Jump to content

Cleaning infections from friend's computer


Recommended Posts

I have a friend who says that their PC was hacked and subsequently infected. Their firewall doesn't work, their PC is running incredibly slow, their antivirus is gone, and they can't download or install anything. They also run Windows 7 Ultimate if that helps with anything. They did tell me that, if nothing else works, they have no problem with formatting (however I'd prefer that to be a last resort if possible).

Despite not being able to download anything I had them attempt to download Farbar to see if that would work at all. They were able to download FRST using a download manager so we're getting somewhere. :) They're still unable to install any programs, but they can at least use the download manager to download things.

I also wanted to note that my friend and I can only communicate online at the moment, though we can still send files to each other just fine. I'm only mentioning this in case it's of any importance.

Here are the Farbar logs:

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Replies 80
  • Created
  • Last Reply

Top Posters In This Topic

Hi missybriarwood :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Once your friend is done quarantining the threats detected by Malwarebytes, ask him to do the following.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

Link to post
Share on other sites

Hello Aura! Thank you for taking the time to assist us! :) Unfortunately, my friend says that no AdwCleaner log appeared after a restart, however they did provide a scan log from the program which I will post in the next reply, in case it'll help a little better than having no log at all.

I'll have to wait until tomorrow to send the RogueKiller log as it's taking a while for their scan to complete and I need to head to bed soon. I'll make sure to post it in the morning. :)

Edited by missybriarwood
Link to post
Share on other sites

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 01:24:21 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-13-2017.1
# Running on Windows 7 Ultimate (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, BackupStack
PUP.Optional.Legacy, NetHttpService
PUP.Optional.Legacy, ServiceUpdater
PUP.Optional.DefaultTab, DefaultTabSearch


***** [ Folders ] *****

Adware.Elex, C:\Windows\System32\SearchProtect
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver whiz
PUP.Optional.Legacy, C:\ProgramData\driver whiz
PUP.Optional.Legacy, C:\ProgramData\Application Data\driver whiz
PUP.Optional.Legacy, C:\Users\All Users\driver whiz
PUP.Optional.Legacy, C:\Users\m\AppData\Local\Mobogenie
PUP.Optional.Legacy, C:\Users\m\AppData\Local\VirtualStore\Program Files\Mobogenie
PUP.Optional.Legacy, C:\ProgramData\BetterSoft
PUP.Optional.Legacy, C:\ProgramData\Application Data\BetterSoft
PUP.Optional.Legacy, C:\Users\All Users\BetterSoft
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\BabSolution
PUP.Optional.Legacy, C:\Users\m\AppData\Local\Temp\DProtect
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\dvdvideosoftiehelpers
PUP.Optional.Legacy, C:\Users\m\AppData\Local\Temp\eIntaller
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\eIntaller
PUP.Optional.Legacy, C:\Users\m\AppData\Local\genienext
PUP.Optional.Legacy, C:\Users\m\AppData\Local\iLivid
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\iPumper
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper
PUP.Optional.Legacy, C:\Users\m\AppData\Local\Temp\mt_ffx
PUP.Optional.Legacy, C:\Program Files\OApps
PUP.Optional.Legacy, C:\ProgramData\RightClick
PUP.Optional.Legacy, C:\ProgramData\Application Data\RightClick
PUP.Optional.Legacy, C:\Users\All Users\RightClick
PUP.Optional.Legacy, C:\Program Files\SafeSaver
PUP.Optional.Legacy, C:\ProgramData\StarApp
PUP.Optional.Legacy, C:\ProgramData\Application Data\StarApp
PUP.Optional.Legacy, C:\Users\All Users\StarApp
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
PUP.Optional.Legacy, C:\Program Files\Uniblue
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Uniblue
PUP.Optional.Legacy, C:\Users\m\AppData\Local\Pokki
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\337
PUP.Optional.Conduit, C:\ProgramData\Conduit
PUP.Optional.Conduit, C:\ProgramData\Application Data\Conduit
PUP.Optional.Conduit, C:\Users\All Users\Conduit
PUP.Optional.Conduit, C:\Users\m\AppData\Local\Conduit
PUP.Optional.Conduit, C:\Users\m\AppData\LocalLow\Conduit
PUP.Optional.PriceGong, C:\Users\m\AppData\LocalLow\PriceGong
PUP.Optional.USTechSupport, C:\ProgramData\USTechSupport
PUP.Optional.USTechSupport, C:\ProgramData\Application Data\USTechSupport
PUP.Optional.USTechSupport, C:\Program Files\USTechSupport
PUP.Optional.USTechSupport, C:\Users\All Users\USTechSupport
PUP.Optional.USTechSupport, C:\Users\m\AppData\Roaming\USTechSupport
PUP.Optional.MyPCBackup, C:\Program Files\MyPC Backup
Rogue.ForcedExtension, C:\ProgramData\apn
Rogue.ForcedExtension, C:\ProgramData\Application Data\apn
Rogue.ForcedExtension, C:\Users\All Users\apn
PUP.Optional.TidyNetwork.A, C:\Users\m\AppData\Local\TNT2
PUP.Optional.APNToolBar.Gen, C:\Users\m\AppData\Local\Temp\APN-Stub
PUP.Optional.SoftwareUpdater.A, C:\Users\m\AppData\Local\SwvUpdater
PUP.Optional.Vittalia, C:\Program Files\Vittalia
PUP.Optional.DriverPack, C:\Program Files\DriverPack Notifier
PUP.Optional.DriverPack, C:\Users\m\AppData\Roaming\DriverPack Notifier
PUP.Optional.DriverPack, C:\Users\m\AppData\Roaming\DRPSu
PUP.Optional.SysTweak, C:\Users\m\AppData\Roaming\Systweak
PUP.Optional.TidyNetwork, C:\Users\m\AppData\Local\TNT2
PUP.Optional.MixiDJToolbar, C:\Users\m\AppData\LocalLow\mixidj
PUP.Optional.TornTV, C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
PUP.Optional.SimilarSites, C:\Program Files\SimilarSites
PUP.Optional.NextLive, C:\Users\m\AppData\Roaming\newnext.me
PUP.Adware.Heuristic, C:\Program Files\Optimizer Pro


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Hao123.lnk
PUP.Optional.Legacy, C:\Windows\System32\hfnapi.dll
PUP.Optional.Legacy, C:\END
PUP.Optional.Legacy, C:\Windows\System32\hfpapi.dll
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
PUP.Optional.Legacy, C:\Windows\System32\drivers\nethfdrv.sys
PUP.Optional.Legacy, C:\Windows\System32\roboot.exe
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\invalidprefs.js
PUP.Optional.Legacy, C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\searchplugins\search-here.xml
PUP.Optional.Uniblue, C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
PUP.Optional.NetworkUpdate, C:\Windows\System32\nethtsrv.exe
PUP.Adware.Heuristic, C:\Windows\System32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys
PUP.Adware.Heuristic, C:\Windows\System32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, Windows Updater
PUP.Optional.Legacy, gc_scheduler
PUP.Optional.Legacy, up_scheduler
PUP.Optional.Legacy, Escolade
PUP.Optional.Legacy, Driver Whiz-RTMRules
PUP.Optional.Legacy, Driver Whiz-RTMScan
PUP.Optional.Legacy, Driver Whiz-RTMUpdater
PUP.Optional.Legacy, windows updater
PUP.Optional.Uniblue, dsmonitor
PUP.Optional.RegCleanerPro, RegClean Pro


***** [ Registry ] *****

PUP.Optional.PCOptimizerPro, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownLite
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\DownLite
PUP.Optional.Legacy, [Key] - HKCU\Software\DownLite
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\BABSOLUTION
PUP.Optional.Legacy, [Key] - HKCU\Software\BABSOLUTION
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Cr_Installer
PUP.Optional.Legacy, [Key] - HKCU\Software\Cr_Installer
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\dosearchessoftware
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\DProtect
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Escolade
PUP.Optional.Legacy, [Key] - HKCU\Software\Escolade
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\FTdownloader V4.0
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTdownloader V4.0
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\FTdownloader V4.0
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\FTdownloader V4.0
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\ilivid
PUP.Optional.Legacy, [Key] - HKCU\Software\ilivid
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\InstalledBrowserExtensions
PUP.Optional.Legacy, [Key] - HKCU\Software\InstalledBrowserExtensions
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\PrivitizeVPNInstallDates
PUP.Optional.Legacy, [Key] - HKCU\Software\PrivitizeVPNInstallDates
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SP Global
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SProtector
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\SProtector
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\SProtector
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\StartSearch
PUP.Optional.Legacy, [Key] - HKCU\Software\StartSearch
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Uniblue
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | DisableAddonLoadTimePerformanceNotifications
PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKCU\Software\AppDataLow\Software\DefaultTab
PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\Default Tab
PUP.Optional.DefaultTab, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Default Tab
PUP.Optional.DefaultTab, [Key] - HKCU\Software\Default Tab
PUP.Optional.DefaultTab, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\AppDataLow\Software\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\ConduitSearchScopes
PUP.Optional.Conduit, [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
PUP.Optional.Uniblue, [Key] - HKLM\SOFTWARE\Uniblue\DriverScanner
PUP.Optional.BetterSurf, [Key] - HKLM\SOFTWARE\Better-Surf
PUP.Optional.PriceGong, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\PriceGong
PUP.Optional.PriceGong, [Key] - HKCU\Software\AppDataLow\Software\PriceGong
PUP.Optional.CrossRider, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider
PUP.Optional.CrossRider, [Key] - HKCU\Software\AppDataLow\Software\Crossrider
PUP.Optional.1ClickDownload, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
PUP.Optional.1ClickDownload, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\1ClickDownload
PUP.Optional.1ClickDownload, [Key] - HKCU\Software\1ClickDownload
PUP.Optional.383Media, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe
PUP.Optional.Delta.ShrtCln, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta LTD
PUP.Optional.Delta.ShrtCln, [Key] - HKCU\Software\delta LTD
PUP.Optional.MyPCBackup, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
PUP.Optional.WebBar, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Toolbar
PUP.Optional.WebBar, [Key] - HKCU\Software\AppDataLow\Toolbar
PUP.Optional.WeDownLoadManager, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\WEDLMNGR
PUP.Optional.WeDownLoadManager, [Key] - HKCU\Software\WEDLMNGR
PUP.Optional.SofTonicAssistant, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Softonic
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Softonic
PUP.Optional.Vittalia, [Key] - HKLM\SOFTWARE\Vittalia
PUP.Optional.Vittalia, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia
PUP.Optional.DriverPack, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverPack Notifier
PUP.Optional.DriverPack, [Key] - HKLM\SOFTWARE\drpsu
PUP.Optional.DriverPack, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\drpsu
PUP.Optional.DriverPack, [Key] - HKCU\Software\drpsu
PUP.Optional.InstallIQ, [Key] - HKLM\SOFTWARE\InstallIQ
PUP.Optional.CrossRider.C, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider
PUP.Optional.CrossRider.C, [Key] - HKCU\Software\AppDataLow\Software\Crossrider
PUP.Optional.SysTweak, [Key] - HKLM\SOFTWARE\systweak
PUP.Optional.SysTweak, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\systweak
PUP.Optional.SysTweak, [Key] - HKCU\Software\systweak
PUP.Optional.OpenSoftware.Updater, [Key] - HKLM\SOFTWARE\SoftwareUpdater
PUP.Optional.TidyNetwork, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\TNT2
PUP.Optional.TidyNetwork, [Key] - HKCU\Software\TNT2
PUP.Optional.TidyNetwork, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
PUP.Optional.RegCleanPro, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
PUP.Optional.Delta, [Key] - HKLM\SOFTWARE\delta
PUP.Optional.Delta, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta
PUP.Optional.Delta, [Key] - HKCU\Software\delta
PUP.Optional.BrowseFox, [Key] - HKLM\SOFTWARE\LemurLeap
PUP.Optional.BrowseFox, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\LemurLeap
PUP.Optional.BrowseFox, [Key] - HKCU\Software\LemurLeap
PUP.Optional.DefaultTab.A, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
PUP.Optional.DefaultTab.A, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
PUP.Optional.BrowseFox.A, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
PUP.Optional.Webexp, [Key] - HKLM\SOFTWARE\Webexp Enhanced
Trojan.Agent.E.Generic, [Key] - HKLM\SOFTWARE\hosts
Trojan.Agent.E.Generic, [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\hosts
Trojan.Agent.E.Generic, [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\hosts
Trojan.Agent.E.Generic, [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\hosts
Trojan.Agent.E.Generic, [Key] - HKCU\Software\AppDataLow\Software\hosts
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO.1
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox.1
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3289075
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup-r834-n-bi.exe
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\Applications\iMeshSetup-r1443-n-bf.exe
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35c60f99-ae77-4499-a9ce-90b8ac96ac65}
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Link to post
Share on other sites

RogueKiller V12.11.14.0 [Sep 11 2017] (Free) ÈæÇÓØÉ ÈÑäÇãÌ Adlice
ÇáÈÑíÏ ÇáÅáßÊÑæäí : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
ÇáãæÞÚ : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

äÙÇã ÇáÊÔÛíá : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
íÈÏà Ýí  :
ÇáãÓÊÎÏã : PANDA [ãÓÄæá]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
ÇáæÖÚ : ÝÍÕ -- Çáíæã : 09/14/2017 04:29:06 (Duration : 05:06:02)

¤¤¤ ÇáÚãáíÉ : 0 ¤¤¤

¤¤¤ ÇáãÓÌá : 31 ¤¤¤
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311551174} (C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll) -> ???
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322552274} (C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll) -> ???
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} (C:\Program Files\OApps\SelectionLinks.dll) -> ???
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} (C:\ProgramData\Browase2saaVE\51658cb8edef5.dll) -> ???
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\babylontoolbar -> ???
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551174} (C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll) -> ???
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} (C:\ProgramData\Browase2saaVE\51658cb8edef5.dll) -> ???
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> ???
[VT.Unknown] HKEY_USERS\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : C:\AdwCleaner\AdwCleaner[C0].txt [-] -> ???
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> ???
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> ???
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DefaultTabSearch (C:\Program Files\DefaultTab\DefaultTabSearch.exe) -> ???
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DPService (C:\Users\m\AppData\Local\DProtect\DProtectSvc.exe) -> ???
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> ???
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> ???
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> ???
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update LemurLeap ("C:\Program Files\LemurLeap\updateLemurLeap.exe") -> ???
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Util LemurLeap ("C:\Program Files\LemurLeap\bin\utilLemurLeap.exe") -> ???
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ???
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ???
[PUM.HomePage] HKEY_USERS\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 -> ???
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ???
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ???
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ???
[PUM.HomePage] HKEY_USERS\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043 -> ???
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919 -> ???
[Root.ZeroAccess] HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | (default) : C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a\n. [x] -> ???
[Root.ZeroAccess] HKEY_CLASSES_ROOT\CLSID\{5839fca9-774d-42a1-acda-d6a79037f57f}\InprocServer32 | (default) : C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a\n. [x] -> ???
[Hj.Shortcut] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | (default) : C:\Program Files\Mozilla Firefox\firefox.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1379759180 -> ???
[Hj.Shortcut] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | (default) : C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1379759134 -> ???
[Hj.Shortcut] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command | (default) : "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1500242882 -> ???

¤¤¤ ÇáãåÇã : 3 ¤¤¤
[PUP.Gen1] %WINDIR%\Tasks\FTdownloader V4.0-codedownloader.job -- C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe (/reinstallapp /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1381989767 /statsdomain=http://stats.datasrvstats.com /errorsdomain=http://errors.datasrvstats.com /codedownloaddomain=http://cr.install-daddy.com /allusers /externallog='') -> ???
[PUP.Gen1] %WINDIR%\Tasks\FTdownloader V4.0-enabler.job -- C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exe (/enablebho /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=http://stats.datasrvstats.com /errorsdomain=http://errors.datasrvstats.com /bhoguid=11111111-1111-1111-1111-110311551174 /allusers /externallog='') -> ???
[PUP.Gen1] %WINDIR%\Tasks\FTdownloader V4.0-updater.job -- C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-updater.exe (/runupdater /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=http://stats.datasrvstats.com /errorsdomain=http://errors.datasrvstats.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.datasrvstats.com /updaterversion=1 /externallog='') -> ???

¤¤¤ ÇáãáÝÇÊ : 15 ¤¤¤
[PUP.Gen1][ãáÝ] C:\ProgramData\Babylon -> ???
[PUP.Gen1][ãáÝ] C:\ProgramData\Trymedia -> ???
[Hj.Shortcut][ãáÝ] C:\Users\m\Desktop\firefox - Shortcut.lnk [LNK@] C:\PROGRA~1\MOZILL~1\firefox.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1500242882 -> ???
[PUP.Gen1][ãáÝ] C:\Users\m\AppData\Roaming\Babylon -> ???
[PUP.Gen1][ãáÝ] C:\Users\m\AppData\Local\Babylon -> ???
[Tr.Gen0][ãáÝ] C:\Users\m\AppData\Local\Temp\1.txt -> ???
[PUP.Gen0][ãáÝ] C:\Users\m\AppData\Local\Temp\mrtA727.tmp\stdrt.exe -> ???
[PUP.Gen1][ãáÝ] C:\ProgramData\Babylon -> ???
[PUP.Gen1][ãáÝ] C:\ProgramData\Trymedia -> ???
[Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a\L -> ???
[Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a\U -> ???
[Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a\L -> ???
[Root.ZeroAccess][ãáÝ] C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a\U -> ???
[PUP.Gen3][ãáÝ] C:\Program Files\Mozilla Firefox\searchplugins\dosearches.xml -> ???
[Hj.Shortcut][ãáÝ] C:\Users\m\Desktop\firefox - Shortcut.lnk [LNK@] C:\PROGRA~1\MOZILL~1\firefox.exe http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1500242882 -> ???

