successfully. HKLM\Software\Classes\CLSID\{EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551174} => key removed successfully. HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311551174} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully. HKLM\Software\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully. HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96f454ea-9d38-474f-b504-56193e00c1a5} => key removed successfully. HKLM\Software\Classes\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} => key removed successfully. HKLM\Software\Classes\CLSID\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully. HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key removed successfully. HKLM\Software\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{96f454ea-9d38-474f-b504-56193e00c1a5} => value removed successfully. HKLM\Software\Classes\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => key not found. HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{96F454EA-9D38-474F-B504-56193E00C1A5} => value removed successfully. HKLM\Software\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5} => key not found. Firefox "newtab" removed successfully. Firefox DefaultSearchEngine removed successfully. Firefox SearchEngineOrder.1 removed successfully. Firefox SelectedSearchEngine removed successfully. Firefox "homepage" removed successfully. C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\cmt0zpnvfv@kuiiiu.net => moved successfully C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\ffxtlbr@alnaddyToolbar.com => moved successfully C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} => moved successfully C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} => path removed successfully. C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{d1bf4285-e49f-447e-8249-976311c07344} => moved successfully C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff => not found. HKLM\Software\Mozilla\Firefox\Extensions\\xz123@ya456.com => value removed successfully. HKLM\Software\Mozilla\Firefox\Extensions\\12x3q4@3244516.com => value removed successfully. HKLM\Software\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha153.net => value removed successfully. HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha310.net => value removed successfully. HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha4983.net => value not found. HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaWatchV1home6866.net => value removed successfully. "C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx" folder move: Could not move "C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx" => Scheduled to move on reboot. "C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx" folder move: Could not move "C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx" => Scheduled to move on reboot. C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli => moved successfully HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully HKLM\System\CurrentControlSet\Services\cfos6linksrv => key removed successfully. cfos6linksrv => service removed successfully. SkypeUpdate => service not found. h647906 => service not found. h648101 => service not found. h648103 => service not found. HKLM\System\CurrentControlSet\Services\nethfdrv => key removed successfully. nethfdrv => service removed successfully. HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully. Synth3dVsc => service removed successfully. HKLM\System\CurrentControlSet\Services\tghxxxuf => key removed successfully. tghxxxuf => service removed successfully. HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully. tsusbhub => service removed successfully. HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully. VGPU => service removed successfully. HKLM\System\CurrentControlSet\Services\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w => key removed successfully. {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w => service removed successfully. HKLM\System\CurrentControlSet\Services\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w => key removed successfully. {910baceb-efc0-4fe2-bc67-ee485894a7c4}w => service removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\ChromeHTML => key removed successfully. HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\CLSID\{999937BC-30FE-11D4-BA52-00C04F6843FA} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62A381CF-C2CA-4F29-9930-2D281F1EA676} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62A381CF-C2CA-4F29-9930-2D281F1EA676} => key removed successfully. C:\Windows\System32\Tasks\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69C710EC-D8EA-47DB-8976-81608A761BAF} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69C710EC-D8EA-47DB-8976-81608A761BAF} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EF111F8-9829-4DAF-AF39-75967D02D3C2} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF111F8-9829-4DAF-AF39-75967D02D3C2} => key removed successfully. C:\Windows\System32\Tasks\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} => key removed successfully. C:\Windows\System32\Tasks\{113A9539-30CF-4336-9715-83664CFA6DD9} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{113A9539-30CF-4336-9715-83664CFA6DD9} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} => key