Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me remove Arcade Cake


  • This topic is locked This topic is locked
4 replies to this topic

#1 joesgirl46

joesgirl46

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 14 December 2015 - 08:24 PM

Computer infected with Arcade Cake. Popups constantly. Please advise.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-12-2015
Ran by Simos (2015-12-14 19:05:33)
Running from C:\Users\Simos\Downloads
Windows 10 Pro (X64) (2015-12-07 19:01:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1403406211-17506623-461093063-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1403406211-17506623-461093063-503 - Limited - Disabled)
Guest (S-1-5-21-1403406211-17506623-461093063-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1403406211-17506623-461093063-1003 - Limited - Enabled)
LogicSpeak (S-1-5-21-1403406211-17506623-461093063-1000 - Administrator - Enabled) => C:\Users\LogicSpeak
Simos (S-1-5-21-1403406211-17506623-461093063-1001 - Administrator - Enabled) => C:\Users\Simos
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Managed Antivirus Managed Antivirus (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Managed Antivirus Managed Antivirus (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Advanced Monitoring Agent GP (HKU\S-1-5-21-1403406211-17506623-461093063-500\...\Advanced Monitoring Agent GP) (Version: 1.0.0 - Remote Monitoring Services)
Advanced Monitoring Agent GP (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
Advanced Monitoring Agent GP (x32 Version: 1.0.0 - Remote Monitoring Services) Hidden
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 12.0.0.740 - LogicNow, Ltd.)
Appgen Custom Suite Windows Client (HKLM-x32\...\{7DA49FE6-DA74-11D5-9BD5-0001033438CF}) (Version:  - )
Appgen Custom Suite Windows ODBC Client (HKLM-x32\...\{163EACE5-DA76-11D5-9BD5-0001033438CF}) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Dell SonicWALL NetExtender (HKLM-x32\...\Dell SonicWALL NetExtender) (Version: 6.0.182 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.103 - ALPS ELECTRIC CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10002.14 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{645065ef-124b-4017-ae38-6b625817f144}) (Version: 17.15.0 - Intel Corporation)
LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Secure Backup (HKLM\...\{4837C529-AAAA-47E3-95FC-70C69C003160}) (Version: 3.16 - My Secure Backup)
MySQL Connector/ODBC 5.1 (HKLM\...\{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}) (Version: 5.1.8 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PANTECH UM175 Driver (HKLM\...\{C13AF9C7-8E06-4354-B629-DF6192CE4A66}) (Version: 3.3.3524.918 - PANTECH CO.,LTD)
PANTECH UML290 (HKLM\...\{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}) (Version: 4.11.2.0 - PANTECH CO., LTD)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6075 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
TKO Setup 82 - 10.21.2014 (HKLM-x32\...\ST6UNST #2) (Version:  - )
tko_enhancements_v1.34 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Verizon Mobile Broadband Drivers (HKLM-x32\...\{8BF85767-903F-4E68-86F3-ECF71DF27AA9}) (Version: 3.24.018.001.14 - Novatel Wireless)
Verizon Mobile Broadband Manager (HKLM-x32\...\{8E2CA4F7-9522-483B-A50B-DC9641106A1E}) (Version: 0.1.5810 - Verizon)
Verizon Wireless UML290 Firmware Updates (HKLM-x32\...\{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}) (Version: 1.0.11 - Smith Micro Software, Inc.)
Verizon Wireless USB551L Firmware Updates (HKLM-x32\...\{9BD53EBD-C5C1-45F3-BF4C-84D8A62A8393}) (Version: 1.0.5 - Smith Micro Software, Inc.)
VZAccess Manager (HKLM-x32\...\{FF35BA14-9CF3-41DD-9BC3-7C2A0763B4F3}) (Version: 7.9.1.0 - Smith Micro Software Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1403406211-17506623-461093063-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Simos\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Restore Points =========================
 