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ ãáÝ ÇáåæÓÊ : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: ãÍãá) ¤¤¤

¤¤¤ ÇáãÊÕÝÍ : 5 ¤¤¤
[PUM.HomePage][Firefox:Config] m78g5t0e.default : user_pref("browser.startup.homepage", "http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064"); -> ???
[PUM.NewTab][Firefox:Config] m78g5t0e.default : user_pref("browser.newtab.url", "http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064"); -> ???
[PUM.SearchEngine][Firefox:Config] m78g5t0e.default : user_pref("browser.search.selectedEngine", "dosearches"); -> ???
[PUM.SearchEngine][Firefox:Config] m78g5t0e.default : user_pref("browser.search.defaultenginename", "dosearches"); -> ???
[PUM.HomePage][Chrome:Config] Default : homepage [http://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1403975740] -> ???

¤¤¤ ÝÍÕ Çá MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] a049eaa7f50472b2afd4437686db7019
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 47543 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 97369965 | Size: 429393 MB
User = LL1 ... OK
User = LL2 ... OK

 

Link to post
Share on other sites

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 01:42:16 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Ultimate (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: BackupStack
Deleted: NetHttpService
Deleted: ServiceUpdater
Deleted: DefaultTabSearch


***** [ Folders ] *****

Deleted: C:\Windows\System32\SearchProtect
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver whiz
Deleted: C:\ProgramData\driver whiz
Deleted: C:\ProgramData\Application Data\driver whiz
Deleted: C:\Users\All Users\driver whiz
Deleted: C:\Users\m\AppData\Local\Mobogenie
Deleted: C:\Users\m\AppData\Local\VirtualStore\Program Files\Mobogenie
Deleted: C:\ProgramData\BetterSoft
Deleted: C:\ProgramData\Application Data\BetterSoft
Deleted: C:\Users\All Users\BetterSoft
Deleted: C:\Users\m\AppData\Roaming\BabSolution
Deleted: C:\Users\m\AppData\Local\Temp\DProtect
Deleted: C:\Users\m\AppData\Roaming\dvdvideosoftiehelpers
Deleted: C:\Users\m\AppData\Local\Temp\eIntaller
Deleted: C:\Users\m\AppData\Roaming\eIntaller
Deleted: C:\Users\m\AppData\Local\genienext
Deleted: C:\Users\m\AppData\Local\iLivid
Deleted: C:\Users\m\AppData\Roaming\iPumper
Deleted: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper
Deleted: C:\Users\m\AppData\Local\Temp\mt_ffx
Deleted: C:\Program Files\OApps
Deleted: C:\ProgramData\RightClick
Deleted: C:\ProgramData\Application Data\RightClick
Deleted: C:\Users\All Users\RightClick
Deleted: C:\Program Files\SafeSaver
Deleted: C:\ProgramData\StarApp
Deleted: C:\ProgramData\Application Data\StarApp
Deleted: C:\Users\All Users\StarApp
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Deleted: C:\Program Files\Uniblue
Deleted: C:\Users\m\AppData\Roaming\Uniblue
Deleted: C:\Users\m\AppData\Local\Pokki
Deleted: C:\Users\m\AppData\Roaming\337
Deleted: C:\ProgramData\Conduit
Deleted: C:\ProgramData\Application Data\Conduit
Deleted: C:\Users\All Users\Conduit
Deleted: C:\Users\m\AppData\Local\Conduit
Deleted: C:\Users\m\AppData\LocalLow\Conduit
Deleted: C:\Users\m\AppData\LocalLow\PriceGong
Deleted: C:\ProgramData\USTechSupport
Deleted: C:\ProgramData\Application Data\USTechSupport
Deleted: C:\Program Files\USTechSupport
Deleted: C:\Users\All Users\USTechSupport
Deleted: C:\Users\m\AppData\Roaming\USTechSupport
Deleted: C:\Program Files\MyPC Backup
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Users\m\AppData\Local\TNT2
Deleted: C:\Users\m\AppData\Local\Temp\APN-Stub
Deleted: C:\Users\m\AppData\Local\SwvUpdater
Deleted: C:\Program Files\Vittalia
Deleted: C:\Program Files\DriverPack Notifier
Deleted: C:\Users\m\AppData\Roaming\DriverPack Notifier
Deleted: C:\Users\m\AppData\Roaming\DRPSu
Deleted: C:\Users\m\AppData\Roaming\Systweak
Deleted: C:\Users\m\AppData\Local\TNT2
Deleted: C:\Users\m\AppData\LocalLow\mixidj
Deleted: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Deleted: C:\Program Files\SimilarSites
Deleted: C:\Users\m\AppData\Roaming\newnext.me
Deleted: C:\Program Files\Optimizer Pro


***** [ Files ] *****

Deleted: C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
Deleted: C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Hao123.lnk
Deleted: C:\Windows\System32\hfnapi.dll
Deleted: C:\END
Deleted: C:\Windows\System32\hfpapi.dll
Deleted: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Deleted: C:\Windows\System32\drivers\nethfdrv.sys
Deleted: C:\Windows\System32\roboot.exe
Deleted: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\invalidprefs.js
Deleted: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\searchplugins\search-here.xml
Deleted: C:\Users\m\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
Deleted: C:\Windows\System32\nethtsrv.exe
Deleted: C:\Windows\System32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys
Deleted: C:\Windows\System32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Windows Updater
Deleted: gc_scheduler
Deleted: up_scheduler
Deleted: Escolade
Deleted: Driver Whiz-RTMRules
Deleted: Driver Whiz-RTMScan
Deleted: Driver Whiz-RTMUpdater
Deleted: windows updater
Deleted: dsmonitor
Deleted: RegClean Pro


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownLite
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\DownLite
Deleted: [Key] - HKCU\Software\DownLite
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\BABSOLUTION
Deleted: [Key] - HKCU\Software\BABSOLUTION
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Cr_Installer
Deleted: [Key] - HKCU\Software\Cr_Installer
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Deleted: [Key] - HKLM\SOFTWARE\dosearchessoftware
Deleted: [Key] - HKLM\SOFTWARE\DProtect
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Escolade
Deleted: [Key] - HKCU\Software\Escolade
Deleted: [Key] - HKLM\SOFTWARE\FTdownloader V4.0
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTdownloader V4.0
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\FTdownloader V4.0
Deleted: [Key] - HKCU\Software\AppDataLow\Software\FTdownloader V4.0
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\ilivid
Deleted: [Key] - HKCU\Software\ilivid
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\InstalledBrowserExtensions
Deleted: [Key] - HKCU\Software\InstalledBrowserExtensions
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\PrivitizeVPNInstallDates
Deleted: [Key] - HKCU\Software\PrivitizeVPNInstallDates
Deleted: [Key] - HKLM\SOFTWARE\SP Global
Deleted: [Key] - HKLM\SOFTWARE\SProtector
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\SProtector
Deleted: [Key] - HKCU\Software\AppDataLow\SProtector
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\StartSearch
Deleted: [Key] - HKCU\Software\StartSearch
Deleted: [Key] - HKLM\SOFTWARE\Uniblue
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted: [Key] - HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Deleted: [Key] - HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications
Deleted: [Key] - HKLM\SOFTWARE\DefaultTab
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\DefaultTab
Deleted: [Key] - HKCU\Software\AppDataLow\Software\DefaultTab
Deleted: [Key] - HKLM\SOFTWARE\Default Tab
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Default Tab
Deleted: [Key] - HKCU\Software\Default Tab
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKLM\SOFTWARE\Uniblue\DriverScanner
Deleted: [Key] - HKLM\SOFTWARE\Better-Surf
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKCU\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\1ClickDownload
Deleted: [Key] - HKCU\Software\1ClickDownload
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta LTD
Deleted: [Key] - HKCU\Software\delta LTD
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Toolbar
Deleted: [Key] - HKCU\Software\AppDataLow\Toolbar
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\WEDLMNGR
Deleted: [Key] - HKCU\Software\WEDLMNGR
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\Vittalia
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverPack Notifier
Deleted: [Key] - HKLM\SOFTWARE\drpsu
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu
Deleted: [Key] - HKLM\SOFTWARE\InstallIQ
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\systweak
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\systweak
Deleted: [Key] - HKCU\Software\systweak
Deleted: [Key] - HKLM\SOFTWARE\SoftwareUpdater
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\TNT2
Deleted: [Key] - HKCU\Software\TNT2
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Deleted: [Key] - HKLM\SOFTWARE\delta
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\delta
Deleted: [Key] - HKCU\Software\delta
Deleted: [Key] - HKLM\SOFTWARE\LemurLeap
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\LemurLeap
Deleted: [Key] - HKCU\Software\LemurLeap
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted: [Key] - HKLM\SOFTWARE\Webexp Enhanced
Deleted: [Key] - HKLM\SOFTWARE\hosts
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\hosts
Deleted: [Key] - HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\AppDataLow\Software\hosts
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\hosts
Deleted: [Key] - HKCU\Software\AppDataLow\Software\hosts
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.BHO.1
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox
Deleted: [Key] - HKLM\SOFTWARE\Classes\CrossriderApp0035574.Sandbox.1
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetup-r834-n-bi.exe
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iMeshSetup-r1443-n-bf.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35c60f99-ae77-4499-a9ce-90b8ac96ac65}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [22890 B] - [2017/9/14 1:24:21]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2017 02
Ran by m (administrator) on M-PC (14-09-2017 17:36:26)
Running from C:\Users\m\Desktop
Loaded Profiles: m (Available Profiles: m)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode:
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Intel) C:\Program Files\Intel Driver Update Utility\DSAService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe
(Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
(Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1846384 2017-06-16] (Smadsoft)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2154096 2011-04-06] (VIA)
HKLM\...\Run: [DSATray] => C:\Program Files\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel)
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [8221896 2017-06-16] (FreeDownloadManager.org)
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac496-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac4a5-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-06] (Microsoft Corporation)
Startup: C:\Users\m\AppData\Local\Start\MyPC Backup.lnk [2014-07-16]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{3EB0E13E-8E45-44F4-A10A-E9A7A210659F}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{675DCF96-BE84-4AB1-9C1A-79DC33B55311}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{841212F6-ACA9-439B-892E-F89B86FD40A8}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{848E9A04-C2AF-4161-821E-4F6DE4FDF04E}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{91F7C5A3-837D-4989-BD38-E98D67CD7D50}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{EC8B69B7-2A1B-489B-8AC1-1876D8627DE5}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{FFD0D415-57EB-4C71-B80A-CE53A5D1FB98}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabic.arabia.msn.com/?ocid=iehp
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043
URLSearchHook: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File
URLSearchHook: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=52461078D244774B&affID=120695&tsp=4954
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1404551398&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {446F0CFE-F4F0-46E1-9000-A1756964F954} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282495&CUI=UN17744103336735511&UM=1
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} URL = hxxp://search.us.com/serp?guid={8974B658-4B16-4498-AA13-1593888CFF35}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=225
BHO: FTdownloader V4.0 -> {11111111-1111-1111-1111-110311551174} -> C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll => No File
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2012-04-07] (RealPlayer)
BHO: Media View -> {48dd38e3-4119-4895-8961-0d7bd17fe190} -> C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ie\MediaViewV1alpha4983.dll [2014-02-27] ()
BHO: . -> {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File
BHO: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll => No File
BHO: Browase2saaVE -> {A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} -> C:\ProgramData\Browase2saaVE\51658cb8edef5.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File
Toolbar: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> uTorrentControl_v6 Toolbar - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6 Freeware\RNetPin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default [2017-09-14]
FF user.js: detected! => C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\user.js [2013-07-26]
FF NewTab: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches
FF Homepage: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064
FF Session Restore: Mozilla\Firefox\Profiles\m78g5t0e.default -> is enabled.
FF Extension: (Browase2saaVE) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\cmt0zpnvfv@kuiiiu.net [2012-04-10] [not signed]
FF Extension: (alnaddyToolbar.com) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\ffxtlbr@alnaddyToolbar.com [2012-04-10] [not signed]
FF Extension: (Fast Search by Surf Canyon) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} [2014-02-03] [not signed]
FF Extension: (SuperSmashBros ) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{d1bf4285-e49f-447e-8249-976311c07344} [2014-07-02] [not signed]
FF Extension: (Media View) - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff [2014-03-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: (RealPlayer Browser Record Plugin) - C:\Program Files\Real\RealPlayer\browserrecord [2012-04-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff => not found
FF HKLM\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: (Mozilla Auto-Update) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-11-03] [not signed]
FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff => not found
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff => not found
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha153.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha153\ff => not found
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha310.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha310\ff => not found
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha4983.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home6866.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home6866\ff => not found
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-05-26] [not signed]
FF HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tightropeinteractive.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll [No File]
FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tnt2ghost.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-09] (Nullsoft, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [boipimhfjpakfgckhbljjengakjhkcbp] - C:\Users\m\AppData\Roaming\BabSolution\CR\mixiDj.crx <not found>
CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\m\AppData\Roaming\BabSolution\CR\Delta.crx <not found>
CHR HKLM\...\Chrome\Extension: [gmdoiobfkangimkkodmdklhdlnkmpljc] - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ch\MediaViewV1alpha4983.crx [2014-02-27]
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx <not found>
CHR HKLM\...\Chrome\Extension: [iijdejcjlbgbpkdjanfjanndnffpkfdl] - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.6.9.16\alnaddyToolbar.crx <not found>
CHR HKLM\...\Chrome\Extension: [jlnfdbbladgcmhhamgkioifhbobjaoof] - C:\Program Files\LemurLeap\jlnfdbbladgcmhhamgkioifhbobjaoof.crx <not found>
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx <not found>
CHR HKLM\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files\FTDownloader.com\FTDownloader10.crx <not found>
CHR HKLM\...\Chrome\Extension: [nohggfehlfggmhadohogpgfipdbegokp] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha153\ch\WebexpEnhancedV1alpha153.crx <not found>
CHR HKLM\...\Chrome\Extension: [ojgckilddijehegemacdfpflendgdemi] - C:\Program Files\MediaWatchV1\MediaWatchV1home6866\ch\MediaWatchV1home6866.crx <not found>
CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx <not found>
CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>
CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx [2013-06-15]
CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx [2013-05-29]

Opera:
=======
OPR Extension: (LemurLeap) - C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli [2017-06-30]
StartMenuInternet: (HKLM) Opera - F:\برامج\المخزن\Opera.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1402902953