removed successfully. C:\Windows\System32\Tasks\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE1C98BC-C9AC-41C2-B059-1E560837DEE6} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1C98BC-C9AC-41C2-B059-1E560837DEE6} => key removed successfully. C:\Windows\System32\Tasks\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D13CF6BD-8570-4B1F-8F70-97E4C206D56C} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D13CF6BD-8570-4B1F-8F70-97E4C206D56C} => key removed successfully. C:\Windows\System32\Tasks\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D88F769C-00AB-4E22-B33A-223B0906569F} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D88F769C-00AB-4E22-B33A-223B0906569F} => key removed successfully. C:\Windows\System32\Tasks\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC531842-781D-4BFD-81AC-9381B0173DA4} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC531842-781D-4BFD-81AC-9381B0173DA4} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5208A81-D6BE-4152-AC3E-0144B83E2BD2} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5208A81-D6BE-4152-AC3E-0144B83E2BD2} => key removed successfully. C:\Windows\System32\Tasks\{A31E5E0E-59F5-44C1-8108-4547C531E291} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A31E5E0E-59F5-44C1-8108-4547C531E291} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED1BA7B4-109C-45FD-9709-3C69C34C5795} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED1BA7B4-109C-45FD-9709-3C69C34C5795} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!3036567561 => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} => key removed successfully. C:\Windows\System32\Tasks\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => key removed successfully. C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => moved successfully C:\Windows\Tasks\FTdownloader V4.0-enabler.job => moved successfully C:\Windows\Tasks\FTdownloader V4.0-updater.job => moved successfully C:\Users\m\Desktop\Continue Supreme Downloader.lnk => Shortcut argument removed successfully.. C:\ProgramData\TEMP => ":05816AFA" ADS removed successfully.. C:\ProgramData\TEMP => ":4F636E25" ADS removed successfully.. C:\ProgramData\TEMP => ":77846FFE" ADS removed successfully.. C:\ProgramData\TEMP => ":DBC416F8" ADS removed successfully.. C:\ProgramData\TEMP => ":EBA3B6EA" ADS removed successfully.. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive => key removed successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NTRedirect => key removed successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\test => key removed successfully. C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a => moved successfully C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a => moved successfully "C:\Program Files\Alnaddy.com" => not found. "C:\Program Files\BetterSurf" => not found. "C:\Program Files\cfos6link" => not found. "C:\Program Files\DefaultTab" => not found. "C:\Program Files\FTDownloader.com" => not found. "C:\Program Files\LemurLeap" => not found. C:\Program Files\MediaViewV1 => moved successfully C:\Program Files\MediaPlayerV1 => moved successfully "C:\Program Files\MediaWatchV1" => not found. "C:\Program Files\MyPC Backup" => not found. "C:\Program Files\uTorrentControl_v6" => not found. "C:\Program Files\WebexpEnhancedV1" => not found. C:\ProgramData\Browase2saaVE => moved successfully C:\Users\m\AppData\Local\ws_updater.exe => moved successfully "C:\Users\m\AppData\Roaming\BabSolution" => not found. "C:\Users\m\AppData\Roaming\newnext.me" => not found. "C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli" => not found. "C:\Windows\bat_starter.exe" => not found. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23298680 B Java, Flash, Steam htmlcache => 70978 B Windows/system/drivers => 258766 B Edge => 0 B Chrome => 49441204 B Firefox => 141905965 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 18072014 B LocalService => 132244 B NetworkService => 616150 B m => 11044716997 B RecycleBin => 0 B EmptyTemp: => 10.5 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: ) (Date&Time: 15-09-2017 01:22:10) C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx => is moved successfully C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx => is moved successfully ==== End of Fixlog 01:22:10 ==== Link to post Share on other sites More sharing options...
Aura Posted September 15, 2017 ID:1163732 Share Posted September 15, 2017 Good Did he uninstall all the programs listed in my previous post? Link to post Share on other sites More sharing options...
missybriarwood Posted September 15, 2017 Author ID:1163733 Share Posted September 15, 2017 Yes he has. Link to post Share on other sites More sharing options...
Aura Posted September 15, 2017 ID:1163735 Share Posted September 15, 2017 Good Now, let's get a fresh set of FRST logs so I can take a look and see if there's anything left to remove, since the first logs were so clustered with junk that I might have missed stuff. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds Click on the Scan button On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files Copy and paste the content of both FRST.txt and Addition.txt in your next reply Link to post Share on other sites More sharing options...
