Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot turn on Avira Real-time protection and Windows firewall


  • This topic is locked This topic is locked
7 replies to this topic

#1 Allecrast

Allecrast

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 31 December 2015 - 10:55 PM

Hello bleepingcomputer helpers, I hope you can help me fixing this problem, I've been trying hard with my limited knowledge and google skills to find solution for this, but to no avail...

 

First of all I noticed that I cannot turn on Avira Real-time protection few weeks ago, and from google, they said It must be because of Virus/Malware/Adware/Spyware (there's several opinion about this).

- And so, I start with full scan using Avira, found a few trojan (quarantined).

- Then I scan using Malwarebytes, also found few malwares, and fixed it(using the software).

- I also use SuperAntiSpyware, and also found few problems, and fixed it(using the software).

 

But all of it failed to fix the main problem, which is turning on real-time protection. And so I went to bleepingcomputer.com (from google) there was also a previous problem posted http://www.bleepingcomputer.com/forums/t/482982/cant-enable-avira-realtime/

But the thread doesnt have any solution (because the poster never responded afterwards).

And when I read the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help", I also noticed that I can't turn on the Windows Firewall (screenshot included)

 

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by PERSONAL (administrator) on PERSONAL-PC (01-01-2016 10:33:10)
Running from D:\New Downloads
Loaded Profiles: PERSONAL (Available Profiles: PERSONAL & Lidia)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Windows\System32\PnkBstrA.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(LINE Corporation) C:\Program Files\LINE\LINE.exe
() C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(AAA Internet Publishing, Inc.) C:\Program Files\WTFast\WTFast.exe
(OpenDNS) C:\Program Files\OpenDNS\DNSCrypt\OpenDNSInterface.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(LINE Corp) C:\Program Files\LINE\LinePlayer\LinePlayer.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
() C:\Program Files\Kill Ping\Kill Ping.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7549184 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [803200 2015-12-03] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [LINE] => C:\Program Files\LINE\LINE.exe [17456664 2015-12-07] (LINE Corporation)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [3753304 2015-06-10] (Disc Soft Ltd)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [Google Update] => C:\Users\PERSONAL\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-02] (Google Inc.)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [9738392 2015-08-03] (Hagel Technologies Ltd.)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3915776 2015-09-23] (Tonec Inc.)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-12-02] (SUPERAntiSpyware)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [Steam] => E:\Steam\steam.exe [3013712 2015-12-15] (Valve Corporation)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [WTFast Tray] => C:\Program Files\WTFast\WTFast.exe [5255256 2015-09-14] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Run: [GoogleChromeAutoLaunch_11812DE3B79EFB2253A22929E870A4DF] => C:\Users\PERSONAL\AppData\Local\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\MountPoints2: {860ab1c3-30c8-11e5-9431-448a5bd7085c} - H:\autorun.exe
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\MountPoints2: {c3db9b67-2789-11e5-bb16-806e6f6e6963} - F:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\MountPoints2: {ddea32a1-5caf-11e3-995b-cec589b46a92} - G:\DriverPackSolution.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenDNSCrypt.lnk [2015-07-11]
ShortcutTarget: OpenDNSCrypt.lnk -> C:\Windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_7245386387960A1D7D5229.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735;
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:49735;https=127.0.0.1:49735;
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\Windows\system32\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 02 C:\Windows\system32\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 06 C:\Windows\system32\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 07 C:\Windows\system32\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 15 C:\Windows\system32\WTFastDrv.dll [72296 2015-04-08] (Initex)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 46.101.178.39 8.8.8.8
Tcpip\..\Interfaces\{4B612B6E-A310-41F8-86F3-FE7A5BD820AE}: [DhcpNameServer] 46.101.178.39 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2213181815-4229501440-842373124-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-08-28] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-04] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-04] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2010-12-03] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-04] (Oracle Corporation)
FF Plugin: @live.heroesandgenerals.com/npretox -> E:\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-12-22] (Reto-Moto ApS)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2213181815-4229501440-842373124-1000: @tools.google.com/Google Update;version=3 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2213181815-4229501440-842373124-1000: @tools.google.com/Google Update;version=9 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-07-11]
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-09-23]
FF Extension: Greasemonkey - C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-22]
FF Extension: DownThemAll! - C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-06]
FF Extension: ChatZilla - C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-12-10]
FF Extension: No Name - C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2015-11-08] [not signed]
FF Extension: YouTube High Definition - C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-12-31]
FF Extension: Adblock Plus - C:\Users\PERSONAL\AppData\Roaming\Mozilla\Firefox\Profiles\g4wbyla9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\PERSONAL\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\PERSONAL\AppData\Roaming\IDM\idmmzcc5 [2015-12-31] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\PERSONAL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\PERSONAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-13]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\PERSONAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-12-29]
CHR Extension: (Avira Browser Safety) - C:\Users\PERSONAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PERSONAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-11]
StartMenuInternet: Google Chrome.GVLCR4IUVTHVGWPABFE3SXV3FY - C:\Users\PERSONAL\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"44ed7dae9f4beb2f" => service could not be unlocked. <===== ATTENTION