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BAVSvc; C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe [1554280 2013-07-08] (Baidu, Inc.)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
S4 cFosSpeedS; C:\network\spd.exe [476504 2017-03-30] (cFos Software GmbH)
R2 DSAService; C:\Program Files\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel)
S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
S4 Etisalat 3.75G USB Modem. RunOuc; F:\ETT\Etisalat 3.75G USB Modem\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 GlassWire; C:\Program Files\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC)
S4 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
S4 PCFasterSvc_{PCFaster_3.6.0.35848}; C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFasterSvc.exe [567792 2013-07-12] (Baidu Inc.) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S4 cfos6linksrv; "C:\Program Files\cfos6link\cfos6link.exe" -service [X]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2015-02-03] (BlueStack Systems)
R3 cfos6link; C:\Windows\System32\DRIVERS\cfos6link.sys [525016 2010-05-03] (cFos Software GmbH)
R3 cFosBC; C:\Windows\System32\DRIVERS\cfosbc6.sys [323288 2009-04-09] (cFos Software GmbH)
S2 cFosNT; C:\Windows\System32\Drivers\cFosNT.sys [1314520 2014-02-05] (cFos Software GmbH)
R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1099096 2017-03-30] (cFos Software GmbH)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43344 2013-10-13] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
S4 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-29] (SecureMix LLC)
S3 hid7906; C:\Windows\System32\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation)
S3 hid8101; C:\Windows\System32\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation)
S3 hid8103; C:\Windows\System32\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-03-07] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2011-11-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [195072 2012-03-07] (Huawei Technologies Co., Ltd.)
S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2013-06-03] () [File not signed]
S3 NPF; C:\Windows\System32\drivers\npf.sys [32512 2005-08-03] (CACE Technologies) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2011-03-29] (VIA Technologies, Inc.)
S3 h647906; system32\drivers\h647906.sys [X]
S3 h648101; system32\drivers\h648101.sys [X]
S3 h648103; system32\drivers\h648103.sys [X]
S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 tghxxxuf; \??\C:\Windows\system32\drivers\tghxxxuf.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w; system32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys [X]
S1 {910baceb-efc0-4fe2-bc67-ee485894a7c4}w; system32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-07 16:31 - 2017-11-07 16:31 - 000002626 _____ C:\Users\m\Downloads\legitcheck.hta
2017-09-14 17:36 - 2017-09-14 17:41 - 000025205 _____ C:\Users\m\Desktop\FRST.txt
2017-09-14 17:31 - 2017-09-14 17:31 - 001794048 _____ (Farbar) C:\Users\m\Desktop\FRST.exe
2017-09-14 17:31 - 2017-09-14 17:31 - 000000000 ____D C:\Users\m\Desktop\FRST-OlderVersion
2017-09-14 04:29 - 2017-09-14 04:29 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-14 04:28 - 2017-09-14 10:26 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-14 04:26 - 2017-09-14 04:26 - 000001008 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-14 04:26 - 2017-09-14 04:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-14 04:25 - 2017-09-14 17:02 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-14 04:18 - 2017-09-11 10:46 - 035835424 _____ (Adlice Software ) C:\Users\m\Desktop\setup.exe
2017-09-14 03:12 - 2017-09-14 03:42 - 000000000 ____D C:\AdwCleaner
2017-09-14 00:56 - 2017-09-14 17:14 - 000006054 _____ C:\Users\m\Desktop\SMADAV log.txt
2017-09-13 21:39 - 2017-09-14 14:18 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-13 21:37 - 2017-09-14 14:18 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-13 21:36 - 2017-09-14 14:17 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-13 21:36 - 2017-09-13 21:36 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-13 21:36 - 2017-09-13 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-13 21:36 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-13 19:17 - 2017-09-14 17:36 - 000000000 ____D C:\FRST
2017-09-09 19:34 - 2017-09-09 19:34 - 000000000 ____D C:\Users\m\AppData\Roaming\com.mcleodgaming.ssf2
2017-09-09 19:02 - 2017-09-09 19:02 - 000001060 _____ C:\Users\Public\Desktop\Super Smash Flash 2 Beta.lnk
2017-09-09 19:02 - 2017-09-09 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Smash Flash 2 Beta
2017-09-09 18:53 - 2017-09-09 19:02 - 000000000 ____D C:\Program Files\Super Smash Flash 2 Beta
2017-09-09 05:57 - 2017-09-09 06:00 - 000000000 ____D C:\ProgramData\Intel
2017-09-09 05:56 - 2017-09-09 06:00 - 000000000 ____D C:\Program Files\Intel Driver Update Utility
2017-09-09 05:56 - 2017-09-09 05:56 - 000001125 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.9.lnk
2017-09-09 05:56 - 2017-09-09 05:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-09-09 02:29 - 2004-09-27 22:25 - 000081920 _____ C:\Windows\system32\xmltok.dll
2017-09-09 02:29 - 2004-09-27 22:25 - 000053248 _____ C:\Windows\system32\xmlparse.dll
2017-09-09 02:29 - 2003-10-08 15:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.dll
2017-09-09 02:29 - 2003-10-08 15:29 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.dll
2017-09-06 04:40 - 2017-07-24 21:09 - 000786912 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2017-09-06 04:40 - 2017-07-24 21:09 - 000109024 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2017-08-25 00:39 - 2017-08-25 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (February 2010)
2017-08-25 00:39 - 2010-02-04 20:22 - 002719064 _____ (Microsoft Corporation) C:\Windows\system32\d3d9d.dll
2017-08-25 00:39 - 2010-02-04 20:22 - 000955224 _____ (Microsoft Corporation) C:\Windows\system32\XAudioD2_6.dll
2017-08-25 00:39 - 2010-02-04 20:22 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineD3_6.dll
2017-08-25 00:39 - 2010-02-04 20:22 - 000132952 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFXD1_4.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 005516120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCSXd_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 003795800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9d_33.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 002149208 _____ (Microsoft Corporation) C:\Windows\system32\D3dx9d_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000500056 _____ (Microsoft Corporation) C:\Windows\system32\D3D11Ref.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000497496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX10d_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000496472 _____ (Microsoft Corporation) C:\Windows\system32\D3D11SDKLayers.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000442712 _____ (Microsoft Corporation) C:\Windows\system32\D3D10SDKLayers.DLL
2017-08-25 00:39 - 2010-02-04 20:21 - 000434008 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineA3_6.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Ref.DLL
2017-08-25 00:39 - 2010-02-04 20:21 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\d3dref9.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000252248 _____ (Microsoft Corporation) C:\Windows\system32\D3DX11d_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000045400 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudioD1_7.dll
2017-08-25 00:37 - 2017-08-25 00:39 - 000000000 ____D C:\Program Files\Microsoft DirectX SDK (February 2010)
2017-08-25 00:37 - 2017-08-25 00:36 - 000118104 _____ (Microsoft Corporation) C:\Windows\dxsdkuninst.exe
2017-08-24 21:24 - 2017-08-24 21:29 - 000001089 _____ C:\Users\m\Desktop\Continue XePlayer_Setup Installation.lnk
2017-08-24 17:55 - 2017-08-24 18:04 - 000000000 ____D C:\Users\m\AppData\Local\Zone Builder
2017-08-24 17:53 - 2017-08-24 17:53 - 000000000 ____D C:\Program Files\Zone Builder
2017-08-22 23:59 - 2017-08-22 23:59 - 000000000 ____D C:\Users\m\AppData\Local\doomseeker
2017-08-22 23:58 - 2017-08-23 00:02 - 000000000 ____D C:\Users\m\AppData\Roaming\.doomseeker
2017-08-21 18:12 - 2017-08-21 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SLADE
2017-08-20 17:08 - 2017-09-09 02:39 - 000000000 ____D C:\Program Files\SLADE
2017-08-20 17:07 - 2017-08-22 02:53 - 000000000 ____D C:\Users\m\AppData\Roaming\SLADE3
2017-08-20 17:07 - 2015-07-18 15:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-08-20 17:00 - 2017-09-09 05:55 - 000000000 ____D C:\ProgramData\Package Cache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-14 17:13 - 2016-12-21 01:51 - 000000000 ____D C:\Program Files\SMADAV
2017-09-14 17:02 - 2012-04-10 17:43 - 000000820 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-09-14 14:17 - 2013-10-17 08:04 - 000001210 _____ C:\Windows\Tasks\FTdownloader V4.0-updater.job
2017-09-14 14:17 - 2013-10-17 08:04 - 000001204 _____ C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job
2017-09-14 14:17 - 2013-10-17 08:04 - 000001114 _____ C:\Windows\Tasks\FTdownloader V4.0-enabler.job
2017-09-14 14:17 - 2012-04-10 17:43 - 000000816 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-09-14 14:17 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-14 09:45 - 2017-06-30 08:55 - 000001441 _____ C:\Users\m\Desktop\firefox - Shortcut.lnk
2017-09-14 08:57 - 2012-04-07 09:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-14 05:42 - 2013-11-04 07:00 - 000000000 ____D C:\Users\m\AppData\Local\CrashDumps
2017-09-14 04:18 - 2017-06-30 12:25 - 000000000 ____D C:\Users\m\AppData\Local\Free Download Manager
2017-09-14 03:39 - 2013-10-15 19:04 - 000000000 ____D C:\Users\m\AppData\Local\GC
2017-09-14 02:14 - 2014-01-31 14:15 - 000000000 ____D C:\Program Files\MediaPlayerV1
2017-09-14 01:25 - 2013-07-27 00:10 - 000000000 ____D C:\Users\m\AppData\LocalLow\Delta
2017-09-14 01:25 - 2013-07-26 01:01 - 000000000 ____D C:\Program Files\Delta
2017-09-12 19:46 - 2017-06-30 19:39 - 000000000 ____D C:\Users\m\AppData\Roaming\discord
2017-09-12 14:52 - 2017-07-01 08:34 - 000000000 ____D C:\Windows\pss
2017-09-12 14:52 - 2013-05-24 18:10 - 024547056 _____ C:\Windows\ntbtlog.txt
2017-09-10 20:16 - 2013-07-04 14:34 - 000000000 ____D C:\Users\m\AppData\Local\ElevatedDiagnostics
2017-09-10 18:46 - 2012-04-07 08:41 - 000006362 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-10 14:03 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-09 19:33 - 2014-06-17 06:28 - 000000000 ____D C:\Users\m\Documents\GTA Vice City User Files
2017-09-09 19:33 - 2013-10-17 12:25 - 000000000 ___RD C:\Users\m\Desktop\net
2017-09-09 19:33 - 2013-08-17 22:18 - 000000000 ____D C:\Users\m\Desktop\New folder
2017-09-09 19:26 - 2013-06-24 15:04 - 000000000 ____D C:\Users\m\Desktop\super sonic
2017-09-09 19:26 - 2012-04-24 07:53 - 000000000 ____D C:\Users\m\Documents\bloons
2017-09-09 17:35 - 2017-07-15 22:17 - 000000661 _____ C:\Users\m\Desktop\klcp_codec_log.txt
2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagwrn.xml
2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagerr.xml

==================== Files in the root of some directories =======

2005-04-08 04:16 - 2017-07-16 18:26 - 000014065 ____H () C:\Users\m\AppData\Roaming\mlog.dat
2013-08-16 00:50 - 2013-08-16 00:50 - 000024232 _____ () C:\Users\m\AppData\Roaming\UserTile.png
2013-05-31 17:20 - 2014-07-16 10:24 - 000016896 _____ () C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 11:16 - 2017-07-01 15:47 - 000007597 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg
2013-09-05 12:51 - 2013-09-05 12:51 - 000048402 ___SH () C:\Users\m\AppData\Local\ws_updater.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a