missybriarwood Posted September 15, 2017 Author ID:1163740 Share Posted September 15, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2017 01 Ran by m (administrator) on M-PC (15-09-2017 02:17:15) Running from C:\Users\m\Desktop Loaded Profiles: m (Available Profiles: m) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe (Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe (Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe (Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe (Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1846384 2017-06-16] (Smadsoft) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2154096 2011-04-06] (VIA) HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [8221896 2017-06-16] (FreeDownloadManager.org) HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Policies\Explorer: [DisallowRun] 0 HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac496-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac4a5-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-06] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{3EB0E13E-8E45-44F4-A10A-E9A7A210659F}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{675DCF96-BE84-4AB1-9C1A-79DC33B55311}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{841212F6-ACA9-439B-892E-F89B86FD40A8}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{848E9A04-C2AF-4161-821E-4F6DE4FDF04E}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{91F7C5A3-837D-4989-BD38-E98D67CD7D50}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{EC8B69B7-2A1B-489B-8AC1-1876D8627DE5}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{FFD0D415-57EB-4C71-B80A-CE53A5D1FB98}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Internet Explorer: ================== BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2012-04-07] (RealPlayer) BHO: . -> {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6 Freeware\RNetPin.dll No File FireFox: ======== FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default [2017-09-14] FF user.js: detected! => C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\user.js [2013-07-26] FF Session Restore: Mozilla\Firefox\Profiles\m78g5t0e.default -> is enabled. FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: (RealPlayer Browser Record Plugin) - C:\Program Files\Real\RealPlayer\browserrecord [2012-04-07] [not signed] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff => not found FF HKLM\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate FF Extension: (Mozilla Auto-Update) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-11-03] [not signed] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-05-26] [not signed] FF HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [No File] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File] FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File] FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-02] (Adobe Systems) FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tightropeinteractive.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll [No File] FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tnt2ghost.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-09] (Nullsoft, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BAVSvc; C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe [1554280 2013-07-08] (Baidu, Inc.) S4 cFosSpeedS; C:\network\spd.exe [476504 2017-03-30] (cFos Software GmbH) S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] S4 GlassWire; C:\Program Files\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) S4 PCFasterSvc_{PCFaster_3.6.0.35848}; C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFasterSvc.exe [567792 2013-07-12] (Baidu Inc.) [File not signed] S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.) S4 HWDeviceService.exe; "C:\ProgramData\DatacardService\HWDeviceService.exe" -/service [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare) R3 cfos6link; C:\Windows\System32\DRIVERS\cfos6link.sys [525016 2010-05-03] (cFos Software GmbH) R3 cFosBC; C:\Windows\System32\DRIVERS\cfosbc6.sys [323288 2009-04-09] (cFos Software GmbH) S2 cFosNT; C:\Windows\System32\Drivers\cFosNT.sys [1314520 2014-02-05] (cFos Software GmbH) R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1099096 2017-03-30] (cFos Software GmbH) R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43344 2013-10-13] () R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET) S4 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET) R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-29] (SecureMix LLC) S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2013-06-03] () [File not signed] S3 NPF; C:\Windows\System32\drivers\npf.sys [32512 2005-08-03] (CACE Technologies) [File not signed] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2011-03-29] (VIA Technologies, Inc.) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-07 16:31 - 2017-11-07 16:31 - 000002626 _____ C:\Users\m\Downloads\legitcheck.hta 2017-09-14 21:59 - 2017-09-15 01:22 - 000042122 _____ C:\Users\m\Desktop\Fixlog.txt 2017-09-14 21:14 - 2017-09-14 21:14 - 000000000 ____D C:\Windows\system32\appmgmt 2017-09-14 17:47 - 2017-09-14 17:49 - 000049583 _____ C:\Users\m\Desktop\Addition.txt 2017-09-14 17:36 - 2017-09-15 02:19 - 000011719 _____ C:\Users\m\Desktop\FRST.txt 2017-09-14 17:31 - 2017-09-15 02:17 - 001794560 _____ (Farbar) C:\Users\m\Desktop\FRST.exe 2017-09-14 17:31 - 2017-09-15 02:17 - 000000000 ____D C:\Users\m\Desktop\FRST-OlderVersion 2017-09-14 04:29 - 2017-09-14 04:29 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-09-14 04:28 - 2017-09-14 10:26 - 000000000 ____D C:\ProgramData\RogueKiller 2017-09-14 04:26 - 2017-09-14 04:26 - 000001008 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-09-14 04:26 - 2017-09-14 04:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-09-14 04:25 - 2017-09-14 17:02 - 000000000 ____D C:\Program Files\RogueKiller 2017-09-14 04:18 - 2017-09-11 10:46 - 035835424 _____ (Adlice Software ) C:\Users\m\Desktop\setup.exe 2017-09-14 03:12 - 2017-09-14 03:42 - 000000000 ____D C:\AdwCleaner 2017-09-14 00:56 - 2017-09-14 17:14 - 000006054 _____ C:\Users\m\Desktop\SMADAV log.txt 2017-09-13 21:39 - 2017-09-14 23:10 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-13 21:37 - 2017-09-14 23:55 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-13 21:36 - 2017-09-14 23:55 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-13 21:36 - 2017-09-13 21:36 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-13 21:36 - 2017-09-13 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-13 21:36 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-13 19:17 - 2017-09-15 01:22 - 000000000 ____D C:\FRST 2017-09-09 19:34 - 2017-09-09 19:34 - 000000000 ____D C:\Users\m\AppData\Roaming\com.mcleodgaming.ssf2 2017-09-09 19:02 - 2017-09-09 19:02 - 000001060 _____ C:\Users\Public\Desktop\Super Smash Flash 2 Beta.lnk 2017-09-09 19:02 - 2017-09-09 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Smash Flash 2 Beta 2017-09-09 18:53 - 2017-09-09 19:02 - 000000000 ____D C:\Program Files\Super Smash Flash 2 Beta 2017-09-09 05:57 - 2017-09-09 06:00 - 000000000 ____D C:\ProgramData\Intel 2017-09-09 02:29 - 2004-09-27 22:25 - 000081920 _____ C:\Windows\system32\xmltok.dll 2017-09-09 02:29 - 2004-09-27 22:25 - 000053248 _____ C:\Windows\system32\xmlparse.dll 2017-09-09 02:29 - 2003-10-08 15:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.dll 2017-09-09 02:29 - 2003-10-08 15:29 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.dll 2017-09-06 04:40 - 2017-07-24 21:09 - 000786912 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2017-09-06 04:40 - 2017-07-24 21:09 - 000109024 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll 2017-08-25 00:39 - 2017-08-25 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (February 2010) 2017-08-25 00:39 - 2010-02-04 20:22 - 002719064 _____ (Microsoft Corporation) C:\Windows\system32\d3d9d.dll 2017-08-25 00:39 - 2010-02-04 20:22 - 000955224 _____ (Microsoft Corporation) C:\Windows\system32\XAudioD2_6.dll 2017-08-25 00:39 - 2010-02-04 20:22 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineD3_6.dll 2017-08-25 00:39 - 2010-02-04 20:22 - 000132952 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFXD1_4.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 005516120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCSXd_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 003795800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9d_33.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 002149208 _____ (Microsoft Corporation) C:\Windows\system32\D3dx9d_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000500056 _____ (Microsoft Corporation) C:\Windows\system32\D3D11Ref.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000497496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX10d_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000496472 _____ (Microsoft Corporation) C:\Windows\system32\D3D11SDKLayers.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000442712 _____ (Microsoft Corporation) C:\Windows\system32\D3D10SDKLayers.DLL 2017-08-25 00:39 - 2010-02-04 20:21 - 000434008 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineA3_6.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Ref.DLL 2017-08-25 00:39 - 2010-02-04 20:21 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\d3dref9.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000252248 _____ (Microsoft Corporation) C:\Windows\system32\D3DX11d_42.dll 2017-08-25 00:39 - 2010-02-04 20:21 - 000045400 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudioD1_7.dll 2017-08-25 00:37 - 2017-08-25 00:39 - 000000000 ____D C:\Program Files\Microsoft DirectX SDK (February 2010) 2017-08-25 00:37 - 2017-08-25 00:36 - 000118104 _____ (Microsoft Corporation) C:\Windows\dxsdkuninst.exe 2017-08-24 21:24 - 2017-08-24 21:29 - 000001089 _____ C:\Users\m\Desktop\Continue XePlayer_Setup Installation.lnk 2017-08-24 17:55 - 2017-08-24 18:04 - 000000000 ____D C:\Users\m\AppData\Local\Zone Builder 2017-08-24 17:53 - 2017-08-24 17:53 - 000000000 ____D C:\Program Files\Zone Builder 2017-08-22 23:59 - 2017-08-22 23:59 - 000000000 ____D C:\Users\m\AppData\Local\doomseeker 2017-08-22 23:58 - 2017-08-23 00:02 - 000000000 ____D