13-12-2015 15:43:21 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2015-12-14 17:35 - 00450805 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15463 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0773B26E-A6B8-4DFA-97DD-EDE603576DEA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {077728DB-7EF8-45D6-88E0-B803A5C7CA1D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {0A3AEF69-2178-40EC-A302-576DA4363EC4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {0F7B7FA8-B608-495A-8865-4F7AFBA4EC7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {111B54A3-5156-440F-89A9-14AE6401BF07} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {15B1E71D-797D-45C5-B164-74B3176B4EFD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {17613DA3-8DDC-46DC-A63B-0866DDF3C92F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1AC8C08D-EA35-4ED2-8702-10038F506DD1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {20C20532-0B38-447C-98C5-2A74B1B398FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {242C07B3-EBB0-46C9-A94E-D3616C12A4E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {30926C12-7A7F-419E-93AE-EBFAFC2A12C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-14] (Google Inc.)
Task: {30C65506-EDE2-491A-98F1-4D65F575DB7B} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-11-22] (Enigma Software Group USA, LLC.)
Task: {36C1D670-8BF7-4719-868F-2D2AF30BA01A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {3F2B385F-23DD-4763-A698-FE6600173898} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4B20A145-8AEA-49C2-81A6-F0A8202078DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4F46EC96-1DD9-4B58-A0B4-D082EDD049CB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {5B9CA6D7-4BB9-47CF-B30D-17C40184D4FB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {5CB8A4B8-25A9-4AF0-A565-3C37221BFCC3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5F0746D1-5BE7-4435-90E2-DACB82742ABA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {6A3FA665-C9C2-48BB-84D5-236DD4FE60ED} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6C864635-BD76-40AB-BEFA-14D9342620C9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {725F35E4-F6E5-4935-8429-3ACFA6E75810} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {73511AD5-0F14-4596-B14A-B8C8813E28D7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7A836C11-D705-4C7E-8B1F-1A946956DF98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {7E6516BD-B442-42A5-8089-355D158059CC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {87EAE105-C54A-4B36-BC3F-804A73305233} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {93A999DB-A1B2-4BE5-A212-3A5087557A5D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {96C67A3F-E713-4956-AB67-ED8BC4C11A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-14] (Google Inc.)
Task: {A471F11F-9A16-4D27-8883-CFDD2C0A7794} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {AE0D6C56-D37B-4AB9-9910-F6D993B6B97B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AF486157-382A-401E-B6CC-4CB767205369} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AF934B5F-1C45-4017-B699-5FECFF649D46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B6B453B8-728B-470F-A0E8-08E06B0EF48E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-13] (Microsoft Corporation)
Task: {B7B8812F-2FE2-4FCE-9014-AD613BF60E3A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {BB993681-64BC-45A1-9520-4334081D5826} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {C1540FA7-D32E-487B-BAAF-E40462FD15DF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {CB55467D-2FDE-4AAD-A017-A12AF1E686B0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {D1D45062-B0B3-48A6-A9B0-68253A611D78} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {DB2AC65D-9D4C-48DA-81AD-1A8B7C0801DA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DC22D15D-C61B-4AEE-B486-C8433AA845BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DE8DF335-5C7B-432F-A0E9-95A0283FBD4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E35F2F86-0206-410A-9B01-E3D723FCA2B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E447F75A-A2D3-4B17-87F8-5E4E8B2F8E7D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-09-27] (Realtek Semiconductor)
Task: {EBE81BA0-5C30-43AF-896A-B959691062D2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F171477E-554F-4B72-B1C0-7431B028975B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F420B7EA-4C33-4CD2-B9B4-11E59BCDEA08} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F6AE10DF-ECA6-449E-9469-E0CFBD81A40D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-04-23 15:01 - 2013-10-23 12:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2011-05-19 09:14 - 2011-05-19 09:14 - 00260096 _____ () C:\Program Files\My Secure Backup\monitor_images.dll
2015-10-30 01:18 - 2015-12-07 14:28 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-27 21:03 - 2015-09-27 21:03 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-30 01:17 - 2015-10-30 01:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 01:17 - 2015-10-30 01:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 01:17 - 2015-10-30 01:17 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-07 14:33 - 2015-12-07 14:33 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 01:18 - 2015-10-30 03:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 01:18 - 2015-10-30 03:07 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2015-11-21 08:12 - 2015-11-21 08:12 - 09074176 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-11-21 08:12 - 2015-11-21 08:12 - 02416640 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-12-13 10:19 - 2015-12-13 10:19 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.34020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-13 10:23 - 2015-12-13 10:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-06-24 13:48 - 2015-06-26 02:13 - 00184184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\Definitions\libBase64.dll
2015-06-24 13:48 - 2015-06-26 02:13 - 00175992 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\Definitions\libMachoUniv.dll
2015-12-13 10:23 - 2015-12-13 10:23 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-13 10:23 - 2015-12-13 10:23 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-14 17:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-14 17:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-14 17:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-14 17:25 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-14 17:25 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-14 18:40 - 2015-12-04 15:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-14 18:40 - 2015-12-04 15:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-12-14 18:40 - 2015-12-04 15:32 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files\Advanced Monitoring Agent Network Management:Win32App_1
AlternateDataStreams: C:\Program Files\DellTPad:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\My Secure Backup:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Advanced Monitoring Agent GP:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\LogMeIn:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Novatel Wireless:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-1001\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1403406211-17506623-461093063-500\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1403406211-17506623-461093063-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Simos\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
HKU\S-1-5-21-1403406211-17506623-461093063-500\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Secure Backup.lnk => C:\windows\pss\My Secure Backup.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{A0A9A690-B5AC-4EF2-90D7-4E4CEB881163}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
FirewallRules: [{C6683DE1-D032-4207-B00E-BC214E3A8994}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
FirewallRules: [{5D8BCA3A-C27A-462F-9800-07FBC5368B68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C9EED43-3215-4F44-AC06-6245E90D755D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A1049AA-733A-4FCE-9085-697A8ED48763}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{8D9A1537-A739-4BC0-B2FE-0298F1A5EFAD}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{2B7F93CB-2CAC-4FCE-B0C8-295F6BA94B43}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{3D6B7BCC-63DE-4D22-A034-6D97323CA4DC}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{8BC86C49-4DB6-48D4-8B0C-9041BD004B6B}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{D2C8727B-6394-4D3D-9A16-7718AE053C2C}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{83378524-828C-4A56-99C2-B641ADC00ADA}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{A426F6D0-EE19-44A9-A468-D14749A8AA92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{07AD77DE-FF5E-4C72-B945-9D2FBCD58BDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{782A1D40-7FDE-4244-BB73-21DB408E8E84}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{13ADA5FF-DB7C-4189-BDE4-1D337C750FF9}C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe] => (Allow) C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe
FirewallRules: [UDP Query User{74975BFB-961F-4C93-ADBE-D4123E242F18}C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe] => (Allow) C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe
FirewallRules: [TCP Query User{BF7474AC-55A0-4B79-8AA4-440F3D8C95E6}C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe] => (Block) C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe
FirewallRules: [UDP Query User{78DAA8F4-E962-4C74-A736-EC6B8FDFD9FA}C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe] => (Block) C:\program files (x86)\verizon\verizon mobile broadband manager\hostmgr.exe
FirewallRules: [{71B3755B-29E2-492A-8DEA-555B042399D3}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{89DCB177-7472-4225-93BA-4166D50C174E}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [TCP Query User{1B1DA90A-EF1B-4925-B31D-9CDDE85B9AED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F9646531-3F19-4CE9-B709-6ED89D1C3EAB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4F2A0013-52F8-4DFE-A039-5635F80BE605}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: STMicroelectronics 3-Axis Digital Accelerometer
Description: STMicroelectronics 3-Axis Digital Accelerometer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: STMicroelectronics
Service: ST_Accel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/13/2015 03:43:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/13/2015 10:27:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GBVTR32)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/13/2015 10:22:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GBVTR32)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/13/2015 10:21:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GBVTR32)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/13/2015 10:15:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GBVTR32)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/13/2015 10:09:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GBVTR32)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/13/2015 10:00:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GBVTR32)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/13/2015 09:44:29 AM) (Source: MsiInstaller) (EventID: 11706) (User: GBVTR32)
Description: Product: Verizon Mobile Broadband Manager -- Error 1706. An installation package for the product Verizon Mobile Broadband Manager cannot be found. Try the installation again using a valid copy of the installation package 'VMBM_win.msi'.
 