Some files in TEMP:
====================
2017-07-16 00:37 - 2017-07-16 00:37 - 000438272 _____ () C:\Users\m\AppData\Local\Temp\1600929_Server-Remote3.exe
2013-09-21 12:21 - 2013-09-21 12:27 - 013540568 _____ (Mozilla) C:\Users\m\AppData\Local\Temp\25535-662733-mozilla-firefox.exe
2017-08-24 17:56 - 2017-08-24 17:56 - 000099328 _____ () C:\Users\m\AppData\Local\Temp\3908698273.dll
2014-07-16 09:57 - 2014-07-16 10:16 - 063210976 _____ (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\39874-673288-microsoft-powerpoint-viewer-2003.exe
2014-07-16 09:56 - 2014-07-16 09:56 - 000906056 _____ () C:\Users\m\AppData\Local\Temp\74QQINSTALLER.EXE
2014-07-16 09:56 - 2014-07-16 09:56 - 000572432 _____ () C:\Users\m\AppData\Local\Temp\74QQLoading.EXE
2014-02-03 10:20 - 2014-02-03 10:20 - 000036864 _____ () C:\Users\m\AppData\Local\Temp\7lyh2g2-.dll
2014-03-29 20:20 - 2014-03-29 20:20 - 000649723 _____ (Media Watch) C:\Users\m\AppData\Local\Temp\appinstall.exe
2013-07-01 23:54 - 2014-01-27 08:36 - 010355400 _____ () C:\Users\m\AppData\Local\Temp\BackupSetup.exe
2013-12-01 09:14 - 2013-12-01 09:14 - 000490391 _____ (Better-Surf) C:\Users\m\AppData\Local\Temp\Better-Surf.exe
2013-11-22 10:59 - 2013-11-22 10:59 - 000487007 _____ (BetterSurf) C:\Users\m\AppData\Local\Temp\BetterSurf.exe
2013-12-15 09:14 - 2013-12-15 09:14 - 000949472 _____ (Better Surf) C:\Users\m\AppData\Local\Temp\BetterSurfPlusV1Installer.exe
2013-09-25 20:26 - 2013-09-25 20:26 - 000545576 _____ () C:\Users\m\AppData\Local\Temp\binary.exe
2014-07-03 20:49 - 2014-07-03 20:49 - 013142271 _____ (                                                            ) C:\Users\m\AppData\Local\Temp\ChickenInvaders3Setup29695.exe
2013-09-09 09:19 - 2014-02-04 10:18 - 000346000 _____ (Adobe Systems Incorporated) C:\Users\m\AppData\Local\Temp\Creative Cloud Helper.exe
2013-07-18 11:11 - 2013-07-18 11:11 - 000826280 _____ (Baidu Inc.) C:\Users\m\AppData\Local\Temp\crp6318.exe
2013-07-18 11:11 - 2013-07-18 11:11 - 000294352 _____ (Baidu.com) C:\Users\m\AppData\Local\Temp\crp6922.exe
2017-09-14 04:28 - 2013-08-29 03:50 - 001289096 _____ (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\dllnt_dump.dll
2013-12-11 13:08 - 2013-12-11 13:08 - 001338136 _____ (@) C:\Users\m\AppData\Local\Temp\DownloadManager.exe
2014-07-11 21:51 - 2014-07-11 21:51 - 000485376 _____ () C:\Users\m\AppData\Local\Temp\drvinstal1.exe
2012-04-12 12:56 - 2012-04-12 13:05 - 017605512 _____ (Adobe Systems Incorporated) C:\Users\m\AppData\Local\Temp\fp_pl_pfs_installer.exe
2014-03-14 19:57 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\m\AppData\Local\Temp\GLF3150.EXE
2014-03-14 20:02 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\m\AppData\Local\Temp\GLF8317.EXE
2014-03-14 19:57 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\m\AppData\Local\Temp\GLFDF0C.EXE
2013-10-24 19:18 - 2013-10-24 19:18 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\GUR6039.exe
2013-10-17 20:16 - 2013-10-17 20:17 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\GURA218.exe
2013-10-15 16:17 - 2013-10-15 16:17 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\GURF565.exe
2013-03-28 12:09 - 2013-03-28 12:09 - 000291056 _____ (Baidu.com) C:\Users\m\AppData\Local\Temp\hao123inst_ar.exe
2013-07-08 21:31 - 2013-07-08 21:55 - 001011840 _____ () C:\Users\m\AppData\Local\Temp\hiplayer_8352_hao123_ar.exe
2013-10-12 17:15 - 2013-10-12 17:15 - 000947200 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Users\m\AppData\Local\Temp\htmlayout.dll
2013-08-19 10:10 - 2013-08-19 10:10 - 001182936 _____ () C:\Users\m\AppData\Local\Temp\ICReinstall_speed_up_my_pc.exe
2017-08-24 21:24 - 2017-08-24 21:29 - 001543648 _____ (Sucanaba                                                    ) C:\Users\m\AppData\Local\Temp\ICReinstall_XePlayer_Setup.exe
2013-07-03 17:52 - 2013-07-03 17:52 - 002515024 ____T (Conduit Ltd.) C:\Users\m\AppData\Local\Temp\iet145A.tmp.exe
2013-07-22 02:51 - 2013-07-23 17:42 - 000089248 ___SH (Adobe Systems, Inc.) C:\Users\m\AppData\Local\Temp\InstallFlashPlayer.exe
2014-02-09 21:56 - 2014-02-10 09:15 - 000469256 _____ (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\InstallManager_GEN_GEN.exe
2013-09-19 17:19 - 2013-09-19 17:19 - 000378648 _____ () C:\Users\m\AppData\Local\Temp\instloffer.exe
2014-04-18 08:03 - 2014-04-18 08:03 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\iPumperUpdater__7428_il2177516.exe
2013-08-28 18:09 - 2013-08-28 18:09 - 000913832 _____ (Oracle Corporation) C:\Users\m\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
2013-10-08 20:27 - 2013-10-08 20:27 - 000915368 _____ (Oracle Corporation) C:\Users\m\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2014-07-16 09:55 - 2014-07-16 09:55 - 000572432 _____ () C:\Users\m\AppData\Local\Temp\K74QLoading.EXE
2013-07-26 00:40 - 2013-07-26 00:40 - 000196608 _____ () C:\Users\m\AppData\Local\Temp\mp3el2.exe
2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsb4773.exe
2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsbB306.exe
2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsg5153.exe
2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsgA751.exe
2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsl59FB.exe
2013-12-16 11:01 - 2013-12-16 11:01 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsq1538.exe
2013-12-04 11:25 - 2013-12-04 11:25 - 000167812 _____ (Conduit) C:\Users\m\AppData\Local\Temp\nsqAD4A.exe
2014-07-16 09:58 - 2014-07-16 10:01 - 005464192 _____ () C:\Users\m\AppData\Local\Temp\OnlineBackup.exe
2013-06-20 09:48 - 2013-06-20 09:48 - 000875200 _____ (Baidu Inc.) C:\Users\m\AppData\Local\Temp\PC_Faster_Setup_Mini_E58.exe
2014-02-01 21:57 - 2014-02-01 21:57 - 000065451 _____ () C:\Users\m\AppData\Local\Temp\SCC.dll
2014-03-03 22:35 - 2014-03-03 22:36 - 000647902 _____ (Media View) C:\Users\m\AppData\Local\Temp\setapp.exe
2013-05-02 16:21 - 2003-10-25 11:33 - 001867776 ____N (SonicTeam) C:\Users\m\AppData\Local\Temp\Setup.exe
2014-01-10 19:14 - 2014-01-10 19:14 - 001024499 _____ (Video Player) C:\Users\m\AppData\Local\Temp\Setup1.exe
2014-01-31 14:14 - 2014-01-31 14:15 - 000965997 _____ (Media Player) C:\Users\m\AppData\Local\Temp\Setup2.exe
2013-10-12 17:31 - 2013-10-12 17:31 - 000152096 _____ (Amonetizé Ltd) C:\Users\m\AppData\Local\Temp\setup__1546.exe
2013-11-04 20:35 - 2013-11-04 20:35 - 000072960 _____ (SimilarSites) C:\Users\m\AppData\Local\Temp\SimilarBundleGenericDl.exe
2013-07-17 18:32 - 2013-07-17 18:36 - 021045248 _____ () C:\Users\m\AppData\Local\Temp\SkypeSetup.exe
2013-07-26 20:51 - 2009-11-16 22:26 - 003024966 _____ () C:\Users\m\AppData\Local\Temp\Sonic - The Tails Nightmare.exe
2013-12-16 11:10 - 2013-12-16 11:10 - 005737408 _____ (Conduit) C:\Users\m\AppData\Local\Temp\SPSetup.exe
2014-02-01 21:56 - 2014-02-01 21:56 - 000166224 _____ (Symantec Corporation) C:\Users\m\AppData\Local\Temp\SymCCIS.dll
2013-08-17 10:57 - 2013-08-17 10:57 - 000782832 _____ () C:\Users\m\AppData\Local\Temp\tbdelta.exe
2013-11-03 15:05 - 2013-11-03 15:05 - 000106407 _____ () C:\Users\m\AppData\Local\Temp\temp.exe
2017-09-13 17:32 - 2017-09-13 17:32 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp11EC.tmp.exe
2017-07-02 22:23 - 2017-07-02 22:23 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp1372.tmp.exe
2014-06-26 20:25 - 2014-06-26 20:25 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmp1592.tmp.exe
2014-07-16 01:35 - 2014-07-16 01:35 - 000179712 _____ () C:\Users\m\AppData\Local\Temp\tmp1B5C.tmp.exe
2017-09-11 17:52 - 2017-09-11 17:52 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp258C.tmp.exe
2017-07-10 17:52 - 2017-07-10 17:52 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp27AF.tmp.exe
2017-09-09 05:45 - 2017-09-09 05:45 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp2867.tmp.exe
2013-10-15 19:03 - 2013-10-15 19:04 - 000453694 _____ () C:\Users\m\AppData\Local\Temp\tmp2BE0.tmp.exe
2013-10-12 17:16 - 2013-10-12 17:16 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmp3861.exe
2017-08-10 18:55 - 2017-08-10 18:55 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp3B7.tmp.exe
2017-07-02 22:33 - 2017-07-02 22:33 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp4108.tmp.exe
2014-07-05 00:34 - 2014-07-05 00:35 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmp4411.tmp.exe
2017-09-09 17:32 - 2017-09-09 17:32 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp4695.tmp.exe
2017-07-17 18:54 - 2017-07-17 18:54 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp4E60.tmp.exe
2017-09-13 17:43 - 2017-09-13 17:43 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp517C.tmp.exe
2017-07-01 17:33 - 2017-07-01 17:33 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp52D0.tmp.exe
2017-09-10 17:32 - 2017-09-10 17:32 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp585F.tmp.exe
2014-06-30 14:45 - 2014-06-30 14:45 - 000099328 _____ () C:\Users\m\AppData\Local\Temp\tmp5E74.tmp.exe
2017-07-01 17:32 - 2017-07-01 17:32 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp6289.tmp.exe
2013-10-12 17:32 - 2013-10-12 17:32 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmp6486.exe
2017-07-15 17:35 - 2017-07-15 17:35 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp6A8C.tmp.exe
2017-07-01 17:54 - 2017-07-01 17:54 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmp6E9C.tmp.exe
2017-09-09 05:55 - 2017-09-09 05:55 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp7178.tmp.exe
2017-09-09 17:42 - 2017-09-09 17:42 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp7332.tmp.exe
2014-07-01 17:33 - 2014-07-01 17:33 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmp7BE9.tmp.exe
2017-09-10 17:42 - 2017-09-10 17:42 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmp8401.tmp.exe
2017-09-13 17:53 - 2017-09-13 17:53 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp893F.tmp.exe
2014-07-20 01:21 - 2014-07-20 01:21 - 000179713 _____ () C:\Users\m\AppData\Local\Temp\tmp8A92.tmp.exe
2013-10-12 17:31 - 2013-10-12 17:31 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmp8CF9.exe
2017-08-11 17:32 - 2017-08-11 17:32 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmp92AD.tmp.exe
2014-07-17 01:41 - 2014-07-17 01:41 - 000179712 _____ () C:\Users\m\AppData\Local\Temp\tmp9A8A.tmp.exe
2013-11-03 18:04 - 2013-11-03 18:04 - 000005632 _____ () C:\Users\m\AppData\Local\Temp\tmpAE4B.tmp.exe
2013-10-12 17:15 - 2013-10-12 17:15 - 000070696 _____ () C:\Users\m\AppData\Local\Temp\tmpAF54.exe
2017-09-09 17:52 - 2017-09-09 17:53 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpB5CE.tmp.exe
2014-07-17 02:42 - 2014-07-17 02:42 - 000208384 _____ () C:\Users\m\AppData\Local\Temp\tmpB6C2.tmp.exe
2017-09-10 17:52 - 2017-09-10 17:52 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpB83C.tmp.exe
2017-07-01 17:43 - 2017-07-01 17:44 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpB886.tmp.exe
2017-08-11 17:42 - 2017-08-11 17:42 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmpBDF3.tmp.exe
2014-07-16 02:36 - 2014-07-16 02:36 - 000208384 _____ () C:\Users\m\AppData\Local\Temp\tmpC8DB.tmp.exe
2017-09-11 17:32 - 2017-09-11 17:32 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpCAFC.tmp.exe
2017-07-17 18:34 - 2017-07-17 18:34 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpCD9A.tmp.exe
2017-07-10 17:32 - 2017-07-10 17:32 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpD098.tmp.exe
2014-07-03 19:36 - 2014-07-03 19:36 - 000099329 _____ () C:\Users\m\AppData\Local\Temp\tmpDC98.tmp.exe
2017-09-09 06:05 - 2017-09-09 06:06 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpDD94.tmp.exe
2017-07-02 22:13 - 2017-07-02 22:13 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpE5EB.tmp.exe
2017-08-11 17:52 - 2017-08-11 17:52 - 000003949 _____ () C:\Users\m\AppData\Local\Temp\tmpE995.tmp.exe
2014-07-19 15:13 - 2014-07-19 15:13 - 000208385 _____ () C:\Users\m\AppData\Local\Temp\tmpF112.tmp.exe
2017-09-11 17:42 - 2017-09-11 17:42 - 000003952 _____ () C:\Users\m\AppData\Local\Temp\tmpF6FC.tmp.exe
2014-04-18 07:57 - 2014-04-18 07:57 - 000007168 _____ () C:\Users\m\AppData\Local\Temp\tmpF8CF.tmp.exe
2014-07-21 02:49 - 2014-07-21 02:49 - 000179713 _____ () C:\Users\m\AppData\Local\Temp\tmpFACB.tmp.exe
2017-07-17 18:44 - 2017-07-17 18:44 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpFBBD.tmp.exe
2017-07-10 17:42 - 2017-07-10 17:42 - 000002372 _____ () C:\Users\m\AppData\Local\Temp\tmpFC0C.tmp.exe
2014-07-19 14:08 - 2014-07-19 14:09 - 000179713 _____ () C:\Users\m\AppData\Local\Temp\tmpFD47.tmp.exe
2013-07-09 11:34 - 2013-07-08 22:16 - 000245408 ____N (Microsoft Corporation) C:\Users\m\AppData\Local\Temp\unicows.dll
2013-08-17 13:28 - 2014-01-22 10:03 - 000104130 _____ () C:\Users\m\AppData\Local\Temp\Uninstall.exe
2013-06-17 10:39 - 2003-10-17 10:26 - 000634880 ____N () C:\Users\m\AppData\Local\Temp\unsetup.exe
2013-07-18 11:11 - 2013-07-18 11:11 - 000826280 _____ () C:\Users\m\AppData\Local\Temp\uti629A.exe
2013-07-18 11:11 - 2013-07-18 11:11 - 000294352 _____ () C:\Users\m\AppData\Local\Temp\uti6902.exe
2013-07-03 17:46 - 2013-07-03 17:52 - 008228864 _____ () C:\Users\m\AppData\Local\Temp\uttE69A.tmp.exe
2013-03-11 21:19 - 2013-03-11 21:19 - 000401408 _____ () C:\Users\m\AppData\Local\Temp\wget.exe
2014-07-16 01:36 - 2014-07-21 02:54 - 000353504 _____ () C:\Users\m\AppData\Local\Temp\WindowsUpdateKB12695__7428_il77.exe
2014-02-01 13:09 - 2014-02-01 13:24 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\{0685CD90-9150-472F-860A-EC09E8AE8AF5}-setup.exe
2014-01-31 20:01 - 2014-01-31 20:13 - 000000000 _____ () C:\Users\m\AppData\Local\Temp\{32C4B43D-4A35-4D9F-9019-7DF7F5126D6F}-setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2017-09-10 20:08

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02
Ran by m (14-09-2017 17:47:42)
Running from C:\Users\m\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-04-07 07:02:32)
Boot Mode:
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1375491003-1713059225-295888860-500 - Administrator - Disabled)
Guest (S-1-5-21-1375491003-1713059225-295888860-501 - Limited - Disabled)
m (S-1-5-21-1375491003-1713059225-295888860-1000 - Administrator - Enabled) => C:\Users\m