C:\Users\m\AppData\Roaming\.doomseeker 2017-08-21 18:12 - 2017-08-21 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SLADE 2017-08-20 17:08 - 2017-09-09 02:39 - 000000000 ____D C:\Program Files\SLADE 2017-08-20 17:07 - 2017-08-22 02:53 - 000000000 ____D C:\Users\m\AppData\Roaming\SLADE3 2017-08-20 17:07 - 2015-07-18 15:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-08-20 17:00 - 2017-09-14 21:21 - 000000000 ____D C:\ProgramData\Package Cache ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-15 02:02 - 2012-04-10 17:43 - 000000820 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2017-09-15 01:22 - 2012-04-10 17:43 - 000000816 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2017-09-14 23:54 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-14 22:14 - 2013-06-23 15:14 - 000000000 ____D C:\Users\m\AppData\LocalLow\Temp 2017-09-14 22:13 - 2014-02-01 20:07 - 000000952 _____ C:\Users\m\Desktop\Continue Supreme Downloader.lnk 2017-09-14 21:59 - 2017-06-30 12:25 - 000000000 ____D C:\Users\m\AppData\Local\Free Download Manager 2017-09-14 21:59 - 2013-08-20 13:01 - 000000000 ___RD C:\Users\m\AppData\Local\Start 2017-09-14 21:59 - 2009-07-14 04:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-09-14 21:46 - 2013-11-25 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisioForge Video Capture SDK 2017-09-14 21:46 - 2012-04-07 09:44 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-09-14 21:27 - 2013-10-11 06:46 - 000000000 ___HD C:\Program Files\InstallShield Installation Information 2017-09-14 21:27 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2017-09-14 21:24 - 2012-04-07 10:55 - 000000000 ____D C:\Users\m\AppData\Roaming\Skype 2017-09-14 21:24 - 2012-04-07 10:55 - 000000000 ____D C:\ProgramData\Skype 2017-09-14 21:22 - 2013-07-08 21:55 - 000000000 ____D C:\Users\m\AppData\Roaming\Baidu 2017-09-14 21:19 - 2014-03-07 20:31 - 000000000 ____D C:\ProgramData\DatacardService 2017-09-14 21:15 - 2009-07-14 04:37 - 000000000 __RHD C:\Users\Public\Libraries 2017-09-14 20:06 - 2013-07-20 13:57 - 000000000 ____D C:\Users\m\AppData\Roaming\BitTorrent 2017-09-14 20:02 - 2017-06-30 19:39 - 000000000 ____D C:\Users\m\AppData\Roaming\discord 2017-09-14 20:00 - 2013-11-04 07:00 - 000000000 ____D C:\Users\m\AppData\Local\CrashDumps 2017-09-14 17:13 - 2016-12-21 01:51 - 000000000 ____D C:\Program Files\SMADAV 2017-09-14 09:45 - 2017-06-30 08:55 - 000001441 _____ C:\Users\m\Desktop\firefox - Shortcut.lnk 2017-09-14 01:25 - 2013-07-27 00:10 - 000000000 ____D C:\Users\m\AppData\LocalLow\Delta 2017-09-14 01:25 - 2013-07-26 01:01 - 000000000 ____D C:\Program Files\Delta 2017-09-12 14:52 - 2017-07-01 08:34 - 000000000 ____D C:\Windows\pss 2017-09-12 14:52 - 2013-05-24 18:10 - 024547056 _____ C:\Windows\ntbtlog.txt 2017-09-10 20:16 - 2013-07-04 14:34 - 000000000 ____D C:\Users\m\AppData\Local\ElevatedDiagnostics 2017-09-10 18:46 - 2012-04-07 08:41 - 000006362 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-09 19:33 - 2014-06-17 06:28 - 000000000 ____D C:\Users\m\Documents\GTA Vice City User Files 2017-09-09 19:33 - 2013-10-17 12:25 - 000000000 ___RD C:\Users\m\Desktop\net 2017-09-09 19:33 - 2013-08-17 22:18 - 000000000 ____D C:\Users\m\Desktop\New folder 2017-09-09 19:26 - 2013-06-24 15:04 - 000000000 ____D C:\Users\m\Desktop\super sonic 2017-09-09 19:26 - 2012-04-24 07:53 - 000000000 ____D C:\Users\m\Documents\bloons 2017-09-09 17:35 - 2017-07-15 22:17 - 000000661 _____ C:\Users\m\Desktop\klcp_codec_log.txt 2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagwrn.xml 2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagerr.xml ==================== Files in the root of some directories ======= 2005-04-08 04:16 - 2017-07-16 18:26 - 000014065 ____H () C:\Users\m\AppData\Roaming\mlog.dat 2013-08-16 00:50 - 2013-08-16 00:50 - 000024232 _____ () C:\Users\m\AppData\Roaming\UserTile.png 2013-05-31 17:20 - 2014-07-16 10:24 - 000016896 _____ () C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-30 11:16 - 2017-07-01 15:47 - 000007597 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed safeboot: DsRepair => The system is configured to boot to Safe Mode <==== ATTENTION LastRegBack: 2017-09-10 20:08 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
missybriarwood Posted September 15, 2017 Author ID:1163742 Share Posted September 15, 2017 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-09-2017 01 Ran by m (15-09-2017 02:21:43) Running from C:\Users\m\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2012-04-07 07:02:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1375491003-1713059225-295888860-500 - Administrator - Disabled) Guest (S-1-5-21-1375491003-1713059225-295888860-501 - Limited - Disabled) m (S-1-5-21-1375491003-1713059225-295888860-1000 - Administrator - Enabled) => C:\Users\m ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Air Force Missions (HKLM\...\Air Force Missions_is1) (Version: 1.0 - MyPlayCity, Inc.) Any Video Converter 5.0.9 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version: - ) Burrito Bison Revenge (HKLM\...\Burrito Bison Revenge_is1) (Version: - Shmehao.com) Butterfly Escape 1.2 (HKLM\...\Butterfly Escape_is1) (Version: - Genimo Interactive LLC) CCProxy 7.3 (HKLM\...