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S4 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [948392 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1418560 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1094488 2015-06-10] (Disc Soft Ltd)
S2 DNSCrypt; C:\Program Files\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [14336 2012-08-31] () [File not signed]
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [5777048 2015-08-03] (Hagel Technologies Ltd.) [File not signed]
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [245544 2016-01-01] (EasyAntiCheat Ltd)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-12-04] (Macrovision Europe Ltd.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-10-07] (Nitro PDF Software)
S3 npggsvc; C:\Windows\system32\GameMon.des [3512928 2015-07-23] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-25] ()
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106968 2015-12-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136272 2015-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-12-04] (DT Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25016 2015-07-25] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [39992 2015-07-25] (Disc Soft Ltd)
R3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19688 2015-08-03] (Hagel Technologies Ltd.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [37576 2014-02-03] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712576 2010-11-21] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-21] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [44624 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed]
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2004-12-31] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1211264 2010-11-21] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed]
R3 NVHDA; C:\Windows\System32\drivers\nvhda32v.sys [171352 2015-06-17] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [9129800 2015-06-17] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2010-11-21] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2010-11-21] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56192 2010-11-21] () [File not signed]
R2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-21] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12368 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [180288 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1383488 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106064 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-21] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-21] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-21] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2010-11-21] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-21] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [731904 2015-05-19] () [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-21] () [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-14] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [40016 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [77888 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311296 2010-11-21] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [309248 2010-11-21] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114176 2010-11-21] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-11-02] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [21072 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [40704 2010-11-21] () [File not signed]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [28032 2010-11-21] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] () [File not signed]
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2015-04-28] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1290112 2010-11-21] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1290112 2010-11-21] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2010-11-21] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-21] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2010-11-21] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [53120 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2010-11-21] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-21] () [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [55888 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [8192 2009-07-14] () [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75776 2010-11-21] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [42496 2010-11-21] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2010-11-21] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [19968 2009-07-14] () [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2010-11-21] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-21] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () [File not signed]
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [175360 2010-11-21] () [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-21] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-21] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [141904 2009-07-14] () [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [19024 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-21] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed]
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2015-02-02] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2010-11-21] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2010-11-21] () [File not signed]
U5 44ed7dae9f4beb2f; C:\Windows\System32\Drivers\44ed7dae9f4beb2f.sys [87552 2015-10-12] () <===== ATTENTION Necurs Rootkit?
S3 dump_wmimmc; \??\E:\blacksquad\Binaries\win32\GameGuard\dump_wmimmc.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 10:32 - 2016-01-01 10:33 - 00000000 ____D C:\FRST
2016-01-01 09:30 - 2016-01-01 00:19 - 00245544 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe
2016-01-01 00:20 - 2016-01-01 00:20 - 00000202 _____ C:\Users\PERSONAL\Desktop\Warface.url
2016-01-01 00:18 - 2016-01-01 00:18 - 00000202 _____ C:\Users\PERSONAL\Desktop\Robocraft.url
2015-12-30 05:51 - 2015-12-31 16:37 - 00000000 ____D C:\Program Files\Kill Ping
2015-12-30 05:51 - 2015-12-30 15:12 - 00000000 ____D C:\ProgramData\KillPing
2015-12-29 09:08 - 2015-12-31 03:17 - 00000000 ____D C:\William Booth
2015-12-28 06:01 - 2015-12-31 23:17 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\Warframe
2015-12-26 14:07 - 2015-12-26 14:07 - 00000202 _____ C:\Users\PERSONAL\Desktop\Warframe.url
2015-12-26 10:43 - 2015-12-26 10:43 - 00000202 _____ C:\Users\PERSONAL\Desktop\Block N Load.url
2015-12-25 20:17 - 2015-12-25 20:17 - 00768763 _____ C:\Users\Lidia\Downloads\video-1451049283.mp4.mp4
2015-12-25 12:25 - 2015-12-26 12:22 - 00291512 _____ C:\Windows\system32\PnkBstrB.exe