Error: (12/07/2015 12:58:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Error: (12/07/2015 12:58:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (12/13/2015 09:38:51 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:50 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:50 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:50 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:50 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:13 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:13 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:13 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:13 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/13/2015 09:38:13 AM) (Source: DCOM) (EventID: 10016) (User: GBVTR32)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GBVTR32SimosS-1-5-21-1403406211-17506623-461093063-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
 
CodeIntegrity:
===================================
  Date: 2015-12-14 14:45:06.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-13 17:28:53.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-07 13:01:30.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-07 12:57:48.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-07 12:57:47.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-07 12:38:49.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 4002.72 MB
Available physical RAM: 1657.64 MB
Total Virtual: 5410.72 MB
Available Virtual: 2537.55 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:465.27 GB) (Free:408.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 517C779A)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================Attached File  CheckResults.txt   8.53KB   1 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 AM

Posted 15 December 2015 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You are running the Farbar tool from a downloads folder.
Running from C:\Users\Simos\Downloads

Please copy the Farbar programl to your Desktop.
You will be creating a Fixlist.txt as suggested below. Place the File in the Desktop folder also.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {0773B26E-A6B8-4DFA-97DD-EDE603576DEA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {111B54A3-5156-440F-89A9-14AE6401BF07} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {20C20532-0B38-447C-98C5-2A74B1B398FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {242C07B3-EBB0-46C9-A94E-D3616C12A4E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4B20A145-8AEA-49C2-81A6-F0A8202078DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {725F35E4-F6E5-4935-8429-3ACFA6E75810} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {73511AD5-0F14-4596-B14A-B8C8813E28D7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93A999DB-A1B2-4BE5-A212-3A5087557A5D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AF486157-382A-401E-B6CC-4CB767205369} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DC22D15D-C61B-4AEE-B486-C8433AA845BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F6AE10DF-ECA6-449E-9469-E0CFBD81A40D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Program Files\Advanced Monitoring Agent Network Management:Win32App_1
AlternateDataStreams: C:\Program Files\DellTPad:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\My Secure Backup:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Advanced Monitoring Agent GP:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\LogMeIn:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Novatel Wireless:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

I need to see the FRST.TXT file that was created by the Fabar program.
Please post it in your next reply.

We have more work to do.
===

p.s.
Quoted from your MBAM log.

AntiVirus Information:
===================
NO AntiVirus Software Installed

FireWall Information:
===================
NO 3rd Party FireWall Software Installed

AntiSpyware Information:
===================
NO AntiSpyware Software Installed


Please read the following article and install at least a Antivirus and a Firewall.
You cannot surf the new without any protection.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 AM

Posted 20 December 2015 - 11:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 AM

Posted 27 December 2015 - 10:52 AM

This topic has been re-opened at the request of the person who originally posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:53 AM

Posted 01 January 2016 - 08:54 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users