\CCProxy_is1) (Version: - Youngzsoft, Inc.) cFos 2000/XP/Vista DSL/ISDN Driver 8.00.3101 (HKLM\...\cFos) (Version: 8.00.3101 - cFos Software GmbH, Bonn) cFos Broadband Connect v1.06 (HKLM\...\cFos Broadband Connect) (Version: 1.06 - cFos Software GmbH, Bonn) cFos IPv6 Link v2.52 (HKLM\...\cFos IPv6 Link) (Version: 2.52 - cFos Software GmbH, Bonn) cFos Outlook DAV v1.10 (HKLM\...\cFos Outlook DAV) (Version: 1.10 - cFos Software GmbH, Bonn) cFos Personal Net v3.00 (HKLM\...\cFos Personal Net) (Version: 3.00 - cFos Software GmbH, Bonn) cFosSpeed v10.22 (HKLM\...\cFosSpeed) (Version: 10.22 - cFos Software GmbH, Bonn) Chicken Invaders 3 (HKLM\...\Chicken Invaders 3_is1) (Version: - ) Chicken Invaders 4: Ultimate Omelette Uninstaller (HKLM\...\Chicken Invaders 4: Ultimate Omelette Uninstaller) (Version: - ) Chicken Invaders: Cluck of the Dark Side demo v5.00 (HKLM\...\Chicken Invaders: Cluck of the Dark Side demo_is1) (Version: - InterAction studios) Client for Google Translate (HKLM\...\Translate Client) (Version: 6.0.612 - ) Debut Video Capture Software (HKLM\...\Debut) (Version: 1.82 - NCH Software) Discord (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Discord) (Version: 0.0.298 - Discord Inc.) Document.Editor 2013.26 (HKLM\...\Document.Editor) (Version: 2013.26 - Semagsoft) ESET NOD32 Antivirus (HKLM\...\{083ABCCD-D0A1-4068-A2B1-A4D06E0B9951}) (Version: 5.2.9.1 - ESET, spol. s r.o.) Farm Frenzy 2 (HKLM\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.) Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG) Fishdom (HKLM\...\Fishdom_is1) (Version: 1.0 - Media Contact LLC) Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG) Garden TD (HKLM\...\{908450B6-FED3-4981-958D-EDFEA09BA3D7}_is1) (Version: - ePlaybus.com) GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.102 - SecureMix LLC) Google Chrome (HKLM\...\Google Chrome) (Version: 26.0.1410.64 - Google Inc.) Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.153 - Google Inc.) Hidden GTA San Andreas Control Center v2.1.1 (HKLM\...\GTA San Andreas Control Center v2.1.1) (Version: Release 2.1.1 - open source) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Internet Music Capture 6.2.5.6 (HKLM\...\{24F91F2A-AE77-4E45-A82F-26E3460BE7C2}) (Version: 6.2.5.6 - E-Soft) K-Lite Mega Codec Pack 7.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - ) MAGIX Movie Edit Pro 17 Download Version (HKLM\...\{B2C8ABEF-C3D4-493C-8AB1-179FF999F64A}) (Version: 10.0.0.1 - MAGIX AG) Hidden MAGIX Movie Edit Pro 17 Download Version (HKLM\...\MAGIX_MSI_Videodeluxe17) (Version: 10.0.0.1 - MAGIX AG) MAGIX Screenshare (HKLM\...\{624A1753-9DA0-4CC2-A695-303A9F224B45}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed 2 (MSI) (HKLM\...\{BEF2491B-A1B5-463B-92E6-370C9548E065}) (Version: 6.0.1.2 - MAGIX AG) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Mario Forever 3.0 (HKLM\...\Mario Forever) (Version: 3.0 - Buziol Games) Mario Forever Galaxy (HKLM\...\Mario Forever Galaxy) (Version: - Buziol Games) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft DirectX SDK (February 2010) (HKLM\...\Microsoft DirectX SDK (February 2010)) (Version: 9.28.1886.0 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Mozilla Firefox 5.0.1 (x86 ar) (HKLM\...\Mozilla Firefox 5.0.1 (x86 ar)) (Version: 5.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.07 - NCH Software) Neighbours From Hell Online Demo (HKLM\...\{5945A4B9-CB8F-4960-9C66-690780BEF4D4}) (Version: 1.0 - JoWooD Studio Vienna) Office Animation Runtime (HKLM\...\{AEEB3643-71DE-414d-9E3F-1159177FE211}) (Version: 11.0.5510.0 - Microsoft Corporation) Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation) PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: 2.36 - NCH Software) PhotoStage Slideshow Producer (HKLM\...\PhotoStage) (Version: 2.24 - NCH Software) Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Hidden Potty Racers 3 (HKLM\...\Potty Racers 3_is1) (Version: - Shmehao.com) Prism Video File Converter (HKLM\...\Prism) (Version: 2.01 - NCH Software) RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks) RogueKiller version 12.11.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.14.0 - Adlice Software) SLADE version 3.1.1.5 (HKLM\...\{3EFD0AA9-5156-40DB-9646-360180FF5DFA}_is1) (Version: 3.1.1.5 - ) SMADAV version 11.5 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.5 - Smadsoft) Super Smash Flash 2 Beta (HKLM\...\{7603695C-A9FF-48D5-BE83-CD07DB80E957}_is1) (Version: 1.0.0.0 - McLeodGaming, Inc.) Toad for Oracle 10.6 Freeware (HKLM\...\{B7B361DE-C9E6-4047-AF83-2C9CCE0AF4F3}) (Version: 10.6.0.42 - Quest Software, Inc.) VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Video Capture SDK Delphi TRIAL (HKLM\...\{3D46BD05-CA91-46C9-9C78-FBF10A65D471}) (Version: 8.0.2.0 - VisioForge) Hidden Video Capture SDK Delphi TRIAL (HKLM\...\Video Capture SDK Delphi TRIAL 8.0.2.0) (Version: 8.0.2.0 - VisioForge) VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.04 - NCH Software) Vodafone Wi-Fi (HKLM\...\{F08DBC61-FBFC-4D26-997F-74B42C51DC56}) (Version: 2.0.9.48121 - Vodafone) WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.55 - NCH Software) Winamp (HKLM\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Zone Builder 2.6 (HKLM\...