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Air Force Missions (HKLM\...\Air Force Missions_is1) (Version: 1.0 - MyPlayCity, Inc.)
Alnaddy.com toolbar  on IE and Chrome (HKLM\...\alnaddyToolbar) (Version:  - Alnaddy.com)
Any Video Converter 5.0.9 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version:  - )
Baidu PC Faster (HKLM\...\Baidu PC Faster 3.6.0.35848) (Version: 3.6.0.35848 - Baidu, Inc.)
Ben 10 Savage Pursuit (HKLM\...\{450B1A83-2A1E-4433-A031-207F66AB7116}_is1) (Version:  - ePlaybus.com)
BitTorrent (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.)
BlueStacks Notification Center (HKLM\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BrowseToSave 1.74 (HKLM\...\SP_48c708f2) (Version:  - ) <==== ATTENTION
Burrito Bison Revenge (HKLM\...\Burrito Bison Revenge_is1) (Version:  - Shmehao.com)
Butterfly Escape 1.2 (HKLM\...\Butterfly Escape_is1) (Version:  - Genimo Interactive LLC)
CCProxy 7.3 (HKLM\...\CCProxy_is1) (Version:  - Youngzsoft, Inc.)
cFos 2000/XP/Vista DSL/ISDN Driver 8.00.3101 (HKLM\...\cFos) (Version: 8.00.3101 - cFos Software GmbH, Bonn)
cFos Broadband Connect v1.06 (HKLM\...\cFos Broadband Connect) (Version: 1.06 - cFos Software GmbH, Bonn)
cFos IPv6 Link v2.52 (HKLM\...\cFos IPv6 Link) (Version: 2.52 - cFos Software GmbH, Bonn)
cFos Outlook DAV v1.10 (HKLM\...\cFos Outlook DAV) (Version: 1.10 - cFos Software GmbH, Bonn)
cFos Personal Net v3.00 (HKLM\...\cFos Personal Net) (Version: 3.00 - cFos Software GmbH, Bonn)
cFosSpeed v10.22 (HKLM\...\cFosSpeed) (Version: 10.22 - cFos Software GmbH, Bonn)
Chicken Invaders 3 (HKLM\...\Chicken Invaders 3_is1) (Version:  - )
Chicken Invaders 4: Ultimate Omelette Uninstaller (HKLM\...\Chicken Invaders 4: Ultimate Omelette Uninstaller) (Version:  - )
Chicken Invaders: Cluck of the Dark Side demo v5.00 (HKLM\...\Chicken Invaders: Cluck of the Dark Side demo_is1) (Version:  - InterAction studios)
ClearWeb (HKLM\...\{A1325A81-3FFA-481A-80DF-2E0B902C56DA}) (Version: 2.1.0 - ClearWeb Internet Solutions)
Client for Google Translate (HKLM\...\Translate Client) (Version: 6.0.612 - )
Debut Video Capture Software (HKLM\...\Debut) (Version: 1.82 - NCH Software)
Discord (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Document.Editor 2013.26 (HKLM\...\Document.Editor) (Version: 2013.26 - Semagsoft)
Driver Whiz (HKLM\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz)
DriverPack Solution Updater (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\DRPSu Updater) (Version: 0.0.25 - DriverPack Solution)
Easy WiFi Radar 1.0.5 (HKLM\...\Easy WiFi Radar) (Version: 1.0.5 - Makayama Interactive)
ESET NOD32 Antivirus (HKLM\...\{083ABCCD-D0A1-4068-A2B1-A4D06E0B9951}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
Etisalat 3.75G USB Modem (HKLM\...\Etisalat 3.75G USB Modem) (Version: 23.003.07.05.135 - Huawei Technologies Co.,Ltd)
Farm Frenzy 2 (HKLM\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Fishdom (HKLM\...\Fishdom_is1) (Version: 1.0 - Media Contact LLC)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
Garden TD (HKLM\...\{908450B6-FED3-4981-958D-EDFEA09BA3D7}_is1) (Version:  - ePlaybus.com)
GC (HKLM\...\GC) (Version:  - ) <==== ATTENTION
GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.102 - SecureMix LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 26.0.1410.64 - Google Inc.)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.153 - Google Inc.) Hidden
GTA San Andreas Control Center v2.1.1 (HKLM\...\GTA San Andreas Control Center v2.1.1) (Version: Release 2.1.1 - open source)
Hao123-Client (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\hao123desk-ar) (Version: 1.0.0.1111 - Baidu Online Network Technology (Beijing) Co., Ltd.) <==== ATTENTION
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel)
Internet Music Capture 6.2.5.6 (HKLM\...\{24F91F2A-AE77-4E45-A82F-26E3460BE7C2}) (Version: 6.2.5.6 - E-Soft)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040F0}) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
K-Lite Mega Codec Pack 7.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
MAGIX Movie Edit Pro 17 Download Version (HKLM\...\{B2C8ABEF-C3D4-493C-8AB1-179FF999F64A}) (Version: 10.0.0.1 - MAGIX AG) Hidden
MAGIX Movie Edit Pro 17 Download Version (HKLM\...\MAGIX_MSI_Videodeluxe17) (Version: 10.0.0.1 - MAGIX AG)
MAGIX Screenshare (HKLM\...\{624A1753-9DA0-4CC2-A695-303A9F224B45}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed 2 (MSI) (HKLM\...\{BEF2491B-A1B5-463B-92E6-370C9548E065}) (Version: 6.0.1.2 - MAGIX AG)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Mario Forever 3.0 (HKLM\...\Mario Forever) (Version: 3.0 - Buziol Games)
Mario Forever Galaxy  (HKLM\...\Mario Forever Galaxy) (Version:  - Buziol Games)
Media View (HKLM\...\MediaViewV1alpha4983) (Version: 1.1 - Media View) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft DirectX SDK (February 2010) (HKLM\...\Microsoft DirectX SDK (February 2010)) (Version: 9.28.1886.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MixiDJ chrome Toolbar (HKLM\...\MixiDJ chrome Toolbar) (Version:  - MixiDJ) <==== ATTENTION
MovieEditor (HKLM\...\{65C10CA0-1E88-4CCC-836C-7B44ED1E9E8A}) (Version: 1.20.0000 - LhK-Soft)
Mozilla Firefox 5.0.1 (x86 ar) (HKLM\...\Mozilla Firefox 5.0.1 (x86 ar)) (Version: 5.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.07 - NCH Software)
Neighbours From Hell Online Demo (HKLM\...\{5945A4B9-CB8F-4960-9C66-690780BEF4D4}) (Version: 1.0 - JoWooD Studio Vienna)
Office Animation Runtime (HKLM\...\{AEEB3643-71DE-414d-9E3F-1159177FE211}) (Version: 11.0.5510.0 - Microsoft Corporation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation)
PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: 2.36 - NCH Software)
PhotoStage Slideshow Producer (HKLM\...\PhotoStage) (Version: 2.24 - NCH Software)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Hidden
Potty Racers 3 (HKLM\...\Potty Racers 3_is1) (Version:  - Shmehao.com)
Prism Video File Converter (HKLM\...\Prism) (Version: 2.01 - NCH Software)
PrivitizeVPN (HKLM\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RogueKiller version 12.11.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.14.0 - Adlice Software)
SafeSaver 1.74 (HKLM\...\SP_0bdf5975) (Version:  - ) <==== ATTENTION
Search Assistant WebSearch 1.74 (HKLM\...\SP_b0285714) (Version:  - ) <==== ATTENTION
Search.us.com (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\{550DA8CA-6DD3-4E37-A562-CE7F3950F181}) (Version:  - Search.us.com)
Search.us.com (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\{8974B658-4B16-4498-AA13-1593888CFF35}) (Version:  - Search.us.com)
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SLADE version 3.1.1.5 (HKLM\...\{3EFD0AA9-5156-40DB-9646-360180FF5DFA}_is1) (Version: 3.1.1.5 - )
SMADAV version 11.5 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.5 - Smadsoft)
Smurfs (HKLM\...\Smurfs_is1) (Version:  - GameFabrique)
Sonic - The Tails Nightmare (HKLM\...\Sonic - The Tails Nightmare) (Version:  - )
Sonic 3D Blast (HKLM\...\Sonic 3D Blast_is1) (Version:  - GameFabrique)
Sonic Adventure 2 (c) SEGA version 1 (HKLM\...\Sonic Adventure 2 (c) SEGA_is1) (Version: 1 - )
SONIC ADVENTURE DX-Director's Cut Demo A Version (HKLM\...\SONICADVDX_DEMO_A) (Version:  - )
Sonic and Knuckles 2 1.0 (HKLM\...\Sonic and Knuckles 2_is1) (Version:  - )
Sonic and Knuckles 3 1.0 (HKLM\...\Sonic and Knuckles 3_is1) (Version:  - )
Sonic Generations (HKLM\...\Sonic Generations_is1) (Version: 1.0 - SEGA)
Sonic Generations version 1.0 (HKLM\...\{4B7IL77L-LKS1-75B1-SONIC-18CD6E6334R1}_is1) (Version: 1.0 - SEGA)
SONIC HEROES TRIAL (HKLM\...\SONICHEROESTRIAL) (Version:  - )
Sonic Riders 1.00 (HKLM\...\Sonic Riders 1.00) (Version:  - )
Sonic the Hedgehog (HKLM\...\Sonic the Hedgehog_is1) (Version:  - GameFabrique)
Sonic the Hedgehog 2 (HKLM\...\Sonic the Hedgehog 2_is1) (Version:  - )
Sonic the Hedgehog 3 (HKLM\...\Sonic the Hedgehog 3_is1) (Version:  - )
Subway Surfers 1.0 (HKLM\...\Subway Surfers 1.0) (Version: 1.0 - Cat-A-Cat)
Super Mario Bros. X version 1.3 (HKLM\...\{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1) (Version: 1.3 - SuperMarioBrothers.org)
Super Mario Kart (HKLM\...\Super Mario Kart_is1) (Version:  - Shmehao.com)
Super Smash Flash 2 Beta (HKLM\...\{7603695C-A9FF-48D5-BE83-CD07DB80E957}_is1) (Version: 1.0.0.0 - McLeodGaming, Inc.)
Toad for Oracle 10.6 Freeware (HKLM\...\{B7B361DE-C9E6-4047-AF83-2C9CCE0AF4F3}) (Version: 10.6.0.42 - Quest Software, Inc.)
Turbo Fiesta (HKLM\...\Turbo Fiesta_is1) (Version:  - GameFools)
Turbo Subs (HKLM\...\Turbo Subs_is1) (Version:  - GameFools)
Turbo Trio (HKLM\...\Turbo Trio_is1) (Version:  - Games Of The Month)
Turtix (HKLM\...\Turtix_is1) (Version: 1.0 - MyPlayCity, Inc.)
USB Network Driver (HKLM\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - )
uTorrentControl_v6 Toolbar (HKLM\...\uTorrentControl_v6 Toolbar) (Version: 6.13.3.505 - uTorrentControl_v6) <==== ATTENTION
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Video Capture SDK Delphi TRIAL (HKLM\...\{3D46BD05-CA91-46C9-9C78-FBF10A65D471}) (Version: 8.0.2.0 - VisioForge) Hidden
Video Capture SDK Delphi TRIAL (HKLM\...\Video Capture SDK Delphi TRIAL 8.0.2.0) (Version: 8.0.2.0 - VisioForge)
Video Download Capture V4.6.5 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.6.5 - Apowersoft)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.04 - NCH Software)
Viscom Store Audio Capture to MP3 (HKLM\...\Viscom Store Audio Capture to MP3_is1) (Version:  - Viscom Software)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Vodafone Wi-Fi (HKLM\...\{F08DBC61-FBFC-4D26-997F-74B42C51DC56}) (Version: 2.0.9.48121 - Vodafone)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.55 - NCH Software)
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WirelessMon V4.0 (HKLM\...\WirelessMon_is1) (Version:  - PassMark Software ®)
ZiggyTV (HKLM\...\ZiggyTV) (Version:  - )
Zone Builder 2.6 (HKLM\...\Zone Builder_is1) (Version:  - MascaraSnake)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\old_chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\CLSID\{999937BC-30FE-11D4-BA52-00C04F6843FA}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ContextMenuHandlers1: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.)
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ContextMenuHandlers6: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.)
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A468F3-2B0D-4982-B74F-779897DF4AC9} - System32\Tasks\{E904F735-E5C9-446C-89F4-8065C9D04CCB} => F:\games\OpenURL.exe
Task: {098E017C-02F5-4AF1-9B22-E2D391597602} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {1B6FF82A-DF2A-4FCF-92FA-14A2E25F07B7} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Cloud Security\BavUpdater.exe [2013-07-08] (Baidu, Inc.)
Task: {33352777-A6D2-494A-8363-79BC065EA1CB} - System32\Tasks\cFos\cfospnet\cFos Personal Net Port Monitoring => F:\برامج\network\setup.exe
Task: {487AF48A-E4B3-4E64-8F35-B2649A1F851B} - System32\Tasks\{3B31C0C8-BA7F-4DFD-A8D7-FC1694ED8E3E} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] ()
Task: {58416E09-F255-41C2-A2D5-05B7DDA1291D} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\google\chrome\application\old_chrome.exe "hxxp://localhost:1487/cfosspeed/console.htm"
Task: {5D3F6B74-8582-4632-B051-4D6C6F4D117E} - System32\Tasks\Driver Whiz-RTMScanRunOnce => F:\برامج\وايرليس\DriverWhiz.exe
Task: {625685A0-C04C-4598-ADEA-8D545C4A0F60} - System32\Tasks\{F219436C-CF36-43D4-B478-503DAC6B2E79} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\NCH Software\Debut\debutfilterinstallerx86.exe" -d "C:\Program Files\NCH Software\Debut"
Task: {62A381CF-C2CA-4F29-9930-2D281F1EA676} - System32\Tasks\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => C:\Windows\system32\pcalua.exe -a "F:\games\sonic games\Mettrix-SAGE08\LAUNCH.EXE" -d "F:\games\sonic games\Mettrix-SAGE08"
Task: {69C710EC-D8EA-47DB-8976-81608A761BAF} - \FTdownloader V4.0-codedownloader -> No File <==== ATTENTION
Task: {6ECB8FD2-0FD4-4EA6-B10E-13980E77ABEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated)
Task: {6EF111F8-9829-4DAF-AF39-75967D02D3C2} - System32\Tasks\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => C:\Windows\system32\pcalua.exe -a "F:\ألعاب\games mario\Super Mario 64 DS\NO$GBA.EXE" -d "F:\ألعاب\games mario\Super Mario 64 DS"
Task: {80C23D04-B7BB-4261-93BC-B20F7109B7A5} - System32\Tasks\{8C4E4B5B-5E09-4976-98E4-BEF866DF75AE} => D:\ألعاب متسممة\SMBX\smbx.exe
Task: {A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} - System32\Tasks\{113A9539-30CF-4336-9715-83664CFA6DD9} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\NO$GBA.EXE -d C:\Users\m\Desktop
Task: {BC27A08E-31F7-4D43-A173-84D5BD87DD94} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2017-06-16] (Smadsoft)
Task: {BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} - System32\Tasks\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => C:\Windows\system32\pcalua.exe -a D:\Mettrix-SAGE08\LAUNCH.EXE -d D:\Mettrix-SAGE08
Task: {CE1C98BC-C9AC-41C2-B059-1E560837DEE6} - System32\Tasks\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => C:\Windows\system32\pcalua.exe -a F:\برامج\وايرليس\ISUninstall.exe -d F:\برامج\وايرليس
Task: {D13CF6BD-8570-4B1F-8F70-97E4C206D56C} - System32\Tasks\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => C:\Windows\system32\pcalua.exe -a "F:\games\Commandos 2\Destination Paris Mod v1.34\C2DP1.34.exe" -d "F:\games\Commandos 2\Destination Paris Mod v1.34"
Task: {D863E55F-7899-4196-AFAD-5E2054A69AA8} - System32\Tasks\cFos\cfospnet\cFos Personal Net Start at Login => F:\برامج\network\cfospnet.exe
Task: {D88F769C-00AB-4E22-B33A-223B0906569F} - System32\Tasks\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\vpsupd.exe -d C:\Users\m\Desktop
Task: {DC531842-781D-4BFD-81AC-9381B0173DA4} - \EPUpdater -> No File <==== ATTENTION
Task: {E5208A81-D6BE-4152-AC3E-0144B83E2BD2} - System32\Tasks\{A31E5E0E-59F5-44C1-8108-4547C531E291} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Downloads\Mario_Forever_Galaxy_Setup_102308.exe -d "C:\Program Files\Mozilla Firefox"
Task: {E57E2849-5426-4B21-BCAB-D0F2163EA22F} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-06-16] (FreeDownloadManager.org)
Task: {E67C12FD-0FAD-4088-AD2F-9158C67F632C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: {ED1BA7B4-109C-45FD-9709-3C69C34C5795} - \FTdownloader V4.0-enabler -> No File <==== ATTENTION
Task: {EF1CAE8C-481F-42F6-B5C3-6E6A240FFC2E} - System32\Tasks\{7D5AA710-08D3-4C54-BC10-14E87F8E5090} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] ()
Task: {EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} - \schedule!3036567561 -> No File <==== ATTENTION
Task: {F0198F2E-D7A0-4D7B-898D-7D2BDE09D850} - System32\Tasks\{A8FC80F4-0EB5-4686-B0AB-85B548A28FFC} => C:\Users\m\Desktop\Sonic Generations.exe
Task: {F9142D59-893F-4E79-A3CC-E4980135A503} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: {FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} - System32\Tasks\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => C:\Windows\system32\pcalua.exe -a "F:\games\gta\setup gta VC\setup.exe" -d "F:\games\gta\setup gta VC"
Task: {FD4F824F-368F-4136-9A4C-140319DBF71D} - \FTdownloader V4.0-updater -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exeƱ/reinstallapp /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /codedownloaddomain=hxxp:/cr.install-daddy.com <==== ATTENTION
Task: C:\Windows\Tasks\FTdownloader V4.0-enabler.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exeƋ/enablebho /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com <==== ATTENTION
Task: C:\Windows\Tasks\FTdownloader V4.0-updater.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-updater.exeƻ/runupdater /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.datasrvstats.com <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\m\Desktop\Continue Supreme Downloader.lnk -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe (@) -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe  " /PID=3708 /SUBPID=0 /DISTID=4575 /NETWORDK=1 /CID=0 /PRODUCT_ID=4366  /SERVER_URL=hxxp://installer.ppdownload.com "

==================== Loaded Modules (Whitelisted) ==============

2017-06-30 12:22 - 2017-06-15 18:41 - 000023552 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2014-01-31 16:45 - 2014-01-31 16:45 - 000597360 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2017-08-11 00:46 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-11 00:46 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-11 00:46 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-11 01:34 - 2017-08-31 10:59 - 009622008 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-11 01:34 - 2017-08-11 01:34 - 001440248 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-14 14:20 - 2017-09-14 14:20 - 000148992 _____ () \\?\C:\Users\m\AppData\Local\Temp\A15D.tmp.node
2017-08-09 22:14 - 2017-08-09 22:14 - 002658296 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-11 11:54 - 2017-08-11 11:54 - 002673656 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05816AFA [131]
AlternateDataStreams: C:\ProgramData\TEMP:4F636E25 [145]
AlternateDataStreams: C:\ProgramData\TEMP:77846FFE [141]
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [145]
AlternateDataStreams: C:\ProgramData\TEMP:EBA3B6EA [127]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-01-23 03:59 - 000011962 _____ C:\Windows\system32\Drivers\etc\hosts

173.83.222.101    tomshardware.co.uk
173.83.222.101    www.tomshardware.co.uk
173.83.222.101    www.gmail.com
173.83.222.101    gmail.com
173.83.222.101    www.hotmail.com
173.83.222.101    hotmail.com
173.83.222.101    www.mail.ru
173.83.222.101    mail.ru
173.83.222.101    www.torrentz.eu
173.83.222.101    torrentz.eu
173.83.222.101    www.kat.ph
173.83.222.101    kat.ph
173.83.222.101    www.thepiratebay.se
173.83.222.101    thepiratebay.se
173.83.222.101    www.thepiratebay.org
173.83.222.101    thepiratebay.org
173.83.222.101    www.ehow.com
173.83.222.101    ehow.com
173.83.222.101    www.imeetzu.com
173.83.222.101    imeetzu.com
173.83.222.101    www.omegle.com
173.83.222.101    omegle.com
173.83.222.101    www.runescape.com
173.83.222.101    runescape.com
173.83.222.101    google.com
173.83.222.101    www.google.com
173.83.222.101    leagueoflegends.com
173.83.222.101    www.leagueoflegends.com
173.83.222.101    www.google.ae
173.83.222.101    www.google.com.af

There are 345 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\m\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BAVSvc => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: DPService => 2
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: Etisalat 3.75G USB Modem. RunOuc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: GlassWire => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HWDeviceService.exe => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PCFasterSvc_{PCFaster_3.6.0.35848} => 2
MSCONFIG\Services: Update LemurLeap => 2
MSCONFIG\Services: Util LemurLeap => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Driver Auto Setup Launcher.lnk => C:\Windows\pss\Driver Auto Setup Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Translate Client.lnk => C:\Windows\pss\Translate Client.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Baidu PC Faster 3.6.0.35848 => "C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFaster.exe" -auto -start
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: cfos6link Daemon => C:\Program Files\cfos6link\w6link.exe
MSCONFIG\startupreg: cFosBC Daemon => C:\Program Files\cFosBC\wbc.exe
MSCONFIG\startupreg: cFosDNT => C:\Program Files\cFos\cFosDNT.exe
MSCONFIG\startupreg: cFosSpeed => C:\network\cFosSpeed.exe
MSCONFIG\startupreg: Discord => C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
MSCONFIG\startupreg: Driver Whiz => F:\برامج\وايرليس\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: DrvUpdater => C:\Users\m\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
MSCONFIG\startupreg: GlassWire => "C:\Program Files\GlassWire\glasswire.exe" -hide
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\m\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NTRedirect => C:\Windows\system32\rundll32.exe  "C:\Users\m\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: test => C:\Windows\bat_starter.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Download_Version\TrayServer.exe
MSCONFIG\startupreg: USB Gamepad => C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
MSCONFIG\startupreg: uTorrent => "C:\Users\m\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VodafoneMobileWiFi => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: cFosNT
Description: cFosNT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cFosNT
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w
Description: {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {910baceb-efc0-4fe2-bc67-ee485894a7c4}w
Description: {910baceb-efc0-4fe2-bc67-ee485894a7c4}w
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {910baceb-efc0-4fe2-bc67-ee485894a7c4}w
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: nethfdrv
Description: nethfdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nethfdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2017 05:15:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\SMADAV\SmadavProtect64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.6000.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/14/2017 02:21:02 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (09/14/2017 10:13:24 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8007043c).

Error: (09/14/2017 10:13:24 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8007043c).

Error: (09/14/2017 05:41:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23
Faulting module name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23
Exception code: 0x40000015
Fault offset: 0x0009d802
Faulting process id: 0xd88
Faulting application start time: 0x01d32d0b2622df1f
Faulting application path: C:\Program Files\NCH Software\Debut\debut.exe
Faulting module path: C:\Program Files\NCH Software\Debut\debut.exe
Report Id: 9d16a30d-98fe-11e7-acd7-001e101f0000

Error: (09/14/2017 03:51:57 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (09/14/2017 02:28:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988be8a
Faulting module name: CleanControllerImpl.dll_unloaded, version: 0.0.0.0, time stamp: 0x599e0281
Exception code: 0xc0000005
Fault offset: 0x51bc78b0
Faulting process id: 0x9a4
Faulting application start time: 0x01d32cc7a42fcf25
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: CleanControllerImpl.dll
Report Id: a8cb7e45-98e3-11e7-bd18-001e101f0000

Error: (09/14/2017 01:15:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23
Faulting module name: debut.exe, version: 0.0.0.0, time stamp: 0x51adac23
Exception code: 0x40000015
Fault offset: 0x0009d802
Faulting process id: 0xfb0
Faulting application start time: 0x01d32ce5e4eb625b
Faulting application path: C:\Program Files\NCH Software\Debut\debut.exe
Faulting module path: C:\Program Files\NCH Software\Debut\debut.exe
Report Id: 6b8b5f58-98d9-11e7-bd18-001e101f0000

Error: (09/13/2017 09:40:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Faulting module name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Exception code: 0x40000015
Fault offset: 0x00009176
Faulting process id: 0x8b8
Faulting application start time: 0x01d32cc68dd2b6d7
Faulting application path: C:\Users\m\AppData\Local\GC\Runner.exe
Faulting module path: C:\Users\m\AppData\Local\GC\Runner.exe
Report Id: 594d6b07-98bb-11e7-bd18-001e101f0000

Error: (09/13/2017 09:28:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Faulting module name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Exception code: 0x40000015
Fault offset: 0x00009176
Faulting process id: 0x874
Faulting application start time: 0x01d32cb477a2b141
Faulting application path: C:\Users\m\AppData\Local\GC\Runner.exe
Faulting module path: C:\Users\m\AppData\Local\GC\Runner.exe
Report Id: ba87dc9a-98b9-11e7-bd18-001e101f0000


System errors:
=============
Error: (09/14/2017 02:21:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error:
The system cannot find the file specified.