2015-12-25 12:25 - 2015-12-26 12:22 - 00140160 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2015-12-25 12:25 - 2015-12-25 12:30 - 00291512 _____ C:\Windows\system32\PnkBstrB.ex0
2015-12-25 10:38 - 2015-12-25 10:38 - 00000202 _____ C:\Users\PERSONAL\Desktop\Double Action Boogaloo.url
2015-12-25 10:15 - 2015-12-30 05:57 - 00419775 _____ C:\Users\PERSONAL\Desktop\idc_debug_log.txt
2015-12-25 10:01 - 2015-12-25 10:01 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\AAA_Internet_Publishing,_
2015-12-25 10:00 - 2015-12-25 10:00 - 00000943 _____ C:\Users\Public\Desktop\WTFast.lnk
2015-12-25 10:00 - 2015-12-25 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
2015-12-25 10:00 - 2015-12-25 10:00 - 00000000 ____D C:\Program Files\WTFast
2015-12-25 10:00 - 2015-04-08 15:15 - 00072296 _____ (Initex) C:\Windows\system32\WTFastDrv.dll
2015-12-25 10:00 - 2015-04-08 15:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\SPORDER.DLL
2015-12-25 09:30 - 2015-12-25 12:25 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-12-25 07:23 - 2015-12-25 07:21 - 00912744 _____ C:\Windows\system32\pbsvc.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-12-25 06:58 - 2015-12-25 06:58 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-25 06:58 - 2015-12-25 06:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-25 06:58 - 2015-12-25 06:58 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-25 06:58 - 2015-12-25 06:58 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-12-25 06:58 - 2015-12-25 06:58 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-12-25 06:58 - 2015-12-25 06:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-25 06:58 - 2015-12-25 06:58 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-25 06:39 - 2015-12-26 12:22 - 00291512 _____ C:\Windows\system32\PnkBstrB.xtr
2015-12-25 06:39 - 2015-12-25 06:39 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\PunkBuster
2015-12-25 06:35 - 2015-12-25 12:25 - 00138576 _____ C:\Users\PERSONAL\AppData\Roaming\PnkBstrK.sys
2015-12-25 06:17 - 2015-12-25 06:17 - 00000000 ____D C:\Program Files\AGEIA Technologies
2015-12-24 19:50 - 2015-12-24 19:50 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\Steam
2015-12-24 19:50 - 2015-12-24 19:50 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\CEF
2015-12-24 19:35 - 2015-12-24 19:35 - 00000519 _____ C:\Users\Public\Desktop\Steam.lnk
2015-12-24 00:51 - 2015-12-24 06:46 - 00000334 _____ C:\Users\Public\Desktop\Play Heroes & Generals.lnk
2015-12-24 00:49 - 2015-12-24 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes & Generals
2015-12-24 00:49 - 2015-12-24 00:49 - 00000000 ____D C:\Program Files\HeroesAndGenerals
2015-12-19 19:21 - 2015-12-19 19:21 - 00028816 _____ C:\Users\Lidia\Downloads\2015 Christmas Letter.odt
2015-12-17 06:29 - 2015-12-17 06:29 - 00001967 _____ C:\Users\PERSONAL\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-12-17 06:29 - 2015-12-17 06:29 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\SUPERAntiSpyware.com
2015-12-17 06:29 - 2015-12-17 06:29 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-17 06:29 - 2015-12-17 06:29 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-12-17 06:29 - 2015-12-17 06:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-16 23:40 - 2015-12-16 23:40 - 00000000 ____D C:\Program Files\Playpark
2015-12-16 18:42 - 2015-12-16 21:01 - 00000000 ____D C:\Users\TEMP
2015-12-16 00:31 - 2015-12-16 00:31 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\ElevatedDiagnostics
2015-12-15 20:20 - 2015-12-15 20:20 - 00000000 ____D C:\Users\Lidia\AppData\Roaming\Avira
2015-12-15 12:31 - 2015-12-15 12:30 - 00136272 _____ C:\Windows\system32\Drivers\avipbb.sys
2015-12-15 12:31 - 2015-12-15 12:30 - 00055456 _____ C:\Windows\system32\Drivers\avnetflt.sys
2015-12-15 12:16 - 2015-12-15 12:16 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\Avira
2015-12-15 12:14 - 2015-12-15 12:14 - 00001976 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-12-15 12:14 - 2015-12-03 15:24 - 00106968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-15 11:34 - 2015-12-26 08:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-15 11:34 - 2015-12-15 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-15 11:34 - 2015-12-15 11:34 - 00001170 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-12-15 10:47 - 2015-12-25 13:07 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-15 10:47 - 2015-12-15 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-15 10:47 - 2015-12-15 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-15 10:47 - 2015-12-15 10:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-15 10:47 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-15 10:47 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-15 10:47 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-15 10:19 - 2015-12-15 10:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-15 09:30 - 2015-12-15 11:20 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-15 09:08 - 2015-12-15 09:08 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\AVG
2015-12-15 09:07 - 2015-12-15 09:07 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\TuneUp Software
2015-12-15 08:58 - 2015-12-15 09:22 - 00000000 ____D C:\ProgramData\MFAData
2015-12-15 08:58 - 2015-12-15 08:58 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\MFAData
2015-12-15 08:48 - 2015-12-15 09:24 - 00000000 ____D C:\Program Files\AVG
2015-12-15 08:29 - 2015-12-15 09:22 - 00000000 ____D C:\ProgramData\Avg
2015-12-15 08:10 - 2015-12-15 09:24 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\AvgSetupLog
2015-12-15 08:10 - 2015-12-15 09:22 - 00000000 ____D C:\Users\PERSONAL\AppData\Local\Avg
2015-12-13 17:21 - 2015-12-13 17:21 - 00110064 _____ C:\Users\PERSONAL\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-13 16:49 - 2015-12-13 16:49 - 01755272 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-12 01:43 - 2015-12-12 01:43 - 04337277 _____ C:\Users\Lidia\Downloads\X-mas letter 2015.pdf
2015-12-10 10:49 - 2015-12-14 08:45 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\Brackets
2015-12-10 10:49 - 2015-12-10 10:49 - 00000678 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
2015-12-10 10:48 - 2015-12-10 10:49 - 00000000 ____D C:\Program Files\Brackets
2015-12-09 16:40 - 2015-12-09 16:40 - 00007598 _____ C:\Users\PERSONAL\AppData\Local\Resmon.ResmonCfg
2015-12-06 20:28 - 2015-12-07 21:28 - 00001286 _____ C:\Windows\system32\as109, censored, 1-1 aspect ratio, large filesize, animated, video, webm, no audio, 1girl, 2boys, anal, areolae, bdsm, bondage, breasts, dark skin, double penetration, fellatio, forced, gag, loli, .lnk
2015-12-05 10:08 - 2015-12-05 10:08 - 00000000 ____D C:\Users\Lidia\AppData\Local\Microsoft Help