\Zone Builder_is1) (Version: - MascaraSnake) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ContextMenuHandlers1: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.) ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] () ContextMenuHandlers6: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.) ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07A468F3-2B0D-4982-B74F-779897DF4AC9} - System32\Tasks\{E904F735-E5C9-446C-89F4-8065C9D04CCB} => F:\games\OpenURL.exe Task: {1B6FF82A-DF2A-4FCF-92FA-14A2E25F07B7} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Cloud Security\BavUpdater.exe [2013-07-08] (Baidu, Inc.) Task: {33352777-A6D2-494A-8363-79BC065EA1CB} - System32\Tasks\cFos\cfospnet\cFos Personal Net Port Monitoring => F:\برامج\network\setup.exe Task: {487AF48A-E4B3-4E64-8F35-B2649A1F851B} - System32\Tasks\{3B31C0C8-BA7F-4DFD-A8D7-FC1694ED8E3E} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] () Task: {58416E09-F255-41C2-A2D5-05B7DDA1291D} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\google\chrome\application\old_chrome.exe "hxxp://localhost:1487/cfosspeed/console.htm" Task: {5D3F6B74-8582-4632-B051-4D6C6F4D117E} - System32\Tasks\Driver Whiz-RTMScanRunOnce => F:\برامج\وايرليس\DriverWhiz.exe Task: {625685A0-C04C-4598-ADEA-8D545C4A0F60} - System32\Tasks\{F219436C-CF36-43D4-B478-503DAC6B2E79} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\NCH Software\Debut\debutfilterinstallerx86.exe" -d "C:\Program Files\NCH Software\Debut" Task: {6ECB8FD2-0FD4-4EA6-B10E-13980E77ABEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated) Task: {80C23D04-B7BB-4261-93BC-B20F7109B7A5} - System32\Tasks\{8C4E4B5B-5E09-4976-98E4-BEF866DF75AE} => D:\ألعاب متسممة\SMBX\smbx.exe Task: {BC27A08E-31F7-4D43-A173-84D5BD87DD94} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2017-06-16] (Smadsoft) Task: {D863E55F-7899-4196-AFAD-5E2054A69AA8} - System32\Tasks\cFos\cfospnet\cFos Personal Net Start at Login => F:\برامج\network\cfospnet.exe Task: {E57E2849-5426-4B21-BCAB-D0F2163EA22F} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-06-16] (FreeDownloadManager.org) Task: {E67C12FD-0FAD-4088-AD2F-9158C67F632C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.) Task: {EF1CAE8C-481F-42F6-B5C3-6E6A240FFC2E} - System32\Tasks\{7D5AA710-08D3-4C54-BC10-14E87F8E5090} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] () Task: {F0198F2E-D7A0-4D7B-898D-7D2BDE09D850} - System32\Tasks\{A8FC80F4-0EB5-4686-B0AB-85B548A28FFC} => C:\Users\m\Desktop\Sonic Generations.exe Task: {F9142D59-893F-4E79-A3CC-E4980135A503} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.) Task: {FD4F824F-368F-4136-9A4C-140319DBF71D} - \FTdownloader V4.0-updater -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-06-30 12:22 - 2017-06-15 18:41 - 000023552 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll 2014-01-31 16:45 - 2014-01-31 16:45 - 000597360 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll 2017-08-11 00:46 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\ffmpeg.dll 2017-08-11 00:46 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libglesv2.dll 2017-08-11 00:46 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libegl.dll 2017-08-11 01:34 - 2017-08-31 10:59 - 009622008 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node 2017-08-11 01:34 - 2017-08-11 01:34 - 001440248 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node 2017-09-15 01:58 - 2017-09-15 01:58 - 000148992 _____ () \\?\C:\Users\m\AppData\Local\Temp\7936.tmp.node 2017-08-09 22:14 - 2017-08-09 22:14 - 002658296 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node 2017-08-11 11:54 - 2017-08-11 11:54 - 002673656 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2017-09-14 22:13 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\m\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: BAVSvc => 2 MSCONFIG\Services: BstHdAndroidSvc => 2 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: DPService => 2 MSCONFIG\Services: ekrn => 2 MSCONFIG\Services: Etisalat 3.75G USB Modem. RunOuc => 2 MSCONFIG\Services: FirebirdServerMAGIXInstance => 3 MSCONFIG\Services: GlassWire => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HWDeviceService.exe => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: PCFasterSvc_{PCFaster_3.6.0.35848} => 2 MSCONFIG\Services: Update LemurLeap => 2 MSCONFIG\Services: Util LemurLeap => 2 MSCONFIG\Services: VIAKaraokeService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Driver Auto Setup Launcher.lnk => C:\Windows\pss\Driver Auto Setup Launcher.