Error: (09/14/2017 02:19:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (09/14/2017 02:19:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (09/14/2017 02:18:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ehdrv
nethfdrv
spldr
{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w
{910baceb-efc0-4fe2-bc67-ee485894a7c4}w

Error: (09/14/2017 02:18:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Driver and Support Assistant service hung on starting.

Error: (09/14/2017 02:17:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
The specified service does not exist as an installed service.

Error: (09/14/2017 02:17:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (09/14/2017 02:17:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/14/2017 02:17:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Link-Layer Topology Discovery Responder service failed to start due to the following error:
The driver was not loaded because the system is booting into safe mode.

Error: (09/14/2017 02:17:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error:
The driver was not loaded because the system is booting into safe mode.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 46%
Total physical RAM: 1981.24 MB
Available physical RAM: 1051.24 MB
Total Virtual: 4262.48 MB
Available Virtual: 3213.12 MB

==================== Drives ================================

Drive c: (MEMOREY) (Fixed) (Total:46.43 GB) (Free:4.83 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FILMS ) (Fixed) (Total:141.58 GB) (Free:78.62 GB) NTFS
Drive e: (WIN_UPDATES) (Fixed) (Total:139.33 GB) (Free:130.95 GB) NTFS
Drive f: (MY FILES ) (Fixed) (Total:138.42 GB) (Free:44.75 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=46.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=419.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Link to post
Share on other sites

I don't know how your friend uses his computer, but he should be more careful from now on. One of the most infected system I've seen in a while.

Ask him to uninstall the following programs:

  • Alnaddy.com toolbar  on IE and DChrome
  • Baidu PC Faster
  • BrowseToSave 1.74
  • Driver Whiz
  • DriverPack Solution Updater
  • GC
  • Hao123-Client
  • Java 7 Update 40
  • Java 7 Update 45
  • Media View
  • MixiDJ chrome Toolbar
  • MovieEditor
  • PrivitizeVPN
  • SafeSaver 1.74
  • Search Assistance WebSearch 1.74
  • Search.us.com
  • uTorrentControl_v6 Toolbar

And to follow these instructions.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-09-2017 02
Ran by m (14-09-2017 21:59:00) Run:1
Running from C:\Users\m\Desktop
Loaded Profiles: m (Available Profiles: m)
Boot Mode:

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gmdoiobfkangimkkodmdklhdlnkmpljc" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iijdejcjlbgbpkdjanfjanndnffpkfdl" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nohggfehlfggmhadohogpgfipdbegokp" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojgckilddijehegemacdfpflendgdemi" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco" /f

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\m\AppData\Local\Start\MyPC Backup.lnk [2014-07-16]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1432860919
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabic.arabia.msn.com/?ocid=iehp
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1498809043
URLSearchHook: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File
URLSearchHook: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1385859699&type=default&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319766&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP200C4329-57AF-4556-9537-E6F39521B2E3&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=52461078D244774B&affID=120695&tsp=4954
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=ds&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1404551398&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {446F0CFE-F4F0-46E1-9000-A1756964F954} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282495&CUI=UN17744103336735511&UM=1
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.pur-esult.info/?l=1&q={searchTerms}&pid=726&r=2013/07/11&hid=3680853168&lg=EN&cc=EG
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} URL = hxxp://search.us.com/serp?guid={8974B658-4B16-4498-AA13-1593888CFF35}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> {EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=225
BHO: FTdownloader V4.0 -> {11111111-1111-1111-1111-110311551174} -> C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-bho.dll => No File
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File
BHO: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll => No File
BHO: Browase2saaVE -> {A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} -> C:\ProgramData\Browase2saaVE\51658cb8edef5.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKLM - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File
Toolbar: HKU\S-1-5-21-1375491003-1713059225-295888860-1000 -> uTorrentControl_v6 Toolbar - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\Program Files\uTorrentControl_v6\prxtbuTo2.dll No File

FF NewTab: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\m78g5t0e.default -> dosearches
FF Homepage: Mozilla\Firefox\Profiles\m78g5t0e.default -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1505045064

FF Extension: (Browase2saaVE) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\cmt0zpnvfv@kuiiiu.net [2012-04-10] [not signed]
FF Extension: (alnaddyToolbar.com) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\ffxtlbr@alnaddyToolbar.com [2012-04-10] [not signed]
FF Extension: (Fast Search by Surf Canyon) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} [2014-02-03] [not signed]
FF Extension: (SuperSmashBros ) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{d1bf4285-e49f-447e-8249-976311c07344} [2014-07-02] [not signed]
FF Extension: (Media View) - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff [2014-03-03] [not signed]
FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff => not found
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff => not found
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha153.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha153\ff => not found
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha310.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha310\ff => not found
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha4983.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home6866.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home6866\ff => not found

CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx [2013-06-15]
CHR crx: C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx [2013-05-29]

OPR Extension: (LemurLeap) - C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli [2017-06-30]
StartMenuInternet: (HKLM) Opera - F:\برامج\المخزن\Opera.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU67833078330&ts=1402902953

S4 cfos6linksrv; "C:\Program Files\cfos6link\cfos6link.exe" -service [X]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
S3 h647906; system32\drivers\h647906.sys [X]
S3 h648101; system32\drivers\h648101.sys [X]
S3 h648103; system32\drivers\h648103.sys [X]
S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 tghxxxuf; \??\C:\Windows\system32\drivers\tghxxxuf.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 {2ecad685-1644-4a6c-a1ca-055e8d6442fb}w; system32\drivers\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w.sys [X]
S1 {910baceb-efc0-4fe2-bc67-ee485894a7c4}w; system32\drivers\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w.sys [X]

HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\old_chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\CLSID\{999937BC-30FE-11D4-BA52-00C04F6843FA}\InprocServer32 -> no filepath

Task: {62A381CF-C2CA-4F29-9930-2D281F1EA676} - System32\Tasks\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => C:\Windows\system32\pcalua.exe -a "F:\games\sonic games\Mettrix-SAGE08\LAUNCH.EXE" -d "F:\games\sonic games\Mettrix-SAGE08"
Task: {69C710EC-D8EA-47DB-8976-81608A761BAF} - \FTdownloader V4.0-codedownloader -> No File <==== ATTENTION
Task: {6EF111F8-9829-4DAF-AF39-75967D02D3C2} - System32\Tasks\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => C:\Windows\system32\pcalua.exe -a "F:\ألعاب\games mario\Super Mario 64 DS\NO$GBA.EXE" -d "F:\ألعاب\games mario\Super Mario 64 DS"
Task: {A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} - System32\Tasks\{113A9539-30CF-4336-9715-83664CFA6DD9} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\NO$GBA.EXE -d C:\Users\m\Desktop
Task: {BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} - System32\Tasks\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => C:\Windows\system32\pcalua.exe -a D:\Mettrix-SAGE08\LAUNCH.EXE -d D:\Mettrix-SAGE08
Task: {CE1C98BC-C9AC-41C2-B059-1E560837DEE6} - System32\Tasks\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => C:\Windows\system32\pcalua.exe -a F:\برامج\وايرليس\ISUninstall.exe -d F:\برامج\وايرليس
Task: {D13CF6BD-8570-4B1F-8F70-97E4C206D56C} - System32\Tasks\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => C:\Windows\system32\pcalua.exe -a "F:\games\Commandos 2\Destination Paris Mod v1.34\C2DP1.34.exe" -d "F:\games\Commandos 2\Destination Paris Mod v1.34"
Task: {D88F769C-00AB-4E22-B33A-223B0906569F} - System32\Tasks\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Desktop\vpsupd.exe -d C:\Users\m\Desktop
Task: {DC531842-781D-4BFD-81AC-9381B0173DA4} - \EPUpdater -> No File <==== ATTENTION
Task: {E5208A81-D6BE-4152-AC3E-0144B83E2BD2} - System32\Tasks\{A31E5E0E-59F5-44C1-8108-4547C531E291} => C:\Windows\system32\pcalua.exe -a C:\Users\m\Downloads\Mario_Forever_Galaxy_Setup_102308.exe -d "C:\Program Files\Mozilla Firefox"
Task: {ED1BA7B4-109C-45FD-9709-3C69C34C5795} - \FTdownloader V4.0-enabler -> No File <==== ATTENTION
Task: {EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} - \schedule!3036567561 -> No File <==== ATTENTION
Task: {FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} - System32\Tasks\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => C:\Windows\system32\pcalua.exe -a "F:\games\gta\setup gta VC\setup.exe" -d "F:\games\gta\setup gta VC"
Task: C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exeƱ/reinstallapp /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installerfullversion=1.27.153.8 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /codedownloaddomain=hxxp:/cr.install-daddy.com <==== ATTENTION
Task: C:\Windows\Tasks\FTdownloader V4.0-enabler.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exeƋ/enablebho /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com <==== ATTENTION
Task: C:\Windows\Tasks\FTdownloader V4.0-updater.job => C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-updater.exeƻ/runupdater /agentregpath='FTdownloader V4.0' /appid=35574 /srcid='000179' /subid='0' /zdata='0' /bic=A9172409DA524CC1BB192C8AB197F580IE /verifier=32fbe652f4630d9b881642193b14e83f /installerversion=1_27_153 /installationtime=1381989767 /statsdomain=hxxp:/stats.datasrvstats.com /errorsdomain=hxxp:/errors.datasrvstats.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.datasrvstats.com <==== ATTENTION

ShortcutWithArgument: C:\Users\m\Desktop\Continue Supreme Downloader.lnk -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe (@) -> C:\Users\m\AppData\Local\Temp\DownloadManager.exe  " /PID=3708 /SUBPID=0 /DISTID=4575 /NETWORDK=1 /CID=0 /PRODUCT_ID=4366  /SERVER_URL=hxxp://installer.ppdownload.com "

AlternateDataStreams: C:\ProgramData\TEMP:05816AFA [131]
AlternateDataStreams: C:\ProgramData\TEMP:4F636E25 [145]
AlternateDataStreams: C:\ProgramData\TEMP:77846FFE [141]
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [145]
AlternateDataStreams: C:\ProgramData\TEMP:EBA3B6EA [127]

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"

MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\m\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NTRedirect => C:\Windows\system32\rundll32.exe  "C:\Users\m\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
MSCONFIG\startupreg: test => C:\Windows\bat_starter.exe

C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a
C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a
C:\Program Files\Alnaddy.com
C:\Program Files\BetterSurf
C:\Program Files\cfos6link
C:\Program Files\DefaultTab
C:\Program Files\FTDownloader.com
C:\Program Files\LemurLeap
C:\Program Files\MediaViewV1
C:\Program Files\MediaPlayerV1
C:\Program Files\MediaWatchV1
C:\Program Files\MyPC Backup
C:\Program Files\uTorrentControl_v6
C:\Program Files\WebexpEnhancedV1
C:\ProgramData\Browase2saaVE
C:\Users\m\AppData\Local\ws_updater.exe
C:\Users\m\AppData\Roaming\BabSolution
C:\Users\m\AppData\Roaming\newnext.me
C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli
C:\Windows\bat_starter.exe

Hosts:
EmptyTemp:
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.

========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gmdoiobfkangimkkodmdklhdlnkmpljc" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iijdejcjlbgbpkdjanfjanndnffpkfdl" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nohggfehlfggmhadohogpgfipdbegokp" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojgckilddijehegemacdfpflendgdemi" /f =========

The operation completed successfully.



========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco" /f =========

The operation completed successfully.



========= End of Reg: =========

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started:
"C:\Program Files\Windows Defender\en-US" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpAsDesc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpClient.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCmdRun.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCommu.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpEvMsg.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpOAV.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRTP.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSvc.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MSASCui.exe" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpCom.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpLics.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpRes.dll" =>Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" =>Deleting reparse point and unlocking completed.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully.
C:\Users\m\AppData\Local\Start\MyPC Backup.lnk => moved successfully
C:\Program Files\MyPC Backup\MyPC Backup.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Policies\Google => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{96f454ea-9d38-474f-b504-56193e00c1a5} => value removed successfully.
HKLM\Software\Classes\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => key removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{96f454ea-9d38-474f-b504-56193e00c1a5} => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully.
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully.
HKLM\Software\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key removed successfully.
HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key removed successfully.
HKLM\Software\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully.
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{446F0CFE-F4F0-46E1-9000-A1756964F954} => key removed successfully.
HKLM\Software\Classes\CLSID\{446F0CFE-F4F0-46E1-9000-A1756964F954} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully.
HKLM\Software\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} => key removed successfully.
HKLM\Software\Classes\CLSID\{D99C000E-35B0-47D5-8EEC-4ECA70A1C1C6} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key removed successfully.
HKLM\Software\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} => key removed successfully.
HKLM\Software\Classes\CLSID\{EA77BDC2-0142-4A34-89EE-E5E567EAA0B0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551174} => key removed successfully.
HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311551174} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully.
HKLM\Software\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully.
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96f454ea-9d38-474f-b504-56193e00c1a5} => key removed successfully.
HKLM\Software\Classes\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} => key removed successfully.
HKLM\Software\Classes\CLSID\{A5DD68F7-68BF-B5CA-FCF4-D46ED0EB5A3D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully.
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key removed successfully.
HKLM\Software\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{96f454ea-9d38-474f-b504-56193e00c1a5} => value removed successfully.
HKLM\Software\Classes\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => key not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{96F454EA-9D38-474F-B504-56193E00C1A5} => value removed successfully.
HKLM\Software\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5} => key not found.
Firefox "newtab" removed successfully.
Firefox DefaultSearchEngine removed successfully.
Firefox SearchEngineOrder.1 removed successfully.
Firefox SelectedSearchEngine removed successfully.
Firefox "homepage" removed successfully.
C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\cmt0zpnvfv@kuiiiu.net => moved successfully
C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\ffxtlbr@alnaddyToolbar.com => moved successfully
C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} => moved successfully
C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{75623d5d-4683-402a-b610-ac4bab767c86} => path removed successfully.
C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\Extensions\{d1bf4285-e49f-447e-8249-976311c07344} => moved successfully
C:\Program Files\MediaViewV1\MediaViewV1alpha4983\ff => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\xz123@ya456.com => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\12x3q4@3244516.com => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha153.net => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha310.net => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha4983.net => value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaWatchV1home6866.net => value removed successfully.

"C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx" folder move:

Could not move "C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx" => Scheduled to move on reboot.


"C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx" folder move:

Could not move "C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx" => Scheduled to move on reboot.