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 10:32 - 2009-07-14 09:37 - 00000000 ____D C:\Windows
2016-01-01 10:06 - 2015-08-02 17:08 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213181815-4229501440-842373124-1000UA.job
2016-01-01 09:42 - 2013-12-04 13:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-01 09:29 - 2015-07-11 13:17 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\vlc
2016-01-01 08:51 - 2015-08-13 08:51 - 00000478 _____ C:\Windows\Tasks\AutomationPro.job
2015-12-31 23:55 - 2015-07-13 09:28 - 00000000 ____D C:\Users\PERSONAL\Documents\My Games
2015-12-31 21:06 - 2015-08-02 17:08 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213181815-4229501440-842373124-1000Core.job
2015-12-31 04:41 - 2010-11-21 04:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-31 04:41 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2015-12-31 03:11 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-31 00:50 - 2015-07-11 12:44 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\DMCache
2015-12-30 16:49 - 2015-07-25 06:46 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\uTorrent
2015-12-29 22:43 - 2013-12-04 13:47 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-29 22:43 - 2013-12-04 13:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-29 09:38 - 2015-09-19 16:03 - 00000000 ____D C:\Users\PERSONAL\AppData\LocalLow\uTorrent
2015-12-29 09:01 - 2015-07-19 20:22 - 00000000 ____D C:\Photos
2015-12-26 09:54 - 2013-12-04 14:19 - 00002516 ___SH C:\ProgramData\KGyGaAvL.sys
2015-12-26 06:35 - 2015-09-27 05:28 - 00000000 ____D C:\Program Files\DU Meter
2015-12-26 06:35 - 2009-07-14 11:34 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 06:35 - 2009-07-14 11:34 - 00020656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-25 19:19 - 2015-07-11 20:10 - 00001419 _____ C:\Users\Lidia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-25 13:54 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
2015-12-25 07:04 - 2013-12-05 04:41 - 00000000 ____D C:\Windows\Panther
2015-12-25 07:04 - 2013-12-04 13:47 - 00001419 _____ C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-25 07:01 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-25 06:17 - 2015-09-26 07:07 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-12-25 06:17 - 2015-09-26 07:07 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-12-25 06:17 - 2015-07-11 12:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-24 10:19 - 2015-10-02 11:16 - 00000000 ____D C:\Users\PERSONAL\AppData\LocalLow\Heroes and Generals
2015-12-24 10:11 - 2013-12-04 13:47 - 00000000 ____D C:\Users\PERSONAL
2015-12-21 00:49 - 2009-07-14 11:53 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-20 12:42 - 2015-09-06 21:25 - 00000087 _____ C:\Users\PERSONAL\Desktop\New Text Document.txt
2015-12-20 05:03 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system
2015-12-17 04:09 - 2013-12-04 13:47 - 00002347 _____ C:\Users\PERSONAL\Desktop\Google Chrome.lnk
2015-12-15 12:13 - 2015-07-11 12:29 - 00000000 ____D C:\ProgramData\Avira
2015-12-15 12:13 - 2015-07-11 12:29 - 00000000 ____D C:\Program Files\Avira
2015-12-15 11:20 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\schemas
2015-12-15 04:26 - 2015-09-23 10:41 - 00000000 ____D C:\Users\Lidia\AppData\Roaming\Nitro
2015-12-13 10:54 - 2013-12-04 13:44 - 00000000 ____D C:\Users\PERSONAL\AppData\Roaming\Winamp
2015-12-08 18:28 - 2015-07-11 15:25 - 00000921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-12-08 18:28 - 2015-07-11 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE

==================== Files in the root of some directories =======

2015-12-25 06:35 - 2015-12-25 12:25 - 0138576 _____ () C:\Users\PERSONAL\AppData\Roaming\PnkBstrK.sys
2015-10-11 21:17 - 2015-10-11 21:17 - 0000000 ___SH () C:\Users\PERSONAL\AppData\Local\LumaEmu
2015-12-09 16:40 - 2015-12-09 16:40 - 0007598 _____ () C:\Users\PERSONAL\AppData\Local\Resmon.ResmonCfg
2013-12-04 14:19 - 2013-12-04 14:19 - 0000008 __RSH () C:\ProgramData\898B4706EE.sys
2015-07-11 12:17 - 2015-07-11 12:17 - 0000008 __RSH () C:\ProgramData\D1AFC9803C.sys
2015-07-11 12:08 - 2015-07-11 12:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-04 14:19 - 2015-12-26 09:54 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Lidia\AppData\Local\Temp\avgnt.exe
C:\Users\Lidia\AppData\Local\Temp\cdo1050644591.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1181294026.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1339623172.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1458161477.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1527926385.dll
C:\Users\Lidia\AppData\Local\Temp\cdo188786029.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1952175786.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2231953144.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2233809692.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2417476655.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2428881069.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2470110835.dll
C:\Users\Lidia\AppData\Local\Temp\cdo248783834.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2542902580.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2549974114.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2565648124.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2679615536.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2802126522.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2812174410.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2855603123.dll
C:\Users\Lidia\AppData\Local\Temp\cdo286601720.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2895645577.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2899112762.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3002559169.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3053773719.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3165650420.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3318503240.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3325142354.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3356375951.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3386443629.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3468204022.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3520789898.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3557503568.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3758784322.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3859593973.dll
C:\Users\Lidia\AppData\Local\Temp\cdo4125134980.dll
C:\Users\Lidia\AppData\Local\Temp\cdo4277395664.dll
C:\Users\Lidia\AppData\Local\Temp\cdo43175275.dll
C:\Users\Lidia\AppData\Local\Temp\cdo438783044.dll
C:\Users\Lidia\AppData\Local\Temp\cdo481173329.dll
C:\Users\Lidia\AppData\Local\Temp\cdo487685270.dll
C:\Users\Lidia\AppData\Local\Temp\cdo505370641.dll
C:\Users\Lidia\AppData\Local\Temp\cdo519883509.dll
C:\Users\Lidia\AppData\Local\Temp\cdo555578206.dll
C:\Users\Lidia\AppData\Local\Temp\cdo676083031.dll
C:\Users\Lidia\AppData\Local\Temp\cdo814510257.dll
C:\Users\Lidia\AppData\Local\Temp\cdo830557260.dll
C:\Users\Lidia\AppData\Local\Temp\cdo830586142.dll
C:\Users\Lidia\AppData\Local\Temp\cdo926768655.dll
C:\Users\PERSONAL\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:29] - [2013-12-04 13:46] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2010-11-21 04:29] - [2010-11-21 04:29] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION



LastRegBack: 2015-12-30 17:10

==================== End of FRST.txt ============================

 

 