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Translate Client.lnk => C:\Windows\pss\Translate Client.lnk.CommonStartup MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: Baidu PC Faster 3.6.0.35848 => "C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFaster.exe" -auto -start MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: cfos6link Daemon => C:\Program Files\cfos6link\w6link.exe MSCONFIG\startupreg: cFosBC Daemon => C:\Program Files\cFosBC\wbc.exe MSCONFIG\startupreg: cFosDNT => C:\Program Files\cFos\cFosDNT.exe MSCONFIG\startupreg: cFosSpeed => C:\network\cFosSpeed.exe MSCONFIG\startupreg: Discord => C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe MSCONFIG\startupreg: Driver Whiz => F:\برامج\وايرليس\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe --run startup MSCONFIG\startupreg: DrvUpdater => C:\Users\m\AppData\Roaming\DRPSu\DrvUpdater.exe /hide MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice MSCONFIG\startupreg: Free Download Manager => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized MSCONFIG\startupreg: GlassWire => "C:\Program Files\GlassWire\glasswire.exe" -hide MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files\Smadav\SMΔRTP.exe rts MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Download_Version\TrayServer.exe MSCONFIG\startupreg: USB Gamepad => C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot MSCONFIG\startupreg: uTorrent => "C:\Users\m\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: VodafoneMobileWiFi => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: cFosNT Description: cFosNT Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: cFosNT Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Link-Layer Topology Discovery Mapper I/O Driver Description: Link-Layer Topology Discovery Mapper I/O Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: lltdio Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ehdrv Description: ehdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ehdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Link-Layer Topology Discovery Responder Description: Link-Layer Topology Discovery Responder Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: rspndr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/15/2017 12:31:29 AM) (Source: System Restore) (EventID: 8211) (User: ) Description: The scheduled restore point could not be created. Additional information: (0x8007043c). Error: (09/15/2017 12:31:29 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8007043c). Error: (09/14/2017 11:56:58 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error: (09/14/2017 11:46:36 PM) (Source: System Restore) (EventID: 8211) (User: ) Description: The scheduled restore point could not be created. Additional information: (0x8007043c). Error: (09/14/2017 11:46:36 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8007043c). Error: (09/14/2017 11:12:11 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error: (09/14/2017 09:46:29 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe -Embedding; Description = Configured Platform; Error = 0x8007043c). Error: (09/14/2017 09:45:47 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Video Capture SDK Delphi TRIAL; Error = 0x8007043c). Error: (09/14/2017 09:45:45 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Video Capture SDK Delphi TRIAL; Error = 0x8007043c). Error: (09/14/2017 09:27:09 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Users\m\AppData\Local\Temp\setB6B2.tmp -deleter -l0x9 -your_launchersetup.exe -clone_of"c:\program files\installshield installation information\{66ed8e01-c915-41f5-b33e-c5c31f27b885}\"; Description = Removed USB Network Driver; Error = 0x8007043c). System errors: ============= Error: (09/15/2017 01:22:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/15/2017 01:22:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/14/2017 11:56:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: The system cannot find the file specified. Error: (09/14/2017 11:54:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. Error: (09/14/2017 11:54:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ehdrv spldr Error: (09/14/2017 11:54:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error: (09/14/2017 11:54:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error: (09/14/2017 11:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. Error: (09/14/2017 11:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. Error: (09/14/2017 11:54:47 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:51:10 م on 14/09/2017 was unexpected. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of memory in use: 42% Total physical RAM: 1981.24 MB Available physical RAM: 1136.65 MB Total Virtual: 4262.48 MB Available Virtual: 3348.78 MB ==================== Drives ================================ Drive c: (MEMOREY) (Fixed) (Total:46.43 GB) (Free:16.81 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (FILMS ) (Fixed) (Total:141.58 GB) (Free:78.62 GB) NTFS Drive e: (WIN_UPDATES) (Fixed) (Total:139.33 GB) (Free:130.95 GB) NTFS Drive f: (MY FILES ) (Fixed) (Total:138.42 GB) (Free:44.84 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=46.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=419.3 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted September 15, 2017 ID:1163744 Share Posted September 15, 2017 His ESET NOD32 Antivirus is outdated. He should uninstall it and keep his SMADAV. Though I'm not sure I would recommend using it, since I've never heard of it before. Second FRST fix. Use the attached fixlist.txt. fixlist.txt Link to post Share on other sites More sharing options...
missybriarwood Posted September 15, 2017 Author ID:1163752 Share Posted September 15, 2017 Would you like me to send the fixlog afterwards? Link to post Share on other sites More sharing options...
Recommended Posts