C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli => moved successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
HKLM\System\CurrentControlSet\Services\cfos6linksrv => key removed successfully.
cfos6linksrv => service removed successfully.
SkypeUpdate => service not found.
h647906 => service not found.
h648101 => service not found.
h648103 => service not found.
HKLM\System\CurrentControlSet\Services\nethfdrv => key removed successfully.
nethfdrv => service removed successfully.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully.
Synth3dVsc => service removed successfully.
HKLM\System\CurrentControlSet\Services\tghxxxuf => key removed successfully.
tghxxxuf => service removed successfully.
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully.
tsusbhub => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully.
VGPU => service removed successfully.
HKLM\System\CurrentControlSet\Services\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w => key removed successfully.
{2ecad685-1644-4a6c-a1ca-055e8d6442fb}w => service removed successfully.
HKLM\System\CurrentControlSet\Services\{910baceb-efc0-4fe2-bc67-ee485894a7c4}w => key removed successfully.
{910baceb-efc0-4fe2-bc67-ee485894a7c4}w => service removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\ChromeHTML => key removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000_Classes\CLSID\{999937BC-30FE-11D4-BA52-00C04F6843FA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62A381CF-C2CA-4F29-9930-2D281F1EA676} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62A381CF-C2CA-4F29-9930-2D281F1EA676} => key removed successfully.
C:\Windows\System32\Tasks\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{70F5FFE2-56F2-45E2-B7B4-57EB344F2C3E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69C710EC-D8EA-47DB-8976-81608A761BAF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69C710EC-D8EA-47DB-8976-81608A761BAF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EF111F8-9829-4DAF-AF39-75967D02D3C2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF111F8-9829-4DAF-AF39-75967D02D3C2} => key removed successfully.
C:\Windows\System32\Tasks\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C2D940EF-1A2F-49B9-8BAC-0D9BC9F13F50} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A25E0CFC-2A70-4E54-BCA1-C16AA52FDE76} => key removed successfully.
C:\Windows\System32\Tasks\{113A9539-30CF-4336-9715-83664CFA6DD9} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{113A9539-30CF-4336-9715-83664CFA6DD9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE0760DD-0D3C-4740-8BE2-4B0B3F55CAB3} => key removed successfully.
C:\Windows\System32\Tasks\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A942BA9-534F-44E4-84F8-312C625FDFFA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE1C98BC-C9AC-41C2-B059-1E560837DEE6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1C98BC-C9AC-41C2-B059-1E560837DEE6} => key removed successfully.
C:\Windows\System32\Tasks\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D19DABCC-0A16-4786-958C-8FD4A24E0128} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D13CF6BD-8570-4B1F-8F70-97E4C206D56C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D13CF6BD-8570-4B1F-8F70-97E4C206D56C} => key removed successfully.
C:\Windows\System32\Tasks\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C561F83C-1F86-43BA-955A-1B9FC5A075DF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D88F769C-00AB-4E22-B33A-223B0906569F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D88F769C-00AB-4E22-B33A-223B0906569F} => key removed successfully.
C:\Windows\System32\Tasks\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{194995A9-2CDA-4DD6-9D4D-4B28303CE12B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC531842-781D-4BFD-81AC-9381B0173DA4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC531842-781D-4BFD-81AC-9381B0173DA4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5208A81-D6BE-4152-AC3E-0144B83E2BD2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5208A81-D6BE-4152-AC3E-0144B83E2BD2} => key removed successfully.
C:\Windows\System32\Tasks\{A31E5E0E-59F5-44C1-8108-4547C531E291} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A31E5E0E-59F5-44C1-8108-4547C531E291} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED1BA7B4-109C-45FD-9709-3C69C34C5795} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED1BA7B4-109C-45FD-9709-3C69C34C5795} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFC6E86E-BAB3-4AAD-B364-D1595450AAE0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!3036567561 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD0F2267-2A7D-4C53-8611-1BBB2A7DD1B9} => key removed successfully.
C:\Windows\System32\Tasks\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11865ADB-A94B-4677-BAB4-4AE9E13AE3CD} => key removed successfully.
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => moved successfully
C:\Windows\Tasks\FTdownloader V4.0-enabler.job => moved successfully
C:\Windows\Tasks\FTdownloader V4.0-updater.job => moved successfully
C:\Users\m\Desktop\Continue Supreme Downloader.lnk => Shortcut argument removed successfully..
C:\ProgramData\TEMP => ":05816AFA" ADS removed successfully..
C:\ProgramData\TEMP => ":4F636E25" ADS removed successfully..
C:\ProgramData\TEMP => ":77846FFE" ADS removed successfully..
C:\ProgramData\TEMP => ":DBC416F8" ADS removed successfully..
C:\ProgramData\TEMP => ":EBA3B6EA" ADS removed successfully..
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NTRedirect => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\test => key removed successfully.
C:\$Recycle.Bin\S-1-5-18\$5c2f64e123280df904ae1719d91de09a => moved successfully
C:\$Recycle.Bin\S-1-5-21-1375491003-1713059225-295888860-1000\$5c2f64e123280df904ae1719d91de09a => moved successfully
"C:\Program Files\Alnaddy.com" => not found.
"C:\Program Files\BetterSurf" => not found.
"C:\Program Files\cfos6link" => not found.
"C:\Program Files\DefaultTab" => not found.
"C:\Program Files\FTDownloader.com" => not found.
"C:\Program Files\LemurLeap" => not found.
C:\Program Files\MediaViewV1 => moved successfully
C:\Program Files\MediaPlayerV1 => moved successfully
"C:\Program Files\MediaWatchV1" => not found.
"C:\Program Files\MyPC Backup" => not found.
"C:\Program Files\uTorrentControl_v6" => not found.
"C:\Program Files\WebexpEnhancedV1" => not found.
C:\ProgramData\Browase2saaVE => moved successfully
C:\Users\m\AppData\Local\ws_updater.exe => moved successfully
"C:\Users\m\AppData\Roaming\BabSolution" => not found.
"C:\Users\m\AppData\Roaming\newnext.me" => not found.
"C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\khjlmoimbipephlkgfglajblpkgngcli" => not found.
"C:\Windows\bat_starter.exe" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23298680 B
Java, Flash, Steam htmlcache => 70978 B
Windows/system/drivers => 258766 B
Edge => 0 B
Chrome => 49441204 B
Firefox => 141905965 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 18072014 B
LocalService => 132244 B
NetworkService => 616150 B
m => 11044716997 B

RecycleBin => 0 B
EmptyTemp: => 10.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: ) (Date&Time: 15-09-2017 01:22:10)

C:\Program Files\Google\Chrome\Application\27.0.1453.116\default_apps\search.crx => is moved successfully
C:\Program Files\Google\Chrome\Application\27.0.1453.110\default_apps\search.crx => is moved successfully

==== End of Fixlog 01:22:10 ====

Link to post
Share on other sites

Good :) Now, let's get a fresh set of FRST logs so I can take a look and see if there's anything left to remove, since the first logs were so clustered with junk that I might have missed stuff.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2017 01
Ran by m (administrator) on M-PC (15-09-2017 02:17:15)
Running from C:\Users\m\Desktop
Loaded Profiles: m (Available Profiles: m)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Smadsoft) C:\Program Files\SMADAV\SMΔRTP.exe
(Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1846384 2017-06-16] (Smadsoft)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2154096 2011-04-06] (VIA)
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [8221896 2017-06-16] (FreeDownloadManager.org)
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac496-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\MountPoints2: {3dfac4a5-a625-11e3-8bb1-6c7763666e00} - H:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-06] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{3EB0E13E-8E45-44F4-A10A-E9A7A210659F}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{675DCF96-BE84-4AB1-9C1A-79DC33B55311}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{841212F6-ACA9-439B-892E-F89B86FD40A8}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{848E9A04-C2AF-4161-821E-4F6DE4FDF04E}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{91F7C5A3-837D-4989-BD38-E98D67CD7D50}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{EC8B69B7-2A1B-489B-8AC1-1876D8627DE5}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{FFD0D415-57EB-4C71-B80A-CE53A5D1FB98}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2012-04-07] (RealPlayer)
BHO: . -> {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6 Freeware\RNetPin.dll No File

FireFox:
========
FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default [2017-09-14]
FF user.js: detected! => C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\m78g5t0e.default\user.js [2013-07-26]
FF Session Restore: Mozilla\Firefox\Profiles\m78g5t0e.default -> is enabled.
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: (RealPlayer Browser Record Plugin) - C:\Program Files\Real\RealPlayer\browserrecord [2012-04-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff => not found
FF HKLM\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: (Mozilla Auto-Update) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-11-03] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-05-26] [not signed]
FF HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tightropeinteractive.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll [No File]
FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tnt2ghost.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2012-04-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-09] (Nullsoft, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BAVSvc; C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe [1554280 2013-07-08] (Baidu, Inc.)
S4 cFosSpeedS; C:\network\spd.exe [476504 2017-03-30] (cFos Software GmbH)
S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 GlassWire; C:\Program Files\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
S4 PCFasterSvc_{PCFaster_3.6.0.35848}; C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFasterSvc.exe [567792 2013-07-12] (Baidu Inc.) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S4 HWDeviceService.exe; "C:\ProgramData\DatacardService\HWDeviceService.exe" -/service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R3 cfos6link; C:\Windows\System32\DRIVERS\cfos6link.sys [525016 2010-05-03] (cFos Software GmbH)
R3 cFosBC; C:\Windows\System32\DRIVERS\cfosbc6.sys [323288 2009-04-09] (cFos Software GmbH)
S2 cFosNT; C:\Windows\System32\Drivers\cFosNT.sys [1314520 2014-02-05] (cFos Software GmbH)
R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1099096 2017-03-30] (cFos Software GmbH)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43344 2013-10-13] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
S4 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-29] (SecureMix LLC)
S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2013-06-03] () [File not signed]
S3 NPF; C:\Windows\System32\drivers\npf.sys [32512 2005-08-03] (CACE Technologies) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2011-03-29] (VIA Technologies, Inc.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-07 16:31 - 2017-11-07 16:31 - 000002626 _____ C:\Users\m\Downloads\legitcheck.hta
2017-09-14 21:59 - 2017-09-15 01:22 - 000042122 _____ C:\Users\m\Desktop\Fixlog.txt
2017-09-14 21:14 - 2017-09-14 21:14 - 000000000 ____D C:\Windows\system32\appmgmt
2017-09-14 17:47 - 2017-09-14 17:49 - 000049583 _____ C:\Users\m\Desktop\Addition.txt
2017-09-14 17:36 - 2017-09-15 02:19 - 000011719 _____ C:\Users\m\Desktop\FRST.txt
2017-09-14 17:31 - 2017-09-15 02:17 - 001794560 _____ (Farbar) C:\Users\m\Desktop\FRST.exe
2017-09-14 17:31 - 2017-09-15 02:17 - 000000000 ____D C:\Users\m\Desktop\FRST-OlderVersion
2017-09-14 04:29 - 2017-09-14 04:29 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-14 04:28 - 2017-09-14 10:26 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-14 04:26 - 2017-09-14 04:26 - 000001008 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-14 04:26 - 2017-09-14 04:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-14 04:25 - 2017-09-14 17:02 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-14 04:18 - 2017-09-11 10:46 - 035835424 _____ (Adlice Software ) C:\Users\m\Desktop\setup.exe
2017-09-14 03:12 - 2017-09-14 03:42 - 000000000 ____D C:\AdwCleaner
2017-09-14 00:56 - 2017-09-14 17:14 - 000006054 _____ C:\Users\m\Desktop\SMADAV log.txt
2017-09-13 21:39 - 2017-09-14 23:10 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-13 21:37 - 2017-09-14 23:55 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-13 21:36 - 2017-09-14 23:55 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-13 21:36 - 2017-09-13 21:36 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-13 21:36 - 2017-09-13 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-13 21:36 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-13 21:35 - 2017-09-13 21:35 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-13 19:17 - 2017-09-15 01:22 - 000000000 ____D C:\FRST
2017-09-09 19:34 - 2017-09-09 19:34 - 000000000 ____D C:\Users\m\AppData\Roaming\com.mcleodgaming.ssf2
2017-09-09 19:02 - 2017-09-09 19:02 - 000001060 _____ C:\Users\Public\Desktop\Super Smash Flash 2 Beta.lnk
2017-09-09 19:02 - 2017-09-09 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Smash Flash 2 Beta
2017-09-09 18:53 - 2017-09-09 19:02 - 000000000 ____D C:\Program Files\Super Smash Flash 2 Beta
2017-09-09 05:57 - 2017-09-09 06:00 - 000000000 ____D C:\ProgramData\Intel
2017-09-09 02:29 - 2004-09-27 22:25 - 000081920 _____ C:\Windows\system32\xmltok.dll
2017-09-09 02:29 - 2004-09-27 22:25 - 000053248 _____ C:\Windows\system32\xmlparse.dll
2017-09-09 02:29 - 2003-10-08 15:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.dll
2017-09-09 02:29 - 2003-10-08 15:29 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.dll
2017-09-06 04:40 - 2017-07-24 21:09 - 000786912 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2017-09-06 04:40 - 2017-07-24 21:09 - 000109024 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2017-08-25 00:39 - 2017-08-25 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (February 2010)
2017-08-25 00:39 - 2010-02-04 20:22 - 002719064 _____ (Microsoft Corporation) C:\Windows\system32\d3d9d.dll
2017-08-25 00:39 - 2010-02-04 20:22 - 000955224 _____ (Microsoft Corporation) C:\Windows\system32\XAudioD2_6.dll
2017-08-25 00:39 - 2010-02-04 20:22 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineD3_6.dll
2017-08-25 00:39 - 2010-02-04 20:22 - 000132952 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFXD1_4.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 005516120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCSXd_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 003795800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9d_33.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 002149208 _____ (Microsoft Corporation) C:\Windows\system32\D3dx9d_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000500056 _____ (Microsoft Corporation) C:\Windows\system32\D3D11Ref.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000497496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX10d_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000496472 _____ (Microsoft Corporation) C:\Windows\system32\D3D11SDKLayers.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000442712 _____ (Microsoft Corporation) C:\Windows\system32\D3D10SDKLayers.DLL
2017-08-25 00:39 - 2010-02-04 20:21 - 000434008 _____ (Microsoft Corporation) C:\Windows\system32\XactEngineA3_6.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Ref.DLL
2017-08-25 00:39 - 2010-02-04 20:21 - 000348504 _____ (Microsoft Corporation) C:\Windows\system32\d3dref9.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000252248 _____ (Microsoft Corporation) C:\Windows\system32\D3DX11d_42.dll
2017-08-25 00:39 - 2010-02-04 20:21 - 000045400 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudioD1_7.dll
2017-08-25 00:37 - 2017-08-25 00:39 - 000000000 ____D C:\Program Files\Microsoft DirectX SDK (February 2010)
2017-08-25 00:37 - 2017-08-25 00:36 - 000118104 _____ (Microsoft Corporation) C:\Windows\dxsdkuninst.exe
2017-08-24 21:24 - 2017-08-24 21:29 - 000001089 _____ C:\Users\m\Desktop\Continue XePlayer_Setup Installation.lnk
2017-08-24 17:55 - 2017-08-24 18:04 - 000000000 ____D C:\Users\m\AppData\Local\Zone Builder
2017-08-24 17:53 - 2017-08-24 17:53 - 000000000 ____D C:\Program Files\Zone Builder
2017-08-22 23:59 - 2017-08-22 23:59 - 000000000 ____D C:\Users\m\AppData\Local\doomseeker
2017-08-22 23:58 - 2017-08-23 00:02 - 000000000 ____D C:\Users\m\AppData\Roaming\.doomseeker
2017-08-21 18:12 - 2017-08-21 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SLADE
2017-08-20 17:08 - 2017-09-09 02:39 - 000000000 ____D C:\Program Files\SLADE
2017-08-20 17:07 - 2017-08-22 02:53 - 000000000 ____D C:\Users\m\AppData\Roaming\SLADE3
2017-08-20 17:07 - 2015-07-18 15:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-08-20 17:07 - 2015-07-18 15:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-08-20 17:00 - 2017-09-14 21:21 - 000000000 ____D C:\ProgramData\Package Cache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-15 02:02 - 2012-04-10 17:43 - 000000820 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-09-15 01:22 - 2012-04-10 17:43 - 000000816 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-09-14 23:54 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-14 22:14 - 2013-06-23 15:14 - 000000000 ____D C:\Users\m\AppData\LocalLow\Temp
2017-09-14 22:13 - 2014-02-01 20:07 - 000000952 _____ C:\Users\m\Desktop\Continue Supreme Downloader.lnk
2017-09-14 21:59 - 2017-06-30 12:25 - 000000000 ____D C:\Users\m\AppData\Local\Free Download Manager
2017-09-14 21:59 - 2013-08-20 13:01 - 000000000 ___RD C:\Users\m\AppData\Local\Start
2017-09-14 21:59 - 2009-07-14 04:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-14 21:46 - 2013-11-25 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisioForge Video Capture SDK
2017-09-14 21:46 - 2012-04-07 09:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-14 21:27 - 2013-10-11 06:46 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-09-14 21:27 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-09-14 21:24 - 2012-04-07 10:55 - 000000000 ____D C:\Users\m\AppData\Roaming\Skype
2017-09-14 21:24 - 2012-04-07 10:55 - 000000000 ____D C:\ProgramData\Skype
2017-09-14 21:22 - 2013-07-08 21:55 - 000000000 ____D C:\Users\m\AppData\Roaming\Baidu
2017-09-14 21:19 - 2014-03-07 20:31 - 000000000 ____D C:\ProgramData\DatacardService
2017-09-14 21:15 - 2009-07-14 04:37 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-14 20:06 - 2013-07-20 13:57 - 000000000 ____D C:\Users\m\AppData\Roaming\BitTorrent
2017-09-14 20:02 - 2017-06-30 19:39 - 000000000 ____D C:\Users\m\AppData\Roaming\discord
2017-09-14 20:00 - 2013-11-04 07:00 - 000000000 ____D C:\Users\m\AppData\Local\CrashDumps
2017-09-14 17:13 - 2016-12-21 01:51 - 000000000 ____D C:\Program Files\SMADAV
2017-09-14 09:45 - 2017-06-30 08:55 - 000001441 _____ C:\Users\m\Desktop\firefox - Shortcut.lnk
2017-09-14 01:25 - 2013-07-27 00:10 - 000000000 ____D C:\Users\m\AppData\LocalLow\Delta
2017-09-14 01:25 - 2013-07-26 01:01 - 000000000 ____D C:\Program Files\Delta
2017-09-12 14:52 - 2017-07-01 08:34 - 000000000 ____D C:\Windows\pss
2017-09-12 14:52 - 2013-05-24 18:10 - 024547056 _____ C:\Windows\ntbtlog.txt
2017-09-10 20:16 - 2013-07-04 14:34 - 000000000 ____D C:\Users\m\AppData\Local\ElevatedDiagnostics
2017-09-10 18:46 - 2012-04-07 08:41 - 000006362 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 13:59 - 2009-07-14 06:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-09 19:33 - 2014-06-17 06:28 - 000000000 ____D C:\Users\m\Documents\GTA Vice City User Files
2017-09-09 19:33 - 2013-10-17 12:25 - 000000000 ___RD C:\Users\m\Desktop\net
2017-09-09 19:33 - 2013-08-17 22:18 - 000000000 ____D C:\Users\m\Desktop\New folder
2017-09-09 19:26 - 2013-06-24 15:04 - 000000000 ____D C:\Users\m\Desktop\super sonic
2017-09-09 19:26 - 2012-04-24 07:53 - 000000000 ____D C:\Users\m\Documents\bloons
2017-09-09 17:35 - 2017-07-15 22:17 - 000000661 _____ C:\Users\m\Desktop\klcp_codec_log.txt
2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagwrn.xml
2017-09-08 04:08 - 2017-08-10 15:04 - 000001908 _____ C:\Windows\diagerr.xml