I will wait for your response, thanks a lot!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 01 January 2016 - 10:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
FF Plugin: @live.heroesandgenerals.com/npretox -> E:\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-12-22] (Reto-Moto ApS)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\PERSONAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-29]
U5 44ed7dae9f4beb2f; C:\Windows\System32\Drivers\44ed7dae9f4beb2f.sys [87552 2015-10-12] () <===== ATTENTION Necurs Rootkit?
S3 dump_wmimmc; \??\E:\blacksquad\Binaries\win32\GameGuard\dump_wmimmc.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
C:\Users\Lidia\AppData\Local\Temp\avgnt.exe
C:\Users\Lidia\AppData\Local\Temp\cdo1050644591.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1181294026.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1339623172.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1458161477.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1527926385.dll
C:\Users\Lidia\AppData\Local\Temp\cdo188786029.dll
C:\Users\Lidia\AppData\Local\Temp\cdo1952175786.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2231953144.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2233809692.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2417476655.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2428881069.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2470110835.dll
C:\Users\Lidia\AppData\Local\Temp\cdo248783834.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2542902580.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2549974114.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2565648124.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2679615536.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2802126522.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2812174410.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2855603123.dll
C:\Users\Lidia\AppData\Local\Temp\cdo286601720.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2895645577.dll
C:\Users\Lidia\AppData\Local\Temp\cdo2899112762.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3002559169.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3053773719.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3165650420.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3318503240.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3325142354.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3356375951.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3386443629.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3468204022.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3520789898.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3557503568.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3758784322.dll
C:\Users\Lidia\AppData\Local\Temp\cdo3859593973.dll
C:\Users\Lidia\AppData\Local\Temp\cdo4125134980.dll
C:\Users\Lidia\AppData\Local\Temp\cdo4277395664.dll
C:\Users\Lidia\AppData\Local\Temp\cdo43175275.dll
C:\Users\Lidia\AppData\Local\Temp\cdo438783044.dll
C:\Users\Lidia\AppData\Local\Temp\cdo481173329.dll
C:\Users\Lidia\AppData\Local\Temp\cdo487685270.dll
C:\Users\Lidia\AppData\Local\Temp\cdo505370641.dll
C:\Users\Lidia\AppData\Local\Temp\cdo519883509.dll
C:\Users\Lidia\AppData\Local\Temp\cdo555578206.dll
C:\Users\Lidia\AppData\Local\Temp\cdo676083031.dll
C:\Users\Lidia\AppData\Local\Temp\cdo814510257.dll
C:\Users\Lidia\AppData\Local\Temp\cdo830557260.dll
C:\Users\Lidia\AppData\Local\Temp\cdo830586142.dll
C:\Users\Lidia\AppData\Local\Temp\cdo926768655.dll
C:\Users\PERSONAL\AppData\Local\Temp\avgnt.exe
C:\Windows\System32\Drivers\44ed7dae9f4beb2f.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
 

U5 44ed7dae9f4beb2f; C:\Windows\System32\Drivers\44ed7dae9f4beb2f.sys [87552 2015-10-12] () <===== ATTENTION Necurs Rootkit?

This is a bad infection. Lets run this MBAM Anti-Rootkit and post the log.


Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • Internet access
    Windows Update
    Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know.

========


CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
<<<>>>

How is the computer running now?

#3 Allecrast

Allecrast
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 01 January 2016 - 06:16 PM

I have done all of the things above, and the result:

-Avira Real-Time protection works perfectly now

-Google Chrome has been reinstalled and works well

 

- Windows Firewall still has some errors..

Under the turn on/off Firewall section, I couldn't use the recommended setting it shows an error box containing "Windows Firewall can't change some of your settings. Error code 0x80070422"

 

But thanks a lot for helping me solving the Avira problem!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 02 January 2016 - 08:45 AM

Post the Addition.txt file that was created by the Farbar tool.


p.s.
If Avira has it's own Firewall the Microsoft Firewall will be disable.
You cannot have two firewall working in real life.

Please post the Addition.txt file there may be things to remove.

#5 Allecrast

Allecrast
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 03 January 2016 - 10:03 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by PERSONAL (2016-01-01 10:33:51)
Running from D:\New Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-12-04 06:46:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2213181815-4229501440-842373124-500 - Administrator - Disabled)
Guest (S-1-5-21-2213181815-4229501440-842373124-501 - Limited - Disabled)
Lidia (S-1-5-21-2213181815-4229501440-842373124-1001 - Limited - Enabled) => C:\Users\Lidia
PERSONAL (S-1-5-21-2213181815-4229501440-842373124-1000 - Administrator - Enabled) => C:\Users\PERSONAL

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
ACDSee Pro 2.5 (HKLM\...\{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}) (Version: 2.5.363 - ACD Systems International)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
Block N Load (HKLM\...\Steam App 299360) (Version:  - Jagex)
Brackets (HKLM\...\{36FDB2A6-90A0-43DC-8CF9-FC66E1D6DC7D}) (Version: 1.5 - brackets.io)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 3.1.0.0368 - Disc Soft Ltd)
DNSCrypt (HKLM\...\{DEF3592F-0751-4632-9875-8BF9AD602898}) (Version: 0.0.6 - OpenDNS)
DomDomSoft Manga Downloader (remove only) (HKLM\...\DomDomSoft Manga Downloader) (Version:  - )
Dont Starve Reign of Giants (HKLM\...\Dont Starve Reign of Giants_is1) (Version:  - )
Double Action: Boogaloo (HKLM\...\Steam App 317360) (Version:  - Double Action Factory)
DU Meter (HKLM\...\DUMeter3_is1) (Version: 7.09 - Hagel Technologies Ltd.)
Google Chrome (HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Heroes & Generals (HKLM\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
K-Lite Codec Pack 10.1.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
LINE (HKLM\...\LINE) (Version: 4.3.0.724 - LINE Corporation)
Livestreamer 1.12.2 (HKLM\...\Livestreamer) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Nitro Pro 9 (HKLM\...\{6AD12230-3AB3-4E19-8CB2-8EBFD0EA58F1}) (Version: 9.0.2.37 - Nitro)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.4.5.44 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
Skype™ 5.0 (HKLM\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.0.156 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Terraria (HKLM\...\VGVycmFyaWE=_is1) (Version: 1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Volume (HKLM\...\Vm9sdW1l_is1) (Version: 1 - )
Warface (HKLM\...\Steam App 291480) (Version:  - Crytek)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WildStar (HKLM\...\WildStar) (Version:  - NCSOFT)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2213181815-4229501440-842373124-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WTFast 3.5 (HKLM\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.9.511 - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\PERSONAL\AppData\Local\Google\Chrome\Application\47.0.2526.106\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{DB45000A-9764-11D6-819E-005056C00008}\localserver32 -> C:\Program Files\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2213181815-4229501440-842373124-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PERSONAL\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6106F0BC-724B-43D0-B1C4-895AAA6DACDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2213181815-4229501440-842373124-1000Core => C:\Users\PERSONAL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {6502F6CA-9581-42F3-B827-F16B006EC527} - System32\Tasks\{946FF7D6-018D-4747-B2FE-BA4D1F1E9F00} => C:\Program Files\Skype\\Phone\Skype.exe [2010-12-03] (Skype Technologies S.A.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {775365C7-7207-4B18-A813-247FE73B1586} - System32\Tasks\{58D0D3BB-06E1-4878-BC48-C56B2B0D3A99} => pcalua.exe -a "D:\New Downloads\pbsetup\pbsetup.exe" -d "D:\New Downloads\pbsetup"
Task: {8F774EA9-9358-42BC-A265-2454A69BAC26} - System32\Tasks\AutomationPro => c:\programdata\{1c7990a5-0a1b-7f99-1c79-990a50a14294}\internet download manager universal crack is here ! [idm 6.23 build 18 updated].exe <==== ATTENTION
Task: {9F554A92-B0E1-4CA8-9557-369D97C4A351} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {A3F189A3-CECE-44E7-8333-4671C8DD4925} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {C53C899B-CFF1-4C08-B7CF-A43B64A924D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2213181815-4229501440-842373124-1000UA => C:\Users\PERSONAL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {F2B08C8A-BABA-4921-B59C-7F2E578E9F50} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-18] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutomationPro.job => c:\programdata\{1c7990a5-0a1b-7f99-1c79-990a50a14294}\internet download manager universal crack is here ! [idm 6.23 build 18 updated].exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213181815-4229501440-842373124-1000Core.job => C:\Users\PERSONAL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213181815-4229501440-842373124-1000UA.job => C:\Users\PERSONAL\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-07-14 06:11 - 2009-07-14 08:15 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 06:11 - 2009-07-14 08:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 06:11 - 2009-07-14 08:16 - 00033280 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 06:11 - 2009-07-14 08:16 - 00033280 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 06:11 - 2009-07-14 08:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2015-09-27 05:28 - 2015-08-03 18:31 - 00846488 _____ () C:\Program Files\DU Meter\libeay32.dll
2015-09-27 05:28 - 2015-08-03 18:31 - 00166552 _____ () C:\Program Files\DU Meter\ssleay32.dll
2015-12-25 09:30 - 2015-12-25 12:25 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2009-07-14 06:11 - 2009-07-14 08:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL
2015-07-11 12:11 - 2015-06-17 13:51 - 00106128 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-12-07 15:59 - 2015-12-07 15:59 - 03379224 _____ () C:\Program Files\LINE\ampkit_windows.dll
2015-11-26 14:48 - 2015-11-26 14:48 - 00117248 _____ () C:\Program Files\LINE\PlayerHelper.dll
2012-04-26 19:33 - 2012-04-26 19:33 - 02743104 _____ () C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
2013-12-04 13:56 - 2012-05-16 00:31 - 00002048 _____ () C:\Program Files\DAEMON Tools Pro\MSIMG32.dll
2015-11-26 14:48 - 2015-11-26 14:48 - 00868864 _____ () C:\Program Files\LINE\LinePlayer\LPEngine.dll
2015-12-30 05:51 - 2015-12-08 12:44 - 05908632 _____ () C:\Program Files\Kill Ping\Kill Ping.exe
2015-12-24 19:49 - 2015-11-11 02:55 - 00778752 _____ () E:\Steam\SDL2.dll
2015-12-24 19:49 - 2015-07-03 23:12 - 04962816 _____ () E:\Steam\v8.dll
2015-12-24 19:49 - 2015-07-03 23:12 - 01556992 _____ () E:\Steam\icui18n.dll
2015-12-24 19:49 - 2015-07-03 23:12 - 01187840 _____ () E:\Steam\icuuc.dll
2015-12-24 19:49 - 2015-12-15 03:01 - 02547280 _____ () E:\Steam\video.dll
2015-12-24 19:49 - 2015-09-24 07:33 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-12-24 19:49 - 2015-09-24 07:33 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-12-24 19:49 - 2015-09-24 07:33 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-12-24 19:49 - 2015-09-24 07:33 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-12-24 19:49 - 2015-09-24 07:33 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-12-24 19:49 - 2015-12-15 03:01 - 00804432 _____ () E:\Steam\bin\chromehtml.DLL
2015-12-24 19:49 - 2015-11-04 05:00 - 00201728 _____ () E:\Steam\bin\openvr_api.dll
2015-12-24 19:49 - 2015-11-17 07:31 - 47846176 _____ () E:\Steam\bin\libcef.dll
2015-12-24 19:49 - 2015-09-25 06:56 - 00119208 _____ () E:\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\PERSONAL:Heroes & Generals