==================== Files in the root of some directories =======

2005-04-08 04:16 - 2017-07-16 18:26 - 000014065 ____H () C:\Users\m\AppData\Roaming\mlog.dat
2013-08-16 00:50 - 2013-08-16 00:50 - 000024232 _____ () C:\Users\m\AppData\Roaming\UserTile.png
2013-05-31 17:20 - 2014-07-16 10:24 - 000016896 _____ () C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 11:16 - 2017-07-01 15:47 - 000007597 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


safeboot: DsRepair => The system is configured to boot to Safe Mode <==== ATTENTION

LastRegBack: 2017-09-10 20:08

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-09-2017 01
Ran by m (15-09-2017 02:21:43)
Running from C:\Users\m\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-04-07 07:02:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1375491003-1713059225-295888860-500 - Administrator - Disabled)
Guest (S-1-5-21-1375491003-1713059225-295888860-501 - Limited - Disabled)
m (S-1-5-21-1375491003-1713059225-295888860-1000 - Administrator - Enabled) => C:\Users\m

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Air Force Missions (HKLM\...\Air Force Missions_is1) (Version: 1.0 - MyPlayCity, Inc.)
Any Video Converter 5.0.9 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version:  - )
Burrito Bison Revenge (HKLM\...\Burrito Bison Revenge_is1) (Version:  - Shmehao.com)
Butterfly Escape 1.2 (HKLM\...\Butterfly Escape_is1) (Version:  - Genimo Interactive LLC)
CCProxy 7.3 (HKLM\...\CCProxy_is1) (Version:  - Youngzsoft, Inc.)
cFos 2000/XP/Vista DSL/ISDN Driver 8.00.3101 (HKLM\...\cFos) (Version: 8.00.3101 - cFos Software GmbH, Bonn)
cFos Broadband Connect v1.06 (HKLM\...\cFos Broadband Connect) (Version: 1.06 - cFos Software GmbH, Bonn)
cFos IPv6 Link v2.52 (HKLM\...\cFos IPv6 Link) (Version: 2.52 - cFos Software GmbH, Bonn)
cFos Outlook DAV v1.10 (HKLM\...\cFos Outlook DAV) (Version: 1.10 - cFos Software GmbH, Bonn)
cFos Personal Net v3.00 (HKLM\...\cFos Personal Net) (Version: 3.00 - cFos Software GmbH, Bonn)
cFosSpeed v10.22 (HKLM\...\cFosSpeed) (Version: 10.22 - cFos Software GmbH, Bonn)
Chicken Invaders 3 (HKLM\...\Chicken Invaders 3_is1) (Version:  - )
Chicken Invaders 4: Ultimate Omelette Uninstaller (HKLM\...\Chicken Invaders 4: Ultimate Omelette Uninstaller) (Version:  - )
Chicken Invaders: Cluck of the Dark Side demo v5.00 (HKLM\...\Chicken Invaders: Cluck of the Dark Side demo_is1) (Version:  - InterAction studios)
Client for Google Translate (HKLM\...\Translate Client) (Version: 6.0.612 - )
Debut Video Capture Software (HKLM\...\Debut) (Version: 1.82 - NCH Software)
Discord (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Document.Editor 2013.26 (HKLM\...\Document.Editor) (Version: 2013.26 - Semagsoft)
ESET NOD32 Antivirus (HKLM\...\{083ABCCD-D0A1-4068-A2B1-A4D06E0B9951}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
Farm Frenzy 2 (HKLM\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Fishdom (HKLM\...\Fishdom_is1) (Version: 1.0 - Media Contact LLC)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
Garden TD (HKLM\...\{908450B6-FED3-4981-958D-EDFEA09BA3D7}_is1) (Version:  - ePlaybus.com)
GlassWire 1.2 (remove only) (HKLM\...\GlassWire 1.2) (Version: 1.2.102 - SecureMix LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 26.0.1410.64 - Google Inc.)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.153 - Google Inc.) Hidden
GTA San Andreas Control Center v2.1.1 (HKLM\...\GTA San Andreas Control Center v2.1.1) (Version: Release 2.1.1 - open source)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Internet Music Capture 6.2.5.6 (HKLM\...\{24F91F2A-AE77-4E45-A82F-26E3460BE7C2}) (Version: 6.2.5.6 - E-Soft)
K-Lite Mega Codec Pack 7.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
MAGIX Movie Edit Pro 17 Download Version (HKLM\...\{B2C8ABEF-C3D4-493C-8AB1-179FF999F64A}) (Version: 10.0.0.1 - MAGIX AG) Hidden
MAGIX Movie Edit Pro 17 Download Version (HKLM\...\MAGIX_MSI_Videodeluxe17) (Version: 10.0.0.1 - MAGIX AG)
MAGIX Screenshare (HKLM\...\{624A1753-9DA0-4CC2-A695-303A9F224B45}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed 2 (MSI) (HKLM\...\{BEF2491B-A1B5-463B-92E6-370C9548E065}) (Version: 6.0.1.2 - MAGIX AG)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Mario Forever 3.0 (HKLM\...\Mario Forever) (Version: 3.0 - Buziol Games)
Mario Forever Galaxy  (HKLM\...\Mario Forever Galaxy) (Version:  - Buziol Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft DirectX SDK (February 2010) (HKLM\...\Microsoft DirectX SDK (February 2010)) (Version: 9.28.1886.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 5.0.1 (x86 ar) (HKLM\...\Mozilla Firefox 5.0.1 (x86 ar)) (Version: 5.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCH Tone Generator (HKLM\...\ToneGen) (Version: 3.07 - NCH Software)
Neighbours From Hell Online Demo (HKLM\...\{5945A4B9-CB8F-4960-9C66-690780BEF4D4}) (Version: 1.0 - JoWooD Studio Vienna)
Office Animation Runtime (HKLM\...\{AEEB3643-71DE-414d-9E3F-1159177FE211}) (Version: 11.0.5510.0 - Microsoft Corporation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Orca (HKLM\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation)
PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: 2.36 - NCH Software)
PhotoStage Slideshow Producer (HKLM\...\PhotoStage) (Version: 2.24 - NCH Software)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Hidden
Potty Racers 3 (HKLM\...\Potty Racers 3_is1) (Version:  - Shmehao.com)
Prism Video File Converter (HKLM\...\Prism) (Version: 2.01 - NCH Software)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RogueKiller version 12.11.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.14.0 - Adlice Software)
SLADE version 3.1.1.5 (HKLM\...\{3EFD0AA9-5156-40DB-9646-360180FF5DFA}_is1) (Version: 3.1.1.5 - )
SMADAV version 11.5 (HKLM\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.5 - Smadsoft)
Super Smash Flash 2 Beta (HKLM\...\{7603695C-A9FF-48D5-BE83-CD07DB80E957}_is1) (Version: 1.0.0.0 - McLeodGaming, Inc.)
Toad for Oracle 10.6 Freeware (HKLM\...\{B7B361DE-C9E6-4047-AF83-2C9CCE0AF4F3}) (Version: 10.6.0.42 - Quest Software, Inc.)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Video Capture SDK Delphi TRIAL (HKLM\...\{3D46BD05-CA91-46C9-9C78-FBF10A65D471}) (Version: 8.0.2.0 - VisioForge) Hidden
Video Capture SDK Delphi TRIAL (HKLM\...\Video Capture SDK Delphi TRIAL 8.0.2.0) (Version: 8.0.2.0 - VisioForge)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.04 - NCH Software)
Vodafone Wi-Fi (HKLM\...\{F08DBC61-FBFC-4D26-997F-74B42C51DC56}) (Version: 2.0.9.48121 - Vodafone)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.55 - NCH Software)
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zone Builder 2.6 (HKLM\...\Zone Builder_is1) (Version:  - MascaraSnake)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ContextMenuHandlers1: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.)
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-01-31] ()
ContextMenuHandlers6: [BaiduShellEx] -> {81EBAFAF-6E03-4884-87FE-C9F904A06347} => C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFShellEx.dll [2013-07-12] (Baidu Inc.)
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files\Baidu Security\Cloud Security\BavShx.dll [2013-07-08] (Baidu, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2012-03-07] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files\SMADAV\SmadExtc.dll [2010-02-19] (Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A468F3-2B0D-4982-B74F-779897DF4AC9} - System32\Tasks\{E904F735-E5C9-446C-89F4-8065C9D04CCB} => F:\games\OpenURL.exe
Task: {1B6FF82A-DF2A-4FCF-92FA-14A2E25F07B7} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Cloud Security\BavUpdater.exe [2013-07-08] (Baidu, Inc.)
Task: {33352777-A6D2-494A-8363-79BC065EA1CB} - System32\Tasks\cFos\cfospnet\cFos Personal Net Port Monitoring => F:\برامج\network\setup.exe
Task: {487AF48A-E4B3-4E64-8F35-B2649A1F851B} - System32\Tasks\{3B31C0C8-BA7F-4DFD-A8D7-FC1694ED8E3E} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] ()
Task: {58416E09-F255-41C2-A2D5-05B7DDA1291D} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\google\chrome\application\old_chrome.exe "hxxp://localhost:1487/cfosspeed/console.htm"
Task: {5D3F6B74-8582-4632-B051-4D6C6F4D117E} - System32\Tasks\Driver Whiz-RTMScanRunOnce => F:\برامج\وايرليس\DriverWhiz.exe
Task: {625685A0-C04C-4598-ADEA-8D545C4A0F60} - System32\Tasks\{F219436C-CF36-43D4-B478-503DAC6B2E79} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\NCH Software\Debut\debutfilterinstallerx86.exe" -d "C:\Program Files\NCH Software\Debut"
Task: {6ECB8FD2-0FD4-4EA6-B10E-13980E77ABEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated)
Task: {80C23D04-B7BB-4261-93BC-B20F7109B7A5} - System32\Tasks\{8C4E4B5B-5E09-4976-98E4-BEF866DF75AE} => D:\ألعاب متسممة\SMBX\smbx.exe
Task: {BC27A08E-31F7-4D43-A173-84D5BD87DD94} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2017-06-16] (Smadsoft)
Task: {D863E55F-7899-4196-AFAD-5E2054A69AA8} - System32\Tasks\cFos\cfospnet\cFos Personal Net Start at Login => F:\برامج\network\cfospnet.exe
Task: {E57E2849-5426-4B21-BCAB-D0F2163EA22F} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-06-16] (FreeDownloadManager.org)
Task: {E67C12FD-0FAD-4088-AD2F-9158C67F632C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: {EF1CAE8C-481F-42F6-B5C3-6E6A240FFC2E} - System32\Tasks\{7D5AA710-08D3-4C54-BC10-14E87F8E5090} => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2011-08-08] ()
Task: {F0198F2E-D7A0-4D7B-898D-7D2BDE09D850} - System32\Tasks\{A8FC80F4-0EB5-4686-B0AB-85B548A28FFC} => C:\Users\m\Desktop\Sonic Generations.exe
Task: {F9142D59-893F-4E79-A3CC-E4980135A503} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: {FD4F824F-368F-4136-9A4C-140319DBF71D} - \FTdownloader V4.0-updater -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-30 12:22 - 2017-06-15 18:41 - 000023552 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2014-01-31 16:45 - 2014-01-31 16:45 - 000597360 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2017-08-11 00:46 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-11 00:46 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-11 00:46 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\m\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-11 01:34 - 2017-08-31 10:59 - 009622008 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-11 01:34 - 2017-08-11 01:34 - 001440248 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-15 01:58 - 2017-09-15 01:58 - 000148992 _____ () \\?\C:\Users\m\AppData\Local\Temp\7936.tmp.node
2017-08-09 22:14 - 2017-08-09 22:14 - 002658296 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-11 11:54 - 2017-08-11 11:54 - 002673656 _____ () \\?\C:\Users\m\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-09-14 22:13 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\m\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BAVSvc => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: DPService => 2
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: Etisalat 3.75G USB Modem. RunOuc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: GlassWire => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HWDeviceService.exe => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PCFasterSvc_{PCFaster_3.6.0.35848} => 2
MSCONFIG\Services: Update LemurLeap => 2
MSCONFIG\Services: Util LemurLeap => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Driver Auto Setup Launcher.lnk => C:\Windows\pss\Driver Auto Setup Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Translate Client.lnk => C:\Windows\pss\Translate Client.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Baidu PC Faster 3.6.0.35848 => "C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFaster.exe" -auto -start
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: cfos6link Daemon => C:\Program Files\cfos6link\w6link.exe
MSCONFIG\startupreg: cFosBC Daemon => C:\Program Files\cFosBC\wbc.exe
MSCONFIG\startupreg: cFosDNT => C:\Program Files\cFos\cFosDNT.exe
MSCONFIG\startupreg: cFosSpeed => C:\network\cFosSpeed.exe
MSCONFIG\startupreg: Discord => C:\Users\m\AppData\Local\Discord\app-0.0.298\Discord.exe
MSCONFIG\startupreg: Driver Whiz => F:\برامج\وايرليس\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: DrvUpdater => C:\Users\m\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
MSCONFIG\startupreg: GlassWire => "C:\Program Files\GlassWire\glasswire.exe" -hide
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Download_Version\TrayServer.exe
MSCONFIG\startupreg: USB Gamepad => C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
MSCONFIG\startupreg: uTorrent => "C:\Users\m\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VodafoneMobileWiFi => C:\Program Files\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: cFosNT
Description: cFosNT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cFosNT
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2017 12:31:29 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8007043c).

Error: (09/15/2017 12:31:29 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8007043c).

Error: (09/14/2017 11:56:58 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (09/14/2017 11:46:36 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8007043c).

Error: (09/14/2017 11:46:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8007043c).

Error: (09/14/2017 11:12:11 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (09/14/2017 09:46:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe -Embedding; Description = Configured Platform; Error = 0x8007043c).

Error: (09/14/2017 09:45:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Video Capture SDK Delphi TRIAL; Error = 0x8007043c).

Error: (09/14/2017 09:45:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Video Capture SDK Delphi TRIAL; Error = 0x8007043c).

Error: (09/14/2017 09:27:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\m\AppData\Local\Temp\setB6B2.tmp -deleter -l0x9  -your_launchersetup.exe -clone_of"c:\program files\installshield installation information\{66ed8e01-c915-41f5-b33e-c5c31f27b885}\"; Description = Removed USB Network Driver; Error = 0x8007043c).


System errors:
=============
Error: (09/15/2017 01:22:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (09/15/2017 01:22:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (09/14/2017 11:56:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error:
The system cannot find the file specified.

Error: (09/14/2017 11:54:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
The specified service does not exist as an installed service.

Error: (09/14/2017 11:54:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ehdrv
spldr

Error: (09/14/2017 11:54:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (09/14/2017 11:54:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/14/2017 11:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Link-Layer Topology Discovery Responder service failed to start due to the following error:
The driver was not loaded because the system is booting into safe mode.

Error: (09/14/2017 11:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error:
The driver was not loaded because the system is booting into safe mode.

Error: (09/14/2017 11:54:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:51:10 م on ‏14/‏09/‏2017 was unexpected.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 1981.24 MB
Available physical RAM: 1136.65 MB
Total Virtual: 4262.48 MB
Available Virtual: 3348.78 MB

==================== Drives ================================

Drive c: (MEMOREY) (Fixed) (Total:46.43 GB) (Free:16.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FILMS ) (Fixed) (Total:141.58 GB) (Free:78.62 GB) NTFS
Drive e: (WIN_UPDATES) (Fixed) (Total:139.33 GB) (Free:130.95 GB) NTFS
Drive f: (MY FILES ) (Fixed) (Total:138.42 GB) (Free:44.84 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=46.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=419.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.