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2015-12-16 07:36 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 46.101.178.39 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files\WebcamMax\WebcamMax.exe" -a
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avipbb
Description: avipbb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: avipbb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2016 01:16:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/01/2016 01:15:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2015 10:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlockNLoad.exe, version: 5.1.4.53491, time stamp: 0x5602dcf2
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000005
Fault offset: 0x000477b2
Faulting process id: 0x1f38
Faulting application start time: 0xBlockNLoad.exe0
Faulting application path: BlockNLoad.exe1
Faulting module path: BlockNLoad.exe2
Report Id: BlockNLoad.exe3

Error: (12/31/2015 06:07:25 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/31/2015 03:12:34 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/31/2015 03:12:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2015 08:28:37 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/30/2015 06:31:01 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/30/2015 05:12:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/30/2015 05:11:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/31/2015 04:00:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (12/31/2015 06:08:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
%%31

Error: (12/31/2015 06:07:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%31

Error: (12/31/2015 06:07:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%31

Error: (12/31/2015 03:12:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
netfilter2
SASDIFSV
SASKUTIL

Error: (12/31/2015 03:11:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%31

Error: (12/31/2015 03:11:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%31

Error: (12/31/2015 03:11:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgntflt service failed to start due to the following error:
%%31

Error: (12/30/2015 08:29:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
%%31

Error: (12/30/2015 08:29:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%31


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 44%
Total physical RAM: 3565.95 MB
Available physical RAM: 1973.82 MB
Total Virtual: 7130.18 MB
Available Virtual: 3938.96 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:29.19 GB) (Free:2.5 GB) NTFS
Drive d: (DATA_01) (Fixed) (Total:48.83 GB) (Free:4.77 GB) NTFS
Drive e: (DATA_02) (Fixed) (Total:70.92 GB) (Free:4.31 GB) NTFS
Drive f: (Ext) (Fixed) (Total:74.53 GB) (Free:47.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D07FD07F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=119.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 03 January 2016 - 03:31 PM

Read the information on post no 11.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?hl=%2Bcrack+%2Bsoftware#entry3297086

Decide if you wish to keep this Crack version.
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)

===

Go to this page.
http://download.bleepingcomputer.com/win-services/7/

Download the following files in bold to your Desktop.


Winmgmt.reg
MpsSvc.reg
mpsdrv.reg
LEGACY_MPSDRV.reg


Execute them one by one and restart the computer when done.

If you Woindows Update is still an issue try the following.

Follow these Instructions to repair WMI
https://social.technet.microsoft.com/Forums/windows/en-us/8ed26d46-9994-4052-a307-5b071805aea8/wmi-corrupt-how-to-reinstallrepair?forum=winservergen

===

Keep me posted.


p.s.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Execute this only when all is well.


You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)

#7 Allecrast

Allecrast
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 04 January 2016 - 12:06 PM

Okay nasdaq, thanks for all the information, you've been very helpful!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 11 January 2016 - 09:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users